i am working on a pc for a client that is/was infected with malware, symtoms: all files from C:\ disappeared, nothing in start menu etc. i started it in safe mode with networking, copied Malware bytes, rkill, combofix, roguekiller, unhide.exe, and the registry fix to reassociate .exe files to the hard drive. i then copied the contents of the smtemp folder (all the star menu links, that get removed by the virus etc.) to a jump drive for safe keeping because i have seen this directory get deleted during the cleaning process and then you are really screwed. i then ran (from safe mode with networking rkill.exe, followed by Malware Bytes several times until no more objects are found (rebooting inbetween and rerunning rkill first thing after the reboot). then i ran combo fix, and roguekiller, then unhide. after that i replaced all the start menu links. all seemed ok so i booted into regular mode, the pc seemed to lock up for about 10 seconds at a time then un freeze for about a second or two then do it again, i noticed that iexplore was running in task manager processes, when i had not started internet explorer at all, so i killed it, and it would come back a few seconds later. i also noticed that the icons for all of the tools i had used had what looked like the windows security center shield in the lower right corner of the icon, i have seen this plenty of time before caused by malware when it attacks these types of apps. i then ran the only version of rkill that didn't have the shield on the icon (i have several versions of rkill, rkill.exe, rkill.com, rkill.scr etc. that way a virus doesn't recognize it, well it worked here. rkill reported that (\\?\C:\Windows\system32\wbem\WMIADAP.EXE was running and terminated. so to sum up i still have some kind of infection and i guess i need a different scanner to get it, any suggestions? i have used bit defender and bit defender online scanner in the past but i have had very little luck getting the first one to even install and the online scanner to find anything at all the last several times i have tried it. i will attemp to rerun Malwarebytes after the rkill found that file, but i am not too confident in it since it has been marked by the malware (the shield on the icon). thanks for any input guys.