First, thanks in advance to whomever takes the time to help me out. This is my first time posting, and I hope I am following the accepted protocols. I have been working on the "family" computer, a Gateway GT 5058 with 4 gig RAM and AMD Athlon 64 x2 3800+ cpu running XP Media Center Edition with SP2. The computer has current McAfee Security suite (VirusScan, Personal Firewall, Security Center, Site Advisor, Anti Spam, etc.) running. I think that my son or wife fell victim to some "human engineering" attack and clicked on or opened something they shouldn't. Anyway, a short while ago, the McAfee started alarming on suspicious activity (I did not actually read the messages, by family simply acknowledged them and kept doing what they were doing. I finally started to try to eliminate the problem as follows: Scanned with McAfee VirusScan and found nothing. Tried to download the current version of AdAware, and was stopped by a warning message in a box that looked like the XP theme. At top, it says "Security Alert", and in the box it says "Your current security settings do not allow this file to be downloaded". The only control in the box is an "ok" button to acknowledge and close the box". Turns out that this message pops up almost every time I try to download any of a number of AV / spyware / malware tools. I am suspicious that this message is being created by the infection as a means to prevent removal.(I can download other files without any problem) I then went to a computer that I was sure was clean, and downloaded a basketful of tools such as Hijack this, AdAware, SuperAntiSpyware, Malwarebytes, Spybot Search and Destroy, CWShredder, CCleaner, and other tools. I put them on a flash drive and copied them to the infected machine. Anyway, I have been running the group of them for the past two days, and did indeed get rid of suspicious stuff that was running in the background: afisicx.exe, macidwe.exe, noxtcyr.exe, nvsvc32.exe, sobicyt.exe, sotpcea.exe, tdxdowke,exe, and a few others. I researched the filenames on this and other sites, and several of them were associated with some backdoor trojans, and some were unknown. (I suspect that they could be changing their names?) I could not run Spybot Search and Destroy. Every time I tried, the machine locked up. (I had run older versions of this program in the past) Also tried to run SDFIX in safe mode, and another disturbing thing happened. I can not boot into safe mode!! F8 gets me to the right screen, and when safe mode is selected, the process goes as far as displaying the windows splash screen and locks up. Tried many times. So to sum up, I got rid of some suspicious stuff, am blocked by something from downloading AV / malware / adware tools, can not boot into safe mode, and am starting to get suspicious this thing is really good at hiding. I have attached the two Hijack this files for your viewing pleasure.One is from very early in my work to clean this up, and one is from just a little while ago.