Windows xp sp3 ie 7 Avast antivirus. Computer was compromised with many virus, malware. Format and reload is not an option. Avira on a boot cd scans clean. Malwarebytes, Spybot, Webroot, all come back clean. Mcafee free online scan now comes back clean. Hijack this is clean. Sophos, Rootkit Revealer show nothing. Avast keeps giving the following warning that a file in the temporary internet directory contains the html-iframe.inf. and to continue, you have to delete the file.

Trendmicro will not run online. Windows firewall was compromised, but has been fixed. Only legit services are running. No un-necessary startups. Netframework 3.5 update will not install.

Any help appreciated.

Have you tried slaving the drive into an other pc that is designated for viral scans? Something might be designed to hide itself from scans done on the system running the infection. Funny thing that works for me also is get the a squared command line scanner and have it do a full scan.... it for some reason flushes infections out for resident viral scanners to pick up on.

What error do you get from the 3.5 update?

Tried slaving the drive in multiple machines, one with Avast, one with Norton, one with Mcafee.

Noo, the error is 0x80070645


Also, Avast shield blocks a connection to irc.Zief.pl/rc

Cleaned out the host file and checked nameservers with hjt? and check this out (http://www.threatexpert.com/report.aspx?md5=104aa36a18e8a1a1f8d047729ba29ff7)

And as far as the update is concerned, you don't have dotnet.... or it's so screwed up that you don't... Uninstall from add/remove programs.

Apparently a VERY malicious and pernicious one;

http://forum.avast.com/index.php?PHPSESSID=3d8e6f2c90d2d7839eb6fdac185b74 64&topic=42274.0

Thanks to everyone who tried to help. This is the first one that beat me. Format and Reload is the only option at this point.

I used 2 pen drives on this machine. Just threw them out. Currently wiping the hard drive, again & again. I could have waited a week or so, until a fix was hopefully found by the antivirus companies.

Again, thanks to everyone who contributed.