Just these to do and we are all done..
========================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the red text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

ComboFix 09-10-28.08 - Kathy 10/29/2009 20:15.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1364 [GMT -5:00]
Running from: c:\documents and settings\Kathy\Desktop\ComFix.exe
Command switches used :: c:\documents and settings\Kathy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"C:\vyiy.exe"
"C:\wggam.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\vyiy.exe
C:\wggam.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-29 17:36 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2009-10-29 17:36 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2009-10-29 17:36 . 2004-08-04 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2009-10-29 17:36 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-10-29 17:36 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-10-29 16:41 . 2009-10-29 16:41 -------- d-----w- c:\documents and settings\Kathy\Application Data\CallingID
2009-10-29 16:41 . 2009-10-29 16:41 -------- d-----w- c:\program files\Common Files\scanner
2009-10-29 16:41 . 2009-10-29 16:41 -------- d-----w- c:\program files\CA
2009-10-29 16:40 . 2009-10-29 16:42 -------- d-----w- c:\documents and settings\Kathy\Application Data\comcasttb
2009-10-29 16:40 . 2009-10-29 16:41 -------- d-----w- c:\program files\comcasttb
2009-10-29 16:26 . 2009-10-29 16:26 -------- d-----w- c:\documents and settings\Kathy\Application Data\McAfee
2009-10-29 16:20 . 2009-10-29 16:20 -------- d-sh--w- c:\documents and settings\Kathy\IECompatCache
2009-10-29 15:28 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-29 15:21 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-29 15:21 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-29 14:57 . 2009-10-30 01:15 561 ----a-w- c:\windows\system32\fxscfgwy.dat
2009-10-29 14:57 . 2009-10-30 01:15 1108 ----a-w- c:\windows\system32\wcaprtho.dat
2009-10-29 14:57 . 2009-10-30 01:12 0 ----a-w- c:\windows\system32\adsnhxa.dat
2009-10-29 14:57 . 2009-10-30 01:16 3833 ----a-w- c:\windows\system32\winipsec.dat
2009-10-29 14:57 . 2009-10-30 01:16 1716 ----a-w- c:\windows\system32\routetai.dat
2009-10-29 14:57 . 2009-10-30 01:15 0 ----a-w- c:\windows\system32\MSRDO2A.dat
2009-10-29 14:57 . 2009-10-30 00:49 318 ----a-w- c:\windows\system32\kbdiamal.dat
2009-10-25 12:38 . 2009-10-29 14:46 0 ----a-w- c:\windows\Xvitalegetek.bin
2009-10-25 12:38 . 2009-10-28 14:49 120 ----a-w- c:\windows\Rtijodet.dat
2009-10-25 12:38 . 2009-10-25 12:38 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\{CEE8FEC6-F30A-46C5-AC12-AA903B839B20}
2009-10-22 21:35 . 2009-10-29 14:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-10-22 21:35 . 2009-10-29 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-22 21:35 . 2009-10-22 21:35 -------- d-----w- c:\program files\Lavasoft
2009-10-22 20:22 . 2009-10-22 20:22 -------- d-----w- c:\program files\Trend Micro
2009-10-20 02:19 . 2009-10-20 02:19 -------- d-----w- c:\documents and settings\Kathy\Application Data\Malwarebytes
2009-10-20 02:18 . 2009-10-20 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-20 01:39 . 2009-10-20 02:35 -------- d-----w- c:\program files\gsfkbc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-29 16:41 . 2007-12-29 14:51 -------- d-----w- c:\documents and settings\Kathy\Application Data\Move Networks
2009-10-29 16:25 . 2008-04-01 02:11 -------- d-----w- c:\program files\McAfee
2009-10-29 16:25 . 2008-04-01 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 18:30 . 2009-04-03 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-29 11:31 . 2006-06-19 01:30 -------- d-----w- c:\documents and settings\Kathy\Application Data\Apple Computer
2009-09-29 11:23 . 2009-09-29 11:21 -------- d-----w- c:\program files\iTunes
2009-09-29 11:23 . 2009-09-29 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-29 11:21 . 2006-06-19 01:25 -------- d-----w- c:\program files\iPod
2009-09-29 11:21 . 2008-04-26 14:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 11:17 . 2009-09-29 11:16 -------- d-----w- c:\program files\QuickTime
2009-09-29 10:57 . 2009-05-03 15:02 -------- d-----w- c:\program files\Safari
2009-09-16 15:22 . 2008-04-01 02:12 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2008-04-01 02:12 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2008-04-01 02:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2008-04-01 02:12 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2008-04-01 02:12 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2005-08-09 20:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 04:38 . 2009-09-08 04:37 -------- d-----w- c:\documents and settings\Kathy\Application Data\HpUpdate
2009-09-08 04:38 . 2006-02-02 02:55 -------- d-----w- c:\program files\HP
2009-09-04 21:03 . 2005-08-09 20:38 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-09 20:38 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-08-09 20:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 03:31 . 2009-08-25 03:31 37012 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-18 03:17 . 2006-01-21 17:57 41504 -c--a-w- c:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 00:24 . 2005-08-09 21:16 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-09 21:16 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-09 21:16 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2005-08-09 21:16 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2005-08-09 20:37 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2005-08-09 21:16 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2005-08-09 21:16 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2008-10-16 19:07 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2005-08-09 20:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2005-08-09 20:38 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\kb diamal]
@="{08BAD9B8-D926-C410-C5DE-9F4A5BDE3586}"
[HKEY_CLASSES_ROOT\CLSID\{08BAD9B8-D926-C410-C5DE-9F4A5BDE3586}]
2008-04-14 00:09 131072 ----a-w- c:\windows\system32\kbdiamal.ocx

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" [2009-08-19 1589208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-10-18 1261568]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"jiziyonube"="garepure.dll" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-9 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kathy^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\Kathy\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe [6/17/2009 12:49 PM 616408]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [3/31/2005 7:08 PM 211200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-01 17:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-01 17:22]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{783EECD9-4DD9-4414-A10A-6C5A99B4C8E4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\www.update
Trusted Zone: turbotax.com
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-29 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2116426121-699555250-1234046695-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2009-10-30 20:23
ComboFix-quarantined-files.txt 2009-10-30 01:23
ComboFix2.txt 2009-10-30 00:26
ComboFix3.txt 2009-10-29 15:31

Pre-Run: 32,749,387,776 bytes free
Post-Run: 32,737,697,792 bytes free

- - End Of File - - 223814DEF4226D45E745B14B18E56D05

After running this the computer hung up on the reboot. I'm hoping the fixes worked. Does this look OK?
Also, I found the place where I turn on the Microsoft Updates.
Thank you so much for your help - this is such a great service!!

OkThats it.Youi should be fine now...

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:

http://www.pchelpforum.com/fixed-hij...afterwork.html
http://www.pchelpforum.com/fixed-hij...happening.html
http://www.pchelpforum.com/fixed-hij...-infected.html

Thanks!!

No problem.