Also, I think it's hooking into msconfig, because I've been seeing some strange behavior with that as well. Multiple copies with names like "msconfig .exe"
Computer is running XP Home Sp2
I was able to remove once I used COMBOFIX per the Malware guide linked at the top of every page. I scanned and rescanned using spybot and adaware and the PC has a clean bill of health now. However, some programs were rendered useless once COMBOFIX had it's way. I guess the owner will have to reinstall those.
Edited by gosavi, 24 January 2008 - 02:27 PM.