Hi Scotty,I followed the first instructions more closely and got it.When I installed combofix something came up about a trojan horse again.Here's the combofix log.Thankyou.
ComboFix 08-10-06.06 - Default 2008-10-07 13:44:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.60 [GMT 1:00]
Running from: C:\Documents and Settings\Default\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Default\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msvrc20.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-06 21:40 . 2008-10-06 21:40 <DIR> d-------- C:\Program Files\WinASO
2008-09-22 22:27 . 2008-09-22 22:27 <DIR> d-------- C:\Program Files\Avira
2008-09-22 22:27 . 2008-09-22 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-18 12:02 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-18 11:59 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-18 11:59 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-18 11:38 . 2008-09-18 11:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 11:20 . 2008-04-14 01:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-18 11:19 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-09 13:07 . 2008-09-09 13:07 <DIR> d-------- C:\WINDOWS\system32\Macromed
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 21:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-06 21:36 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-06 20:15 --------- d-----w C:\Program Files\RegScrubXP
2008-10-06 16:34 --------- d-----w C:\Documents and Settings\Default\Application Data\uTorrent
2008-10-06 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-06 11:46 --------- d-----w C:\Documents and Settings\Default\Application Data\Spyware Terminator
2008-10-02 08:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 13:04 --------- d-----w C:\Documents and Settings\Default\Application Data\GlarySoft
2008-09-19 09:52 --------- d-----w C:\Program Files\Auslogics
2008-09-19 09:52 --------- d-----w C:\Documents and Settings\Default\Application Data\Auslogics
2008-09-15 13:52 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-09-11 15:38 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-11 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC427
2008-09-10 16:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 15:55 --------- d-----w C:\Documents and Settings\Default\Application Data\CyberLink
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 10:08 --------- d-----w C:\Program Files\Comodo
2008-08-22 12:43 --------- d-----w C:\Program Files\Java
2008-08-22 12:40 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 04:09 212,728 -c--a-w C:\WINDOWS\CMDLIC.DLL
2008-07-14 04:09 205,560 -c--a-w C:\WINDOWS\UNBOC.EXE
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-07 1115728]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-27 1783808]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Default\\Desktop\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-02 141312]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-02-02 26752]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\9a5jo9md.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://uk.search.yahoo.com/search?ei=UT ... f-iobit&p=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://en-GB.start2.mozilla.com/firefox ... B:official.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-07 13:46:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-07 13:48:12
ComboFix-quarantined-files.txt 2008-10-07 12:48:08
Pre-Run: 49,643,130,880 bytes free
Post-Run: 49,627,586,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
140 --- E O F --- 2008-09-18 11:08:45