You should have posted this in your original thread, rather than starting a new thread for the same subject.
Boot into safe mode. See how HERE.
http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE.
http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
svcchost.exe. <This file is added by a trojan.
^ Not to be confused with svchost.exe which is a valid file.
Close task manager.
Run HJT with no other programme open, and have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: clmss (Content List Management Sub System) - Unknown owner - C:\WINDOWS\svcchost.exe
Click on the fix checked button.
Close HJT.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it.
Locate the above 023 service and double click on it. Select stop if it`s running. Set the startup type to disabled. Click apply/ok and restart your system in safe mode.
Locate and delete the following bold file(if there).
C:\WINDOWS\
svcchost.exe
Reboot into normal mode, and turn system restore back on.
Regards Howard
