ran combofix which deleted the followiing
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DAVID\WINDOWS
I then ran Avira and Malwarebyts which both detected nothing. However when I ran Root Repeal there were many hooks to Zone Alarm's vsdatant.sys file. I don't know if these are false positives or what. But some program is still trying to open a port to a malicious web site usually in China, Russia or Maldova. It is detected by malwarebytes anti-malware program before it can get out. I don't know how to use or interpert the root repeal program so I have to ask for your help.
Edited by Don Peters, 27 June 2011 - 07:46 AM.
moved to Malware forum--ST