Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to AFSEGTGF Windows Service ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

AFSEGTGF Windows Service

Click on the "Back" Button. Click the 'Scan' button. Place a checkmark in the box next to the following lines:
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsezu.exe (file missing)

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:
  • Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    C:\WINDOWS\system32\flash.exe
    C:\WINDOWS\system32\Help.ico
    C:\WINDOWS\system32\keylog.dll
    C:\WINDOWS\system32\kr_done1
    C:\WINDOWS\system32\LexFiles.ulf
    C:\WINDOWS\system32\pavas.ico
    C:\WINDOWS\system32\Thumbs.db
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\tmp.txt
    C:\WINDOWS\system32\Uninstall.ico
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Your Sophos AntiRootkit log is incomplete. Which, leads me to believe that a RootKit is active on the system. What Anti-RootKit scanners have you run?

Post fresh logs for HijackThis and ISeeYouXP.