I have the same problem too. Ran the CombiFix program like you said MRUTeacher, but alas, the files couldn't be removed according to the log. I hope you can help me with this.
Here is the log from combi fix and Hijack this.
-----
ComboFix 08-01-13.1 - NUSSELDER 2008-01-13 16:58:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.261 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\NUSSELDER\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\NUSSELDER\Application Data\CROSOF~1
C:\WINNT\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINNT\System32\fbdafbd.dll . . . . konden niet verwijderd worden
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_QGZLKHOC
-------\qgzlkhoc
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))
.
2008-01-13 16:57 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-13 16:29 . 2008-01-13 16:33 84,992 --------- C:\WINNT\system32\fbdafbd.dll
2008-01-13 16:17 . 2008-01-13 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-13 16:08 . 2008-01-13 16:08 0 --a------ C:\WINNT\nsreg.dat
2008-01-13 14:12 . 2008-01-13 14:12 <DIR> d--h----- C:\WINNT\$hf_mig$
2008-01-13 14:12 . 2004-03-30 02:51 36,864 --a------ C:\WINNT\system32\mf3216.dll
2008-01-13 14:11 . 2008-01-13 15:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-13 14:11 . 2007-12-10 14:53 81,288 --a------ C:\WINNT\system32\drivers\iksyssec.sys
2008-01-13 14:11 . 2007-12-10 14:53 66,952 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2008-01-13 14:11 . 2007-12-10 14:53 41,864 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
2008-01-13 14:11 . 2007-12-10 14:53 29,576 --a------ C:\WINNT\system32\drivers\kcom.sys
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d-------- C:\Documents and Settings\NUSSELDER\Application Data\PC Tools
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-13 14:10 . 2007-03-01 19:54 144,960 --a------ C:\WINNT\system32\drivers\ssidrv.sys
2008-01-13 14:10 . 2007-03-01 19:54 22,080 --a------ C:\WINNT\system32\drivers\sshrmd.sys
2008-01-13 14:10 . 2007-03-01 19:54 21,056 --a------ C:\WINNT\system32\drivers\sskbfd.sys
2008-01-13 14:10 . 2007-03-01 19:54 20,544 --a------ C:\WINNT\system32\drivers\SSFS0509.sys
2008-01-13 14:09 . 2008-01-13 14:09 <DIR> d-------- C:\Documents and Settings\NUSSELDER\Application Data\Webroot
2008-01-13 14:09 . 2008-01-13 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 14:01 . 2008-01-13 14:01 0 --a------ C:\WINNT\system32\mapisvc.inf
2008-01-13 14:00 . 2008-01-13 13:59 512,096 --a------ C:\WINNT\system32\drivers\amon.sys
2008-01-13 14:00 . 2008-01-13 13:59 298,104 --a------ C:\WINNT\system32\imon.dll
2008-01-13 14:00 . 2008-01-13 13:59 15,424 --a------ C:\WINNT\system32\drivers\nod32drv.sys
2008-01-13 13:59 . 2008-01-13 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-31 10:10 . 2007-12-31 10:10 <DIR> d-------- C:\Documents and Settings\NUSSELDER\WINDOWS
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 11:10 63,488 ----a-w C:\WINNT\xobglu16.dll
2007-12-14 11:10 23,552 ----a-w C:\WINNT\xobglu32.dll
2003-12-07 14:53 19,552 ----a-w C:\Documents and Settings\NUSSELDER\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75B9A61-72C5-43C1-A6F0-D74977E45590}]
2008-01-13 16:33 84992 --------- c:\winnt\system32\fbdafbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\System32\ctfmon.exe" [2002-09-09 22:08 13312]
"uuvade2"="C:\WINNT\system32\uuvade2.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [2003-08-12 15:12 4804608]
"nwiz"="nwiz.exe" [2003-08-12 15:12 323584 C:\WINNT\system32\nwiz.exe]
"CARPService"="carpserv.exe" [2002-10-17 10:54 4608 C:\WINNT\system32\carpserv.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-08-22 18:28 143360]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2001-09-07 13:00 136704]
"USB2Check"="C:\WINNT\System32\PCLECoInst.dll" [2004-09-21 12:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2005-06-13 02:30 192512]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-04 14:03 98304]
"PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 16:27 295001]
"uuvade2"="C:\WINNT\system32\uuvade2.exe" [ ]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-01-13 13:59 949376]
"Hitman Pro Expiration Helper"="D:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\System32\CTFMON.EXE" [2002-09-09 22:08 13312]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-02 18:32:09]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2003-11-06 17:04:24]
SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-09-23 18:36:30]
TabUserW.exe.lnk - C:\WINNT\system32\Wtablet\TabUserW.exe [2003-05-29 14:33:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
R0 weekoqgt;Microsoft RPC API Helper;C:\WINNT\System32\drivers\qgjqeums.sys []
R3 GTICARD;GTICARD;C:\WINNT\System32\DRIVERS\gticard.sys [2003-02-14 14:03]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;C:\WINNT\System32\DRIVERS\BT4501G.sys [2004-07-29 12:55]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINNT\System32\svchost.exe [2001-09-07 13:00]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 17:03:09
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\lsass.exe [5.01.2600.1106]
-> D:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2008-01-13 17:04:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 16:04:31
-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16, on 2008-01-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Tablet.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
D:\Program Files\Eset\nod32kui.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\WINNT\system32\Wtablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\NUSSELDER\Bureaublad\Hiephoi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.monumentenzorg.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E75B9A61-72C5-43C1-A6F0-D74977E45590} - c:\winnt\system32\fbdafbd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINNT\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [uuvade2] C:\WINNT\system32\uuvade2.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "D:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [uuvade2] C:\WINNT\system32\uuvade2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.monumentenzorg.nl
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe
--
End of file - 6094 bytes