malware created at boot

Each time I boot my computer, NIS 2010 detects malware that wasn't there before. Always the same thing -- Suspicious.Cloud, in a file called a.exe, in the users/GregSandow/appdata/local/temp directory.

 

NIS then deals with the malware, but each time I boot, it's recreated. Seems like I have some malware that's triggered when I boot, which NIS isn't detecting. I've run complete system scans, but nothing shows up. I've also run scans with other programs -- Ad-Aware and Spybot Search and Destroy, and they don't find anything, either. But clearly something is wrong.

 

I did some investigating, and found these programs in my temp directory:

 

495465.exe

arcotray.exe

audiodgt.exe

c2dll.exe

crscc.exe

halvsc.exe

 

I scanned these files individually with NIS, and NIS doesn't think they're harmful.

 

But when I open the NIS report about a.exe, and look at its origins, the files I've listed had a hand in creating it. That's how I found them.

 

Google searches for audiodgt.exe and crscc.exe show that both have often been identified as a threat.

 

I tried running audiodgt.exe and crscc.exe Sandboxed, and they created files that NIS detected, and reported as threats:

 

wcijjit[1].htm

ujsbrs.exe

zgzzjjwli[1].htm

vttgyjt.exe

smcvhost.exe

flash-hq-plugin45244[1].exe

 

So obviously I have problems, which NIS doesn't fully detect. Symantec should take note of this.

 

The boot problem is the one that most concerns me right now. A.exe is created each time I boot. How do I stop this from happening?

 

Thanks,

 

Greg