Virut. Ah. You may have already taken the best option, then. A format and reinstall. Note that a format does not remove files, just loses them; the new OS will not see them. And vv.
Cheers, Nathan....

"GMER NO LONGER DETECTS UACd.sys" -it won't , in Safe mode, if the rootkit is not active. But nothing stops you in Safe mode from going into system32/drivers and deleting every UAC*.sys file, every...

"Do you know where MBAM downloads the database updates for checking for malware? I have a working MBAM on one computer but since the infected computer cant connect to malwarebytes.org it cant get...

You could not see those values in the Services\UACD keys because a simple trick has been employed to make their values invisible to regedit. But they can be removed easily.
Nathan, as I expected.......

Just for the time being, Nathan, I am going to ignore one of the detections..... I may get spanked for it.
Anyway.... use GMER to delete all these entries [you must run it in Normal Mode]:
Reg ...

a quick point while I get time to look at all those. I see this in the MBAM log:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Files Infected:...

GMER takes 1 1/2 mins to scan my systemdrive. But windows is there all by itself, no data, no pgms other than those that fight to be there; the partition is tightly controlled... so... Anyway,...

What, me do it instead of you? I do tend to be chatty in my posts, but that is because I am human, and like to relate to some folks. Just some... we pick each other out...
Anyway, Nathan, I cannot...

Ah. Two active AV services. One never knows how they will interact - it seems to be often badly and unpredictably. Rule is, don't use more than one.
PC Tools use a rebadged AV service, I forget...

Try to reinstall over the top of it... that may give you the Repair installation option, in which case you can stop there. Or it may just reinstall and correct any settings, files. Then uninstall, if...

Not necessarily. AVG8 is fine. REsponse time of the service company to new threats, a highly ranked performance against a slew of test viruses, satisfaction with the user interface, the load placed...

Avast by Alwil. Google for it. It is a free AV for home use, and good. Another is Comodo, a complete protection service, but you may not like the firewall unless you appreciate what it is doing for...

Nothing shows in those logs. What is imageitencrypt used for..?
I would follow up on crunchie's recommendation to scan with an online scanner [I like Panda...], especially after combofix found such...

Have you ever placed your email account into a public webpage, such as a site like this, or used it to fill out an application for something? If so it can be found by special bots which trawl...

You SHOULD uninstall DAP and use hijack this to remove all traces of it.
Nothing else is bad, there, Michael. But you use a lot of software I would not dream of employing.... google apps, yahoo...

And the symptoms are what, exactly... michael?

K, Michelle. As long as the mouse is not actually operating anything when it wanders.... it's a wired mouse, isn't it? Clean it.. sometimes you get a bit of lag if another process is taking a lot of...

Nothing shows in that log, Michelle, as being out of place. You might use Hijackthis to generate a Startup log [Misc tools, check the List minor sections box]. If you see nothing that is unwelcome in...

Hello, Jess...
Uninstall these: System Search Dispatcher, Media Access Startup, Internet Saving Optimizer

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below...

Hari, have you tried uninstalling [not just stopping] your firewall [if third party] and AV service, then reinstalling them?

For a start...
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename ...

You are going to have to wipe your flashdrive and format it. Remove it. Then try this:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this...

You are in Chennai, I take it, aamdevan? Could you post the SAS and MBAM logs, please? They would be interesting for us. Your HJT log is clean,although I note that you could update IE to IE6 with...

The entries in your first log beginning with this time stamp give me a problem... 6/18/2009 3:05:17 PM -ok, give YOU a problem. We cannot be seen to be helping folks who circumvent legitimate...

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

So these files, autorun.inf and backupuser.exe, are not being recreated now? That's fine then, Neitz.

Cool. Well, that seems to be all taken care of.
Cheers, Geoff. Good luck out there.

The name of its creator? Obviously you have checked for that, and one is not there. It did not delete, which is interesting.... so rename it and see what complains, if anything, ever - it has not...

Reading.. it is possibly just PS and fan. But I can only guess.

That looks better, illahae. Just one thing, what does this file relate to : c:\windows\NV32643396.TMP ?
If it is benign [check its properties] then remove a few of those specialist tools you have...

Skynet. A rootkit. So that is what was hiding msiebbar.dll
This should not take long, but because there are still two drivers to delete we will use Combofix to delete them, in case they are...

Get CCleaner [see below].
Right. This method kinda ramps up... stop when you win. When you do, fix the O18 entry with hijackthis, and then run CCLeaner.
For a start, in an Explorer window, go...

Try del /f /a ahrs ...

cd c:\windows\system32
del /f /a ahrs uacinit.dll
If that does not work, and assuming that it is not hidden [in an Explorer window, go Tools, Folder options, View and...

I did tell you that some malware inserted those autorun.inf files; just deleting them may not cure the problem. And that you should run MBAM as a next step.

The hijackthis log is clean. An important instruction for MBAM:
Be sure that everything is checked, and click Remove Selected.
And restart the machine if requested.
The Vista tool rquires that you...

Ah.. you just beat me to it, crunchie.
In general....that is a legitimate winsock file in the hijackthis report - it is Windows Parental Control service, and in any event Hijackthis should NOT be...

Most likely, if this is a repetitive event, you have some badly coded malware on board. Or it could be due to not being up-to-date with Windows Updates... help us by using the Click Here link in the...

That's good, neitz, so now we know the problem. But something put that file there, and it is likely still in your machine. I do strongly suggest yur run MBAM as above. Post the log.

Ah, okay, illahae.. It is gone, so you are pretty clear to go too. Ignore my post re SAS and Registry Editor - not required.
Cheers.

An example would be C:\ autorun.inf
Just use Explorer, expand each drive [partition] if it exists. If not, just run MBAM. These files are usually found in software cds to automatically start the...