OK, I just did a reboot and noticed my options have changed from 1. Windows Xp 2. Recovery console to 1. Windows recovery console 2. Do not select this (debugger enabled) 3. Windows Xp. Why did the order change and what is option 2? Also, I logged in to a different user (not admin) and I get an error that reads in a small box ""Error" Registry data not found". Also, In both users my Avast icon in my taskbar are gone again.

So, if I know the infection wiped out things on 5/4/11 we can't restore to 5/3/11? I did notice weird pop-ups saying my system could be infected prior to 5/4/11 but the big problem wiping things out happend on 5/4/11.

I just tried to do a restore back to 2 previous dates again, and as before they came back as "Incomplete" with no changes made to my system. They both took a while and it looked like it was making changes... why doesn't my restore work? did we undo all the fixes we made? Should we run a scan to be sure? Also, what do you make of the "registry data not found" error under my other user and the disappearing Avast taskbar shortcut? I keep putting it back and upon reboot it disappears. I'm afraid all my shortcuts will do this even if I replace them. Sorry for all the questions but I feel so violated by that virus!

For future reference, to restore system tools, worked like a charm :

http://windowsxp.mvps.org/Accessories.htm

Did my 2 failed attempts to system restore hurt anything? Bring parts of the virus back? Is there a scan I should run to check?

I did not forget about running the two OTL things you told me to run, just waiting to see if there are any other options first before wiping out all restore points.

Question, is it safe to assume that even if I was able to get system restore to work that it wouldn't necessarily bring back the deleted shortcuts? Aren't things like deleted items or even newly saved items unaffected by restore? And is it safe to assume restore is not working because of the virus? I still see restore points on the calendar but it doesn't complete, unless it needs to be done in safe mode for some reason? Sorry for all the questions...

Below is the OTL log you requested before. Looks like it had some issues with temp\_avast, not sure if that's a problem or not.

I've been searching about this virus that I got hit with and found that several people are having the same exact issues as me since last week. I want to wait to see what solution develops before deleting any restore points. So, if you can keep the topic open I will get back to it or perhaps you'll find a fix and get back to it. It seems the user "shell" of the whole start menu is corrupt and I'm confident someone will find a fix soon! I hope...

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\VIRUS Removal\VundoFix Backups\cehjl.ini.bad moved successfully.
C:\VIRUS Removal\VundoFix Backups\cehjl.ini2.bad moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hairlogic.com Inc
->Temp folder emptied: 240462 bytes
->Temporary Internet Files folder emptied: 1938464 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68360917 bytes
->Flash cache emptied: 2956 bytes

User: HAIRLO~1~COM

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lori
->Temp folder emptied: 1522 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33023 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: hairlogic.com Inc
->Flash cache emptied: 0 bytes

User: HAIRLO~1~COM

User: LocalService

User: Lori
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05122011_190151

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ugh! Seriously?
Stupid question, how do I re-create shortcuts back to the start menu program's list?
Also, what determines which shortcuts gets onto the programs used most often list of the start menu? Some things are there but some aren't like Firefox which I've used repeatedly but stll doesn't show up there and I have to go launch if from the programs folder.

Hmm... All I get is "General, Sharing, Security, Customize" tabs.

How about using a program to recover the deleted shortcuts? Do you recommend any? It's not a lot of data that could be corrupted, just shortcuts, so it may work?

Yes, the virus is gone, but sadly, not without something to remember it by. Thanks for all your help!