help me for this problem

[K.sad]

<AVZ_CollectSysInfo>
--------------------
Start time: 03/01/2010 11:32:39 ص
Duration: 00:02:06
Finish time: 03/01/2010 11:34:45 ص

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
03/01/2010 11:32:40 ص Windows version: Windows Vista (TM) Ultimate, Build=6001, SP="Service Pack 1"
03/01/2010 11:32:41 ص System Restore: enabled
03/01/2010 11:32:45 ص 1.1 Searching for user-mode API hooks
03/01/2010 11:32:45 ص Analysis: kernel32.dll, export table found in section .text
03/01/2010 11:32:45 ص Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->76321C36->61F03F42
03/01/2010 11:32:45 ص Hook kernel32.dll:CreateProcessA (151) blocked
03/01/2010 11:32:45 ص Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->76321C01->61F04040
03/01/2010 11:32:45 ص Hook kernel32.dll:CreateProcessW (154) blocked
03/01/2010 11:32:46 ص Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->763608F8->61F041FC
03/01/2010 11:32:46 ص Hook kernel32.dll:FreeLibrary (335) blocked
03/01/2010 11:32:46 ص Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->7636440D->61F040FB
03/01/2010 11:32:46 ص Hook kernel32.dll:GetModuleFileNameA (503) blocked
03/01/2010 11:32:46 ص Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->763658E5->61F041A0
03/01/2010 11:32:46 ص Hook kernel32.dll:GetModuleFileNameW (504) blocked
03/01/2010 11:32:46 ص Function kernel32.dll:GetProcAddress (54 intercepted, method ProcAddressHijack.GetProcAddress ->7636B8B6->61F04648
03/01/2010 11:32:46 ص Hook kernel32.dll:GetProcAddress (54 blocked
03/01/2010 11:32:47 ص Function kernel32.dlloadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->76349491->61F03C6F
03/01/2010 11:32:47 ص Hook kernel32.dlloadLibraryA (759) blocked
03/01/2010 11:32:47 ص >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
03/01/2010 11:32:47 ص Function kernel32.dlloadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->76349469->61F03DAF
03/01/2010 11:32:47 ص Hook kernel32.dlloadLibraryExA (760) blocked
03/01/2010 11:32:47 ص >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
03/01/2010 11:32:47 ص Function kernel32.dlloadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->763430C3->61F03E5A
03/01/2010 11:32:47 ص Hook kernel32.dlloadLibraryExW (761) blocked
03/01/2010 11:32:47 ص Function kernel32.dlloadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->7634361F->61F03D0C
03/01/2010 11:32:48 ص Hook kernel32.dlloadLibraryW (762) blocked
03/01/2010 11:32:48 ص IAT modification detected: LoadLibraryW - 018D0010<>7634361F
03/01/2010 11:32:48 ص Analysis: ntdll.dll, export table found in section .text
03/01/2010 11:32:48 ص Analysis: user32.dll, export table found in section .text
03/01/2010 11:32:48 ص Analysis: advapi32.dll, export table found in section .text
03/01/2010 11:32:48 ص Analysis: ws2_32.dll, export table found in section .text
03/01/2010 11:32:49 ص Analysis: wininet.dll, export table found in section .text
03/01/2010 11:32:54 ص Analysis: rasapi32.dll, export table found in section .text
03/01/2010 11:32:55 ص Analysis: urlmon.dll, export table found in section .text
03/01/2010 11:32:55 ص Analysis: netapi32.dll, export table found in section .text
03/01/2010 11:32:59 ص 1.2 Searching for kernel-mode API hooks
03/01/2010 11:33:00 ص Driver loaded successfully
03/01/2010 11:33:00 ص SDT found (RVA=137B00)
03/01/2010 11:33:00 ص Kernel ntkrnlpa.exe found in memory at address 81C04000
03/01/2010 11:33:00 ص SDT = 81D3BB00
03/01/2010 11:33:00 ص KiST = 81CBC8E0 (391)
03/01/2010 11:33:01 ص Functions checked: 391, intercepted: 0, restored: 0
03/01/2010 11:33:01 ص 1.3 Checking IDT and SYSENTER
03/01/2010 11:33:01 ص Analysis for CPU 1
03/01/2010 11:33:01 ص Analysis for CPU 2
03/01/2010 11:33:01 ص Checking IDT and SYSENTER - complete
03/01/2010 11:33:04 ص 1.4 Searching for masking processes and drivers
03/01/2010 11:33:04 ص Checking not performed: extended monitoring driver (AVZPM) is not installed
03/01/2010 11:33:04 ص Driver loaded successfully
03/01/2010 11:33:04 ص 1.5 Checking of IRP handlers
03/01/2010 11:33:04 ص \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:04 ص \driver\tcpip[IRP_MJ_READ] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:05 ص \driver\tcpip[IRP_MJ_WRITE] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:05 ص \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:05 ص \driver\tcpip[IRP_MJ_SET_INFORMATION] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:05 ص \driver\tcpip[IRP_MJ_QUERY_EA] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:05 ص \driver\tcpip[IRP_MJ_SET_EA] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:06 ص \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:06 ص \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:06 ص \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:06 ص \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:06 ص \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:07 ص \driver\tcpip[IRP_MJ_SHUTDOWN] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:07 ص \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:07 ص \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:07 ص \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:07 ص \driver\tcpip[IRP_MJ_SET_SECURITY] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:08 ص \driver\tcpip[IRP_MJ_POWER] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:08 ص \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:08 ص \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:08 ص \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:08 ص \driver\tcpip[IRP_MJ_SET_QUOTA] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:09 ص \driver\tcpip[IRP_MJ_PNP] = 81C29FDF -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
03/01/2010 11:33:09 ص Checking - complete
03/01/2010 11:33:11 ص C:\Program Files\VerbAce Research\VerbAce-Pro\HookDll.dll --> Suspicion for Keylogger or Trojan DLL
03/01/2010 11:33:11 ص C:\Program Files\VerbAce Research\VerbAce-Pro\HookDll.dll>>> Behavioral analysis
03/01/2010 11:33:11 ص Behaviour typical for keyloggers not detected
03/01/2010 11:33:12 ص Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
03/01/2010 11:33:23 ص >>> C:\Program Files\DAP\DAPNS.DLL HSC: suspicion for Adware.SpeedBit
03/01/2010 11:33:23 ص >>> C:\PROGRA~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
03/01/2010 11:33:23 ص >>> C:\PROGRA~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
03/01/2010 11:33:25 ص >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-26
03/01/2010 11:33:25 ص >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
03/01/2010 11:33:25 ص >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
03/01/2010 11:33:25 ص > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
03/01/2010 11:33:25 ص >> Security: disk drives' autorun is enabled
03/01/2010 11:33:25 ص >> Security: administrative shares (C$, D$ ...) are enabled
03/01/2010 11:33:25 ص >> Security: anonymous user access is enabled
03/01/2010 11:33:25 ص >> Security: sending Remote Assistant queries is enabled
03/01/2010 11:33:29 ص >> Disable HDD autorun
03/01/2010 11:33:29 ص >> Disable autorun from network drives
03/01/2010 11:33:29 ص >> Disable CD/DVD autorun
03/01/2010 11:33:29 ص >> Disable removable media autorun
03/01/2010 11:33:29 ص >> Windows Update is disabled
03/01/2010 11:33:30 ص System Analysis in progress
03/01/2010 11:34:45 ص System Analysis - complete
03/01/2010 11:34:45 ص Delete file:C:\Users\Smile\Desktop\Virus Removal Tool\is-ET86U\LOG\avptool_syscheck.htm
03/01/2010 11:34:45 ص Delete file:C:\Users\Smile\Desktop\Virus Removal Tool\is-ET86U\LOG\avptool_syscheck.xml
03/01/2010 11:34:45 ص Deleting service/driver: utezmtaz
03/01/2010 11:34:45 ص Delete file:C:\Windows\system32\Drivers\utezmtaz.sys
03/01/2010 11:34:45 ص Deleting service/driver: ujezmtaz
03/01/2010 11:34:45 ص Script executed without errors

[Numb]

Hello and sorry for delay.
The log you've published isn't the log we have expected to see. Could you, please, read the rules of "Help me!" section more attentively and make the logs as it's described there?