attached is the hijackthis log file can somebody plaese help me remove this malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:49 PM, on 04/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator.TMPLASDNT03\Desktop\HiJackThis.exe
C:\WINDOWS\explorer.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: qtvglped - {0A1A0015-CF20-4AA1-B7BB-A33B81F8E478} - C:\WINDOWS\qtvglped.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FMStart] "C:\Program Files\GFI\FAXmaker Client\fmstart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [10aadbec] rundll32.exe "C:\WINDOWS\system32\iwmvbayu.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA2322] command /c del "C:\WINDOWS\system32smp\msrc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3876] cmd /c del "C:\WINDOWS\system32smp\msrc.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2112] command /c del "C:\WINDOWS\system32\cbxyxvSK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9463] cmd /c del "C:\WINDOWS\system32\cbxyxvSK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8529] command /c del "C:\WINDOWS\system32\wqyqexmw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3431] cmd /c del "C:\WINDOWS\system32\wqyqexmw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\RunOnce: [SpybotDeletingA5451] command /c del "C:\WINDOWS\system32\cbxyxvSK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC593] cmd /c del "C:\WINDOWS\system32\cbxyxvSK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8314] command /c del "C:\WINDOWS\system32\wqyqexmw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9144] cmd /c del "C:\WINDOWS\system32\wqyqexmw.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [HXFMkICYy0] C:\Documents and Settings\All Users\Application Data\pqjgtwnq\rifylirm.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - http://enterprise:81/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmplasdnt03.local
O17 - HKLM\Software\..\Telephony: DomainName = tmplasdnt03.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tmplasdnt03.local
O21 - SSODL: CheckCD - {a810bd19-dee9-4068-8898-c46b92f717d6} - C:\WINDOWS\Installer\{a810bd19-dee9-4068-8898-c46b92f717d6}\CheckCD.dll (file missing)
O21 - SSODL: zip - {d34619f1-25bc-4705-ade3-ebbb76f1c324} - C:\WINDOWS\Installer\{d34619f1-25bc-4705-ade3-ebbb76f1c324}\zip.dll (file missing)
O21 - SSODL: CheckComponent - {062c80dc-89ac-4241-ad5c-ee249cdaca7c} - C:\WINDOWS\Installer\{062c80dc-89ac-4241-ad5c-ee249cdaca7c}\CheckComponent.dll (file missing)
O21 - SSODL: ServiceKernel - {99beaa8c-327a-4615-9102-cf17f0608e9a} - C:\WINDOWS\Resources\ServiceKernel.dll (file missing)
O21 - SSODL: omlbpkaw - {C39F95F6-94EE-4627-9EDB-E433C1E9B5F6} - C:\WINDOWS\omlbpkaw.dll
O21 - SSODL: pmsoarbf - {BD71323B-874F-462C-8147-31C5D5183242} - C:\WINDOWS\pmsoarbf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Virtual PDF Printer (Service1) - Unknown owner - C:\Program Files\Virtual PDF Printer\VirtualPrinting.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6385 bytes

Hi Eyalbeth

Please post next a fresh HijackThis log taken in normal mode :)

How Do I do that?

Hi

Just boot your computer normally and make a new logfile with HijackThis.

If it says in header:

Boot mode: Normal

, log file is the one I need :)

Here it is:

Hi

In the future, please don't attach any logs but copy/paste them into your reply :)

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.