Ok all done as asked! Few things though:
Didn't prompt about wininet.dll...Does that matter.
Catchme.cfxe failed to initialize properly Error 0x000142 and click on ok to terminate didn't get a chance to do that as system rebooted at that moment.
There's a blue screen behind icons on start-up page whereas before I had fish was this deleted or is this a problem.
Just on the off-chance that Bullguard works this time, I bought it on disk from a shop originally but suport@bullguard told me to download it from internet, should I install it with the disk or download it again? Do I have to uninstall Malware before Bullguard will install as you asked me before did I have any other antivirus programs running?
Please answer these questions as I don't know myself!!!!  Here's the log you were looking for:
ComboFix 08-09-11.02 - mclovin 2008-09-12 19:59:31.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3 [GMT 1:00]
Running from: C:\Documents and Settings\mclovin\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\bogxyg
C:\WINDOWS\system32\bogxyg\
C:\WINDOWS\system32\can.sdr
C:\WINDOWS\system32\ffcty.sp
C:\WINDOWS\system32\io.e18
C:\WINDOWS\system32\mnax.help
C:\WINDOWS\system32\onmac.frv
C:\WINDOWS\system32\paso.el
.
((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.
2008-09-12 19:41 . 2008-09-12 19:47 870 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-11 17:50 . 2008-09-11 19:05 <DIR> d-------- C:\Documents and Settings\princess
2008-09-10 18:36 . 2008-09-10 18:36 0 -ra------ C:\WINDOWS\system32\TFTP204
2008-09-10 17:07 . 2008-09-10 17:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 17:07 . 2008-09-10 17:07 <DIR> d-------- C:\Documents and Settings\mclovin\Application Data\Malwarebytes
2008-09-10 17:07 . 2008-09-10 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 17:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 17:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 15:36 . 2008-09-10 15:36 29 --a------ C:\WINDOWS\system32\gpawtrqs.tmp
2008-09-05 19:40 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-05 19:40 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-03 14:28 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:26 . 2008-09-03 14:26 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 18:36 . 2008-08-29 18:36 <DIR> d-------- C:\Program Files\OxigenInstall
2008-08-28 21:15 . 2008-08-28 21:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-28 21:06 . 2008-08-28 21:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-28 15:16 . 2008-08-28 20:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-27 18:15 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\mclovin\Application Data\PC Tools
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-27 18:12 . 2008-08-27 18:12 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-22 15:03 . 2008-08-22 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:03 . 2008-09-01 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:13 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-21 21:13 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 19:49 65,536 ----a-w C:\WINDOWS\DUMP3921.tmp
2008-09-10 19:26 65,536 ----a-w C:\WINDOWS\DUMP2f8b.tmp
2008-09-10 14:35 560,128 ----a-w C:\WINDOWS\system32\user32.DLL
2008-08-28 20:26 --------- d-----w C:\Program Files\FoneSync
2008-08-28 20:19 --------- d-----w C:\Program Files\Google
2008-08-27 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 16:57 --------- d-----w C:\Program Files\Logitech
2008-08-20 19:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 19:54 --------- d-----w C:\Program Files\Create Your Own Greeting Cards
2008-07-27 11:50 --------- d-----w C:\Program Files\Zylom Games
2008-07-27 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
560,128 2008-09-10 14:35:42 C:\WINDOWS\system32\user32.DLL
560,128 2008-09-10 14:35:42 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2008-09-10 15:35 560128 2434e5831fe33320dae19e27bac0f52e C:\WINDOWS\system32\user32.DLL
2008-09-10 15:35 560128 2434e5831fe33320dae19e27bac0f52e C:\WINDOWS\system32\dllcache\user32.dll
2002-08-29 13:00 1013760 66be0215c2896ac95e48860538828719 C:\WINDOWS\explorer.exe
2002-08-29 13:00 1013760 ac80adc21d0feec9fb7791588cbaf983 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-29 13:00 23040 ee17ba6788dff46c984990d8c08d7eef C:\WINDOWS\system32\ctfmon.exe
2002-08-29 13:00 23040 51fe568b2c23b91318bf615a9e3cb77e C:\WINDOWS\system32\dllcache\ctfmon.exe
2002-08-29 13:00 60928 1c6531faf2918ede69bbb727a9a1b3e8 C:\WINDOWS\system32\spoolsv.exe
2002-08-29 13:00 60928 66e616da006cf9995449de9e14187dba C:\WINDOWS\system32\dllcache\spoolsv.exe
2002-08-29 13:00 31744 d9538f49d2028e46048f26b7a5796801 C:\WINDOWS\system32\userinit.exe
2002-08-29 13:00 31744 44f4ec197882e4f7901cad61203965bf C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCE44551-054F-4031-A77E-DD2357896A2B}]
2002-08-29 13:00 93184 --a------ C:\WINDOWS\System32\adsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1523741]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-20 737334]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-06-30 41027]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 532480]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"Cpl32ver"="C:\WINDOWS\System32\Cpl32ver.exe" [2008-09-12 16896]
"PromoReg"="C:\WINDOWS\system32\alt.exe.exe" [2008-09-12 318464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 23040]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"neos"="C:\WINDOWS\neos.exe" [2008-09-12 91648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrv61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"= wmssvc.exe:SYSTEM
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
S2 osotrqsu;osotrqsu;C:\WINDOWS\system32\drivers\osotrqsu.sys [ ]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-12 20:06:58 Windows 5.1.2600 Service Pack 1 NTFS detected NTDLL code modification:
Z!!!enFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\nvrsol32.dll 245760 bytes executable
C:\WINDOWS\system32\paso.el 96768 bytes executable
C:\WINDOWS\system32\svcp.csv 0 bytes
C:\WINDOWS\system32\C.tmp 172030 bytes
scan completed successfully
hidden files: 4
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\12.tmp
.
**************************************************************************
.
Completion time: 2008-09-12 20:10:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 19:10:49
ComboFix2.txt 2008-09-12 11:07:27
ComboFix3.txt 2008-09-10 17:02:32
ComboFix4.txt 2008-09-10 14:05:04
ComboFix5.txt 2008-09-12 18:58:05
Pre-Run: 63,994,621,952 bytes free
Post-Run: 63,968,444,416 bytes free
154
| 
I'm getting really fed up now!!! Tried to download Bullguard again and it still hasn't happened keeps coming up that installer integrity
|