have the same problem many people are posting about. I have mutliple pos files (named something like pos1AE.tmp) on both my hard drive and in my My Documents folder. I've been getting multiple pop ups that lead to a website for supposedly detecting malware (even when I click the close button the site opens). The icon for my hard drive has turned into an X.

any help wouldd be greatly appreciated. THX

bulletproof

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

thanx for the help
here is hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:07 AM, on 02/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {3CB2793D-1541-435C-86D6-FFBE14F90F22} - C:\Program Files\Movie Maker\metovowu83122.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {5AF16438-821C-4551-8C86-35A517EFE3B3} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {700BB962-8767-4494-BCE2-397BF11EA4B5} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\rqromli.dll (file missing)
O2 - BHO: {0e9d9af9-7ce2-8459-5854-adec67bfbd89} - {98dbfb76-ceda-4585-9548-2ec79fa9d9e0} - C:\WINDOWS\system32\cfjrqiiu.dll (file missing)
O2 - BHO: (no name) - {9C6193F2-3A90-4430-B1CB-3C4F38D7E566} - C:\Program Files\Movie Maker\metovowu4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAgentEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [08f15900] rundll32.exe "C:\WINDOWS\system32\ohivqdsd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?393076c57ff44ef7af46e43151f0b3bb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?393076c57ff44ef7af46e43151f0b3bb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02...
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10537 bytes

bulletproof

and here is the combofix log:

ComboFix 08-02-24.4 - User 2008-02-24 12:01:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\User\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\Helper
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\cluuowwx.ini
C:\WINDOWS\system32\d7
C:\WINDOWS\system32\dtsbloxf.ini
C:\WINDOWS\system32\emkeoxna.ini
C:\WINDOWS\system32\fvqqgaeq.ini
C:\WINDOWS\system32\gbhuyprg.ini
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\kxxllakv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\ndjpmhip.ini
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nojyfcuw.ini
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\xhtrqkwo.ini
C:\WINDOWS\VXNlcg\
C:\WINDOWS\VXNlcg\\asappsrv.dll
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-24 11:55 . 2008-02-24 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 11:32 . 2008-02-24 11:48 <DIR> d-------- C:\VundoFix Backups
2008-02-23 15:56 . 2008-02-23 15:57 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-23 15:56 . 2008-02-23 18:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\SiteAdvisor
2008-02-23 15:56 . 2008-02-24 04:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-23 15:56 . 2008-02-23 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-23 15:14 . 2008-02-24 12:05 16,412 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-23 14:59 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-23 14:59 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-23 14:59 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-23 14:59 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-23 14:59 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-23 14:59 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-23 14:57 . 2008-02-23 14:57 <DIR> d-------- C:\Program Files\JavaCore
2008-02-23 14:53 . 2008-02-23 14:59 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-16 22:58 . 2008-02-16 22:58 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-16 21:51 . 2008-02-16 21:51 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-15 10:15 . 2008-02-15 10:15 268 --ah----- C:\sqmdata02.sqm
2008-02-15 10:15 . 2008-02-15 10:15 244 --ah----- C:\sqmnoopt02.sqm
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Microsoft Web Folders
2008-02-05 21:14 . 2008-02-05 21:16 <DIR> d-------- C:\Program Files\office 2000
2008-02-05 20:32 . 2008-02-05 20:33 2,668 --a------ C:\AutoRun.PNF
2008-01-30 18:13 . 2008-01-30 18:13 <DIR> d-------- C:\Temp\gTiis19
2008-01-30 18:13 . 2008-01-30 18:13 <DIR> d-------- C:\Temp\cXzz9
2008-01-30 18:13 . 2008-02-24 12:02 <DIR> d-------- C:\Temp
2008-01-28 07:45 . 2008-02-16 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 20:34 . 2008-01-27 20:34 244 --ah----- C:\sqmnoopt01.sqm
2008-01-27 20:34 . 2008-01-27 20:34 244 --ah----- C:\sqmnoopt00.sqm
2008-01-27 20:34 . 2008-01-27 20:34 232 --ah----- C:\sqmdata01.sqm
2008-01-27 20:34 . 2008-01-27 20:34 232 --ah----- C:\sqmdata00.sqm
2008-01-27 11:31 . 2008-01-27 11:31 79,186 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-01-27 11:14 . 2008-01-27 11:14 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-26 21:12 . 2008-01-26 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-25 17:22 . 2008-02-23 17:25 <DIR> d-------- C:\Program Files\SpyShredder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 09:00 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-02-23 23:32 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-02-23 19:09 --------- d-----w C:\Program Files\McAfee.com
2008-02-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-23 19:02 --------- d-----w C:\Program Files\McAfee
2008-02-06 20:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-06 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-06 01:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 04:40 --------- d-----w C:\Program Files\LimeWire
2008-01-22 01:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 01:49 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2008-01-18 16:48 14,785 ----a-w C:\Program Files\First.Sunday.2008.CAM.XViD-PreVail_[mininova].torrent
2008-01-17 18:28 --------- d-----w C:\Documents and Settings\User\Application Data\Nero
2008-01-17 18:10 --------- d-----w C:\Program Files\MagicISO
2008-01-17 18:09 2,660,883 ----a-w C:\Program Files\Setup_MagicISO211.exe
2008-01-17 17:17 28,220 ----a-w C:\Program Files\The.Fast.And.The.Furious.Tokyo.Drift.DVDRip.XviD-DiAMOND.avi_[mininova].torrent
2008-01-17 17:16 17,110 ----a-w C:\Program Files\The.Fast.and.the.Furious.Tokyo.Drift.RETAIL.DVDRip.XviD-DiAMOND_[mininova].torrent
2008-01-17 16:14 15,448 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8+KeyMaker_[mininova].torrent
2008-01-17 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Sonic
2008-01-17 16:00 --------- d-----w C:\Program Files\Sonic
2008-01-17 15:36 1,702 ----a-w C:\Program Files\Sonic_RecordNow_Deluxe_v7.21_-_Razer167_[mininova].torrent
2008-01-17 15:08 15,407 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8.2.8.0+Keymaker[moviesb4time.biz][20.12.2007]_[mininova].torrent
2008-01-17 15:06 28,714 ----a-w C:\Program Files\Nero_7.8.5.0_[mininova].torrent
2008-01-17 15:02 13,705 ----a-w C:\Program Files\NERO66115C.EXE_[mininova].torrent
2008-01-17 15:01 29,655 ----a-w C:\Program Files\Nero8.zip_[mininova].torrent
2008-01-17 13:33 15,151 ----a-w C:\Program Files\Nero_8.2.8.0_Ultra_Edition_incl_keygen_(WORKS_PERFECT)_[mininova].torrent
2008-01-17 13:25 14,667 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8.1.1.4+KeyMaker_[mininova].torrent
2008-01-17 13:21 13,073 ----a-w C:\Program Files\Nero8_Ultimate_Edition.exe_[mininova].torrent
2008-01-16 18:28 14,618 ----a-w C:\Program Files\Rush.Hour.3.[2007].DVDRIP.XVID.HD[Eng]-DUQA_[mininova].torrent
2008-01-16 18:26 14,768 ----a-w C:\Program Files\Nero_8.2.8.0_2008_+_Keygen_[tested].zip_[mininova].torrent
2008-01-16 18:17 1,206,366 ----a-w C:\Program Files\wrar371.exe
2008-01-13 22:27 --------- d-----w C:\Program Files\Cucusoft
2008-01-11 23:47 --------- d-----w C:\Documents and Settings\User\Application Data\Softplicity
2008-01-07 21:55 --------- d-----w C:\Program Files\FinalBurner
2008-01-06 15:24 --------- d-----w C:\Program Files\Xvid
2008-01-06 15:23 642,796 ----a-w C:\XviD-1.1.3-28062007.exe
2008-01-06 03:35 --------- d-----w C:\Documents and Settings\User\Application Data\Leadertech
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB2793D-1541-435C-86D6-FFBE14F90F22}]
C:\Program Files\Movie Maker\metovowu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AF16438-821C-4551-8C86-35A517EFE3B3}]
C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{700BB962-8767-4494-BCE2-397BF11EA4B5}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbfb76-ceda-4585-9548-2ec79fa9d9e0}]
C:\WINDOWS\system32\cfjrqiiu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C6193F2-3A90-4430-B1CB-3C4F38D7E566}]
C:\Program Files\Movie Maker\metovowu4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
2007-12-30 16:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [ ]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-02-16 22:58 53248]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-23 14:57 144896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 20:05 1117184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"MSKAgentEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 19:06 110592]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57 36640]
"08f15900"="C:\WINDOWS\system32\ohivqdsd.dll" [ ]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 17:35:53 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-22 00:51:06 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8888:TCP"= 8888:TCP:limewire

R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-05-24 04:55]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-03-24 04:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf5489f-b0d3-11dc-8cf4-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf548a0-b0d3-11dc-8cf4-001676ab32e3}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8990ac68-ae94-11dc-8ce7-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffb73b6-d3de-11dc-8d80-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49aeafd-bc6a-11dc-8d36-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 15:48:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-23 18:57:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-23 18:57:24 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 12:06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-24 12:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 16:10:36
.
2008-02-17 03:37:52 --- E O F ---

bulletproof

Go to start> control panel> administrative tools> services> scroll down to "Network Monitor" and double click it. Click the blue drop down arrow to the far right of "startup type"> click disable> apply> ok.

Do to same for "Command Service" may be called "cmdService"

Exit administrative tools.

Next go to start> control panel> add/remove programs and uninstall "LimeWire" at least until we get you clean.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\AutoRun.PNF
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\cfjrqiiu.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\pmkhg.dll
C:\Program Files\xInsIDE\xInsIDE.exe
C:\WINDOWS\system32\ohivqdsd.dll

Folder::
C:\Temp\gTiis19
C:\Temp\cXzz9
C:\Program Files\xInsIDE
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AF16438-821C-4551-8C86-35A517EFE3B3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{700BB962-8767-4494-BCE2-397BF11EA4B5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbfb76-ceda-4585-9548-2ec79fa9d9e0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xInsIDE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"08f15900"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf5489f-b0d3-11dc-8cf4-001676ab32e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf548a0-b0d3-11dc-8cf4-001676ab32e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8990ac68-ae94-11dc-8ce7-001676ab32e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49aeafd-bc6a-11dc-8d36-001676ab32e3}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log and a new Hijack This log please.

im greatly appreciating your help but when i Go to start> control panel> administrative tools> services> there is no "Network Monitor" or "Command Service"

so what to do then?

bulletproof

That is good, just continue with the next steps please.

hi,
thanx for the help, but after i got the log from combofix, i have no desktop icons or start menu at the bottom of my pc screen so i cant turn off and on system restore.

is sumthing wrong?

bulletproof

Post the combofix log if you can.

Restart the computer and see if they appear.

this is the new combofix log:

ComboFix 08-02-24.4 - User 2008-02-24 20:07:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\AutoRun.PNF
C:\Program Files\xInsIDE\xInsIDE.exe
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\cfjrqiiu.dll
C:\WINDOWS\system32\ohivqdsd.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AutoRun.PNF
C:\Program Files\xInsIDE
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Temp\cXzz9
C:\Temp\gTiis19
C:\Temp\gTiis19\lTig.log
C:\VundoFix Backups
C:\VundoFix Backups\amkpolcq.dll.bad
C:\VundoFix Backups\awvvw.dll.bad
C:\VundoFix Backups\awydsdjx.dll.bad
C:\VundoFix Backups\bfqixvjk.dll.bad
C:\VundoFix Backups\cfjrqiiu.dll.bad
C:\VundoFix Backups\dcojegun.dll.bad
C:\VundoFix Backups\dsdqviho.ini.bad
C:\VundoFix Backups\jkklifc.dll.bad
C:\VundoFix Backups\khfcbax.dll.bad
C:\VundoFix Backups\ljjjkkl.dll.bad
C:\VundoFix Backups\ohivqdsd.dll.bad
C:\VundoFix Backups\owkqrthx.dll.bad
C:\VundoFix Backups\pmkhg.dll.bad
C:\VundoFix Backups\qclopkma.ini.bad
C:\VundoFix Backups\qeagqqvf.dll.bad
C:\VundoFix Backups\soqjognn.dll.bad
C:\VundoFix Backups\uofysowm.dllbox.bad
C:\VundoFix Backups\vttylole.dll.bad
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 11:55 . 2008-02-24 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 15:56 . 2008-02-23 15:57 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-23 15:56 . 2008-02-23 18:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\SiteAdvisor
2008-02-23 15:56 . 2008-02-24 04:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-23 15:56 . 2008-02-23 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-23 15:14 . 2008-02-24 19:28 16,412 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-23 14:59 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-23 14:59 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-23 14:59 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-23 14:59 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-23 14:59 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-23 14:59 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-23 14:57 . 2008-02-23 14:57 <DIR> d-------- C:\Program Files\JavaCore
2008-02-23 14:53 . 2008-02-23 14:59 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-16 21:51 . 2008-02-16 21:51 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-15 10:15 . 2008-02-15 10:15 268 --ah----- C:\sqmdata02.sqm
2008-02-15 10:15 . 2008-02-15 10:15 244 --ah----- C:\sqmnoopt02.sqm
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Microsoft Web Folders
2008-02-05 21:14 . 2008-02-05 21:16 <DIR> d-------- C:\Program Files\office 2000
2008-01-30 18:13 . 2008-02-24 20:08 <DIR> d-------- C:\Temp
2008-01-28 07:45 . 2008-02-16 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 20:34 . 2008-01-27 20:34 244 --ah----- C:\sqmnoopt01.sqm
2008-01-27 20:34 . 2008-01-27 20:34 244 --ah----- C:\sqmnoopt00.sqm
2008-01-27 20:34 . 2008-01-27 20:34 232 --ah----- C:\sqmdata01.sqm
2008-01-27 20:34 . 2008-01-27 20:34 232 --ah----- C:\sqmdata00.sqm
2008-01-26 21:12 . 2008-01-26 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-25 17:22 . 2008-02-23 17:25 <DIR> d-------- C:\Program Files\SpyShredder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 00:04 --------- d-----w C:\Program Files\LimeWire
2008-02-24 23:31 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-02-23 23:32 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-02-23 19:09 --------- d-----w C:\Program Files\McAfee.com
2008-02-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-23 19:02 --------- d-----w C:\Program Files\McAfee
2008-02-06 20:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-06 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-06 01:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-22 01:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 01:49 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2008-01-18 16:48 14,785 ----a-w C:\Program Files\First.Sunday.2008.CAM.XViD-PreVail_[mininova].torrent
2008-01-17 18:28 --------- d-----w C:\Documents and Settings\User\Application Data\Nero
2008-01-17 18:10 --------- d-----w C:\Program Files\MagicISO
2008-01-17 18:09 2,660,883 ----a-w C:\Program Files\Setup_MagicISO211.exe
2008-01-17 17:17 28,220 ----a-w C:\Program Files\The.Fast.And.The.Furious.Tokyo.Drift.DVDRip.XviD-DiAMOND.avi_[mininova].torrent
2008-01-17 17:16 17,110 ----a-w C:\Program Files\The.Fast.and.the.Furious.Tokyo.Drift.RETAIL.DVDRip.XviD-DiAMOND_[mininova].torrent
2008-01-17 16:14 15,448 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8+KeyMaker_[mininova].torrent
2008-01-17 16:04 --------- d-----w C:\Documents and Settings\User\Application Data\Sonic
2008-01-17 16:00 --------- d-----w C:\Program Files\Sonic
2008-01-17 15:36 1,702 ----a-w C:\Program Files\Sonic_RecordNow_Deluxe_v7.21_-_Razer167_[mininova].torrent
2008-01-17 15:08 15,407 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8.2.8.0+Keymaker[moviesb4time.biz][20.12.2007]_[mininova].torrent
2008-01-17 15:06 28,714 ----a-w C:\Program Files\Nero_7.8.5.0_[mininova].torrent
2008-01-17 15:02 13,705 ----a-w C:\Program Files\NERO66115C.EXE_[mininova].torrent
2008-01-17 15:01 29,655 ----a-w C:\Program Files\Nero8.zip_[mininova].torrent
2008-01-17 13:33 15,151 ----a-w C:\Program Files\Nero_8.2.8.0_Ultra_Edition_incl_keygen_(WORKS_PERFECT)_[mininova].torrent
2008-01-17 13:25 14,667 ----a-w C:\Program Files\Nero_8_Ultra_Edition_8.1.1.4+KeyMaker_[mininova].torrent
2008-01-17 13:21 13,073 ----a-w C:\Program Files\Nero8_Ultimate_Edition.exe_[mininova].torrent
2008-01-16 18:28 14,618 ----a-w C:\Program Files\Rush.Hour.3.[2007].DVDRIP.XVID.HD[Eng]-DUQA_[mininova].torrent
2008-01-16 18:26 14,768 ----a-w C:\Program Files\Nero_8.2.8.0_2008_+_Keygen_[tested].zip_[mininova].torrent
2008-01-16 18:17 1,206,366 ----a-w C:\Program Files\wrar371.exe
2008-01-13 22:27 --------- d-----w C:\Program Files\Cucusoft
2008-01-11 23:47 --------- d-----w C:\Documents and Settings\User\Application Data\Softplicity
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-07 21:55 --------- d-----w C:\Program Files\FinalBurner
2008-01-06 15:24 --------- d-----w C:\Program Files\Xvid
2008-01-06 15:23 642,796 ----a-w C:\XviD-1.1.3-28062007.exe
2008-01-06 03:35 --------- d-----w C:\Documents and Settings\User\Application Data\Leadertech
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB2793D-1541-435C-86D6-FFBE14F90F22}]
C:\Program Files\Movie Maker\metovowu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AF16438-821C-4551-8C86-35A517EFE3B3}]
C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{700BB962-8767-4494-BCE2-397BF11EA4B5}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbfb76-ceda-4585-9548-2ec79fa9d9e0}]
C:\WINDOWS\system32\cfjrqiiu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C6193F2-3A90-4430-B1CB-3C4F38D7E566}]
C:\Program Files\Movie Maker\metovowu4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
2007-12-30 16:49 1019904 --a------ C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [ ]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [ ]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-23 14:57 144896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 20:05 1117184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"MSKAgentEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 19:06 110592]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57 36640]
"08f15900"="C:\WINDOWS\system32\ohivqdsd.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-22 00:51:06 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8888:TCP"= 8888:TCP:limewire

R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-05-24 04:55]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-03-24 04:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf5489f-b0d3-11dc-8cf4-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf548a0-b0d3-11dc-8cf4-001676ab32e3}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8990ac68-ae94-11dc-8ce7-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffb73b6-d3de-11dc-8d80-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49aeafd-bc6a-11dc-8d36-001676ab32e3}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 23:48:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-23 18:57:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-23 18:57:24 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 20:10:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 20:11:24
ComboFix-quarantined-files.txt 2008-02-25 00:11:15
ComboFix2.txt 2008-02-24 16:10:42
.
2008-02-17 03:37:52 --- E O F ---

bulletproof

and yes...i restart the computer and they reappeared.

so continue the steps?

bulletproof

Yes, please continue.

ok but where do i get the new Hijack This log to post from?

bulletproof

You should have the Hijack This icon on your desktop> just double click it> click run> click the "do a system scan and save a logfile" button> post that new log.

srry about the delay. Thanx for all ur help, it is greatly appreciated.
Here is the KScan log:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 25, 2008 6:54:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/02/2008
Kaspersky Anti-Virus database records: 580494
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 42955
Number of viruses found: 9
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:07:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\User\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\realist_thing@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\realist_thing@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008022520080226\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFA3ED.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFBDC8.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFE5D1.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFE5DF.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFF06C.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\~DFF0BB.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\music\PROGRAMS\Nero 7.8.5.0\Nero 7.8.5.0.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\User\music\PROGRAMS\Nero 7.8.5.0\Nero 7.8.5.0.exe RAR: infected - 1 skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BrowsingAdvisor\BrowsingAdvisor.dat Object is locked skipped
C:\Program Files\JavaCore\JavaCore.exe Infected: not-a-virus:AdWare.Win32.Insider.b skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\Program Files\MSN Gaming Zone\rtepre.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERIns.exe.vir Infected: Trojan.Win32.Agent.fow skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.edq skipped
C:\QooBox\Quarantine\C\VundoFix Backups\awydsdjx.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\bfqixvjk.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\VundoFix Backups\dcojegun.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\jkklifc.dll.bad.vir Infected: Trojan.Win32.BHO.axk skipped
C:\QooBox\Quarantine\C\VundoFix Backups\khfcbax.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\ljjjkkl.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\owkqrthx.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\qeagqqvf.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\soqjognn.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vttylole.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\VXNlcg\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP83\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BFA39DDF-81E9-418B-BF8B-1C8437B7098A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_m21HYKmHU4KVb6W Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_94c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

bulletproof

and here is the HijackThis new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:20 PM, on 02/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {3CB2793D-1541-435C-86D6-FFBE14F90F22} - C:\Program Files\Movie Maker\metovowu83122.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C6193F2-3A90-4430-B1CB-3C4F38D7E566} - C:\Program Files\Movie Maker\metovowu4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAgentEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?393076c57ff44ef7af46e43151f0b3bb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?393076c57ff44ef7af46e43151f0b3bb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02...
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 9557 bytes

bulletproof

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\QooBox

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Download SDFix to your desktop from the following link:

SDFix.exe.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt.

i have to insert the file emyself before i paste wats between the X's?

bulletproof

THANX that worked great.
Here is the Report.txt:

[b]SDFix: Version 1.147 [/b]

Run by User on 02/25/2008 at 08:14 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\PROGRA~1\MSNGAM~1\QUGA395 - Deleted
C:\Program Files\JavaCore\JavaCore.exe - Deleted
C:\Program Files\JavaCore\UnInstall.exe - Deleted

Folder C:\Program Files\JavaCore - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 20:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{A021A0A7-8279-4C2E-8C73-0AE8C646162F}.bin"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 23 Feb 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 23 Feb 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Mon 21 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BITC.tmp"
Mon 4 Feb 2008 3,510,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d0e7f87d47bee475cfd0628f651c9619\BIT37.tmp"
Sat 15 Dec 2007 8 A..H. --- "C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 15 Dec 2007 8 A..H. --- "C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 15 Dec 2007 8 A..H. --- "C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 22 Dec 2007 8 A..H. --- "C:\Documents and Settings\User\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

[b]Finished![/b]

bulletproof

THANX for all the help u gave me....greatly appreciated.

But the Red X is still there

bulletproof

Go to start> run> type in combofix /u (note the space after combofix)> then click ok. That should uninstall combofix.

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer and let us know how the computer is operating.

When i go to start run> and type in combofix /u it does not uninstall the program it only asks me if to run it.

What am i suppose to do?

bulletproof

And yh... the red X is now gone and the pc is operating great. THANX ALOT. This was more than appreciated. Great thing you all got going on here. Cudnt have done it without you.

bulletproof

Just delete the combofix icon from your desktop.

Glad we could help.

you more than help.. THANX AGAIN

bulletproof