I'm baffled!!! I need some help....

You never ran the Symantec online scanner. Did you skip this for a reason?

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder - C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

 

Download Pocket Killbox and save it to its own folder where you can find it.

Read thru the below steps and make sure you understand them before starting. Ask questions if you have any before starting.

Run Killbox by double clicking on the killbox.exe file.

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file

Copy & paste (you must use copy & paste - typing will give an error) the full path of each of the files below (one at a time - see directions after the list) into the Full Path of File to Delete box.
C:\WINDOWS\SYSTEM32\andrp.dll
C:\WINDOWS\SYSTEM32\ltfpmi.exe
C:\WINDOWS\SYSTEM32\nrizma.exe
C:\WINDOWS\SYSTEM32\psoft1.exe
C:\WINDOWS\SYSTEM32\skytown.exe
C:\WINDOWS\SYSTEM32\vqwub.dat
C:\WINDOWS\SYSTEM32\winup2date.dll
C:\WINDOWS\SYSTEM32\wmconfig.cpl
C:\WINDOWS\SYSTEM32\wscbmp.exe
C:\WINDOWS\system32\ocdarxc.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdra.exe

With the full path to the file name in the Full Path of File to Delete textbox. The filename will appear under the box in a blue color to indicate it was found. Now Click the Red X and for the confirmation message that will appear, you will need to click Yes. If the file is successfully deleted you will get a message of confirmation. Just click OK!
Do this for each of the files listed. Some will not be deleted. Make sure you keep a list of them.

Now for any files not delete properly above (the ones you wrote down), do the below (if all of them deleted, skip these steps):
- in Killbox select the option to Delete on Reboot
- uncheck the option to End Explorer Shell While Killing file

Copy & paste the full path of each of the files you could not delete above into the box and then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? You will need to click No (since you are not finished adding all related files in yet).

When you do enter the last file name that needs to be deleted, click Yes on the last file.
Note: Killbox will let you know if the file does not exist.

Okay so now your PC should be reboot.

Now post a new HijackThis log.

 

It would be a lot more helpful to me if you gave feedback on the steps.

Did you have any problems running Pocket Killbox or having it find all the files? Did they all delete OK?
Did you double check by looking in the folders to see if they are really deleted?

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system\spgqn.exe
After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nrizma.exe
After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system\spgqn.exe
C:\WINDOWS\system32\nrizma.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdra.exe <-- double check to see if this is gone.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.