I can't post the activescan report, I keep geting a message that there are to many characters. Do you want me to spilt it?

Hi,iant

Yes please if it helps

HGD

here is the activescan report

Incident Status Location
Virus:Trj/Agent.ACM Disinfected Operating system
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Administrator\Favorites\Only sex website.url
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\bridge.???
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/BlazeFind No disinfected C:\Program Files\WindowsSA
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/ExactSearch No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Ab scissor.url
Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
Virus:Trj/Agent.ACM Disinfected C:\!Submit\iezl32.exe
Virus:Trj/Agent.ACM Disinfected C:\!Submit\mfcab.exe
Virus:Trj/Agent.ACM Disinfected C:\!Submit\mfcej32.exe
Virus:Trj/Agent.ACM Disinfected C:\!Submit\nthx32.exe
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Administrator\Favorites\Only sex website.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Administrator\Favorites\Search the web.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Administrator\Favorites\Seven days of free porn.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Administrator\Favorites\Sites about\What is hydrocodone.url

Spyware:Spyware/Fstb No disinfected C:\main.chm[htm2chm_explorer]
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addii32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addkf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addmt.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addvw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addxj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addyz32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\addzm.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apidp.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apiel32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apifo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apijc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apijf32.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\apijz.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apikp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apiks.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apinu.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apipe.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apirc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apirz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apitk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appal32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appap32.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\appdj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apphe32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apphn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appld32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apppn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\apptl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appui32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appum.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appvh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\appxn32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appyl32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlak32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlay32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlde32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atloo32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlsk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlvx.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\atlyv32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crav32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crbl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crfm.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crfy32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crif.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crlf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crnn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\croz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crqo32.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\crrn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crrs32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\crxx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3ai32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3cb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3cl32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3fa.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3fm32.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\d3hs.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3iq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3kn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3nt32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3qx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3uh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3uv.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3vu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3we.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3wn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\d3yc32.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\bridge.inf
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ieao.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ieaq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ieau32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieby32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iedg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iegt32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iekk32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ielg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iens.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ienu.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iepb32.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\iesp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iewx.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipae.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipal32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipar32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipbz.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipca32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipcd32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipdo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipef.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iphe32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipio.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipjq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\iplz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipnr.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipnt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ippc.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipsc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iptk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipuq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipxr32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipyb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ipyh.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\ipzd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javafa.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javafn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javafv.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javagf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javagt32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javahr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javaiw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javajq.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javalx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javanv32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaoh.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javapn32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaqh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javare.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javarr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javart32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javary32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\javasx.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcex32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mfcia32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfclq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mfcpw32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mfcqa32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcwv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msai.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msbj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msje.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msox32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mspd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msqb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msqk32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\mstz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msut32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msws.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\msyk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\netaj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netao.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netbp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\neteq32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netgr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netht.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netic.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\netiq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netoj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netol32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\nettf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\netxc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\nthm.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\nthv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntkt.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntnf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntpr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntqx.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntrb.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\ntvd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntwu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntyc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\ntze32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ahxona.txt
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\n_cqeuus.txt
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\n_umbdap.txt
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\sdkbq.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdkbx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkdm.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdker.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdkex.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdkgo32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkoe.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdkrk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdksr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sdkxc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\syseh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysih32.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\sysio32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysjc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\syslk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysnx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysou32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\syssa32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\syssj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addaj32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addfe.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addgw.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addhy.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addia32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addie32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addjw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addly.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addma32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addot.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addoy.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addqa32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addsh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addtj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addui.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addus32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\addyi.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apial32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apimn32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apiph32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apirn32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apith.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\apixb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apixc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apizv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appcl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appdo.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appfn.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appjg.exe

Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appjo32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appkh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appsu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appud32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appuf32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appyb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\appyb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlbn32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlcg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlcn.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlih.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atlkg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atlly.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atlno.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atltg32.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\atluu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\atlwa32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atlyf32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crcl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crex.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crfi32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crgx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crie.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crik32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crjm.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crka.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\crkg.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crmv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\crqs32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crsy32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\cruy.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\cryn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3ac32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3eh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3ej.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3fj.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\system32\d3fn.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3fs.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3hb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3io.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3jc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3my.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3su32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3wo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3wq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\d3xp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3ys.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3zd.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ieen32.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\system32\iega.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iegg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iegl32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ielg.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ieln32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iemh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ienh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ieov.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ieph32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ieqc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ierj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iesb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iexe.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iezc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iezk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ipce.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipdh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ipdl.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipeb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iper32.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\system32\ipev32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipio.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\iplr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iptv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipvn.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipvs32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ipxa.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ipyk32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javaby.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javacx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javael.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javafi32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javagq32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javajf32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javaki.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javaks32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javala.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javamf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javami32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javans32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javapz.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javasg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\javatb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\javawh32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcdi.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcdl.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcfg32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcno.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcos.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcpf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcpu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcqg32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcqp.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcrm.exe
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\system32\mfcsy.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfctr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcuk32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcut32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcxt.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mfcxt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mfcze.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\msac.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msay.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msbv32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msbz32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\msdb.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msdc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msep32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mses.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msro32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\mssj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mswu.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\msyl32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mszz32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netdu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netdv.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\netfn.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netid.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netjr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netlt.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netmp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netmr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netnf32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netpw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netst32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netsy32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netvz32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\netwi32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntag32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntcu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntdc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntes32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntfj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntfx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntkr32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntmc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntmm.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntoz.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntpr32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntqp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntva32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\ntyh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntys.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\pwjfw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sdkhs.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkif32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkmw.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdknr.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\sdkpu32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkpx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sdkrq.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdktr.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkxl32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkyf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sdkyh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\syscn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysdr32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysdz32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysfb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sysik32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\syska.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\syskg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysmx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\syssk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\systy32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\sysun32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winbf.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\windi.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winfs.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\wingt32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winhh.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winhl32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winjp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winki.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winlb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winnx32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\system32\winoi32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winrl32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winyp32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysur32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\syswc32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\sysxy.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\wincf32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\wincj.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winco32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winfa.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\wingk.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winkx.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winng.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winxb32.exe
Virus:Trj/Agent.ACM Disinfected C:\WINDOWS\winyz.exe

After all that I hope it is worth it, guess you can see why it would'nt fix into one post.

Good hunting

iant

Hey,iant

It's great to see you once again

now a lot of the items in this logfile should clean
using Ad-Aware Se & Spybot so lit's run both of them
what it will not clean we will go after

1. Download and Install Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found



1.Downloaded and Install Spybot Search & Destroy, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.

5. Next click the button ‘Check for Problems’

6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

7. Make certain there is a check mark beside all of the RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

9.REBOOT to complete the scan and clear memory.


Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’.

HGD

I have done the above, here are the log files. But I have anothe problem.....Singe I last rebooted the pc I cant get access to the internet explorer, i just get one of the win. xp error windows asking if i want to send a report. All the box says is the internet explorer has caused an error.

Things just get better and better.

ArchiveData(auto-quarantine- 2005-07-15 12-53-03.bckp)
Referencefile : SE1R54 14.07.2005
================================================== ====

COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{4907adef-bf75-e26c-fe0a-09086e13d352}
obj[1]=Regkey : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
obj[4]=Regkey : software\microsoft\internet explorer\urlsearchhooks
obj[5]=Regkey : software\microsoft\windows\currentversion\uninstal l\hsa
obj[6]=RegValue : software\microsoft\windows\currentversion\uninstal l\hsa "UninstallString"
obj[7]=Regkey : software\microsoft\windows\currentversion\uninstal l\se
obj[8]=RegValue : software\microsoft\windows\currentversion\uninstal l\se "UninstallString"
obj[9]=Regkey : software\microsoft\windows\currentversion\uninstal l\sw
obj[10]=RegValue : software\microsoft\windows\currentversion\uninstal l\sw "UninstallString"
obj[11]=Regkey : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i
obj[12]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "Start"
obj[13]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "ErrorControl"
obj[14]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "ImagePath"
obj[15]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "DisplayName"
obj[16]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "ObjectName"
obj[17]=RegValue : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i "FailureActions"
obj[18]=Regkey : software\microsoft\downloadmanager
obj[19]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[20]=RegValue : software\microsoft\internet explorer\new windows "PopupMgr"
obj[21]=RegValue : software\microsoft "set"
obj[22]=RegValue : software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1 ":Range"
obj[23]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[24]=RegData : software\microsoft\internet explorer\main "Start Page"
obj[25]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[26]=RegData : software\microsoft\internet explorer\main "Start Page"
obj[27]=File : C:\WINDOWS\puozt.dll
obj[31]=File : C:\WINDOWS\system32\wbem\logs\wbemess.log

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=IECache Entry : Cookie:administrator@cs.sexcounter.com/
obj[3]=IECache Entry : Cookie:administrator@statcounter.com/

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[28]=File : C:\Documents and Settings\Administrator\Favorites\Only sex website.url
obj[29]=File : C:\Documents and Settings\Administrator\Favorites\Search the web.url
obj[30]=File : C:\Documents and Settings\Administrator\Favorites\Seven days of free porn.url



Logfile of HijackThis v1.99.1
Scan saved at 13:24:59, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\d3vi.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\hjt\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\puozt.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\puozt.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\puozt.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\puozt.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\puozt.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\puozt.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.2.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2A992854-C120-2344-3A53-938F60435FED} - C:\WINDOWS\d3vi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [d3vi.exe] C:\WINDOWS\d3vi.exe
O4 - HKLM\..\RunOnce: [mfcva.exe] C:\WINDOWS\mfcva.exe
O4 - HKLM\..\RunOnce: [ipxp32.exe] C:\WINDOWS\system32\ipxp32.exe
O4 - HKLM\..\RunOnce: [netxb32.exe] C:\WINDOWS\netxb32.exe
O4 - HKLM\..\RunOnce: [atlus.exe] C:\WINDOWS\atlus.exe
O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINDOWS\atlgn.exe
O4 - HKLM\..\RunOnce: [msao32.exe] C:\WINDOWS\system32\msao32.exe
O4 - HKLM\..\RunOnce: [winkh.exe] C:\WINDOWS\system32\winkh.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 64.127.104.144
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mfcva.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H9CXDLAH\SFUninstaller[1].exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hey,iant

Wow ok from what i just looked at this should do it for us
if no i will go over to your place & SLAP the PC to the other
side of the room. you have a lot of work to do here so please
do this when you have the time do not start this & stop part
of the way that will not help us

PLEASE PRINT OUT THESE INSTRUCTIONS BEFORE PROCEEDING.
(Click on Print this topic in the upper RH corner.)

STEP 1:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here.

STEP 2:
Please download Trend Micro™ CWShredder™ here.
Save it to its own folder named CWShredder and place it at the root of your C:\drive along with HijackThis.
Don't run it yet, we will use it later.

STEP 3:
Download AboutBuster from RubbeR DuckY here
Save it to its own folder named AboutBuster and place it at the root of your C:\drive along with HijackThis.
Double-click AboutBuster.exe and press Update to make sure you have the latest reference file version.
Don't run it yet, we will use it later.

STEP 4:
Download and install the latest version of Ad-Aware SE here
NOTE: If you are still using the older Ad-Aware 6, go to Add/Remove Programs in the Control Panel and uninstall it now before installing Ad-Aware SE.
Before scanning click on "Check for updates now" to make sure you have the latest reference file.
Don't run it yet, we will use it later.

STEP 5:
Download the eScan Antivirus Toolkit here.
Save it to the desktop. This program is 10MB in size.
Don't run it yet, we will use it later.

STEP 6:
Download and install the Ewido Security Suite
NOTE: The Ewido Security Suite utility will not install on Windows 95, 98, ME, or NT. The minimum system requirements for Ewido Security Suite is: Windows 2000 or Windows XP.

1.) Download and install the Ewido Security Suite here
2.) Double-click on the new e Ewido shortcut on the desktop to open the program.
3.) On the upper LH side column, click on the Update button.
(This will update the program with all the latest signature files.)
Don't run it yet, we will use it later.


STEP 7:
If you are using Windows 2000 or XP, you must first STOP and DISABLE the rogue service:
There are different Display Names to look for:

* Workstation NetLogon Service
* Remote Procedure Call (RPC) Helper
* Remote Access Service
* Network Security Service (NSS)

Go to Start => Run and type "Services.msc" (without quotes) then click Ok.

1.) Scroll down and find one of the bad services described above such as: Remote Procedure Call (RPC) Helper
2.) When you find it, double-click on it.
3.) In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled.
4.) Now hit Apply and then Ok and close any open windows.

STEP 8:
If you are using Windows 2000 or XP, copy the contents of the Quote Box below to Notepad. Name the file as cwsresfix.reg. Change the Save as Type to All Files, Save this file on the desktop. Please DO NOT include the word QUOTE when saving the file.

QUOTE

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SW]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\HSA]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\SE]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\SW]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ �%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1 1F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1 1Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1 1Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ ?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O ?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\½ O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ �%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1 1F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1 1Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1 1Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ ?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O ?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\½ O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\ LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ �%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\1 1F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\1 1Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\1 1Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ ?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\O ?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\½ O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\ LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ �%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\1 1F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\1 1Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\1 1Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ ?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\O ?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\½ O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_�%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_11F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_11Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_O?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\ LEGACY_½O.#ž‚„?õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ �%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\1 1F฿ไ #ทบฤึ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\1 1Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\1 1Fßä #•ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ ?%AF夶À¨]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\O ?’ŽrtñåȲ$Ó]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\½ O.#ž‚„?õØ´â]


STEP 9:
Please reboot into Safe Mode. For instructions click here
Get into Safe Mode using the F8 Key on your keyboard:

1.) Locate the F8 key on your keyboard and then reboot your PC. (Start, Shutdown, Restart)
2.) As soon as the monitor screen goes black, immediately start tapping the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3.) Select the option for Safe Mode using the up down arrow keys.
4.) Then press Enter on your keyboard to boot into Safe Mode.
5.) Perform all the cleaning tasks here and when you are done, reboot PC back into normal mode (Windows).


STEP 10:
From Safe Mode, double-click on cwshredder.exe to open it, click the 'Fix->' button (not 'Scan Only') and you'll be prompted that CWShredder will shutdown any Internet Explorer and Windows Media Player windows, click OK to continue and let it run completely to delete anything it finds. After its scan, click Next, then Exit.

STEP 11:
From Safe Mode, browse to C:\AboutBuster and double click on aboutbuster.exe.

1.) Click Begin Removal and allow the program to run.
2.) After AboutBuster has finished click OK. It will now open a new page, click on the Protection tab and follow the instructions for protection on that page.
3.) Now click Exit and then click OK to the Logfile created dialog box.


STEP 12:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) Double-click on the mwav.exe file saved to the desktop. A WinZip Self-Extractor will appear.
2.) Click Unzip, by default it will extract all the program files to new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky).
3.) A dialog box stating "1xx file(s) unzipped successfully" will appear, click OK. After clicking ok, the eScan AntiVirus Toolkit Utility interface will appear.
4.) With the eScan interface on your desktop, make sure that the boxes under Scan Option, Memory, Registry, Startup Folders, System Folders, Services, are all checked.
5.) Check the Drive box, this will create a another Drive box below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.
6.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.
7.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. eScan will delete any viruses or trojans it finds.
8.) When the scan has finished, the top window will read Scan Completed. To close the interface, click OK, click Exit, then click Exit again.


STEP 13:
From Safe Mode, run the Ewido Security Suite.
NOTE: Windows 2000 and XP only.

1.) Double-click on the e Ewido shortcut on the desktop to open the program.
2.) On the upper LH side column, click on Scanner.
3.) Click the Settings button, under What to scan? click Scan every file, click OK.
4.) Click the Complete System Scan button.
5.) Have the program delete everything it finds.


STEP 14:
From Safe Mode, run the Ad-Aware SE program you downloaded and configured earlier, make sure "Perform full system scan" is checked, let it scan the hard drive and delete all entries it finds. Run the program again a second time.


STEP 15:
From Safe Mode, double-click on the cwsresfix.reg you created earlier and when it prompts to merge say yes, and this will clear some registry entries left behind by the process. Now reboot the PC back into Normal Mode (Windows).


STEP 16:
Go to Start, Run, type in %temp% click OK.
Click Edit, Select All, click File, Delete, now click Yes to send items to Recycle Bin. Now empty Recycle Bin.


STEP 17:
This infection may delete the Windows shell.dll file and the control.exe file. Make sure you always perform a Windows search for these files after the cleanup. If you are using Windows 2000, or XP, go to Start, Search, For Files or Folders, and type in shell.dll.
For Windows 2000, it will be found here:

* C:\WINNT\System32
* C:\WINNT\System

For Windows XP, it will be found here:

* C:\Windows\System32
* C:\Windows\System

Now look for the control.exe file.
For Windows 2000 it will be found here:

* C:\WINNT\System32

For Windows XP it will be found here:

* C:\Windows\System32

If any of these files are missing in 2000 or XP, they can be replaced from the dllcache folder.
For Windows 2000, a replacement can be found here:

* C:\WINNT\System32\dllcache

For Windows XP, a replacement can be found here:

* C:\Windows\System32\dllcache

Now copy and paste the file(s) from the dllcache folder into the proper folder (shown above) according to your version of Windows.

The files shell.dll and control.exe can also be downloaded. They can be downloaded from here.
Once the file(s) are downloaded extract the file(s) and copy them into the proper folder (shown above) according to your version of Windows.


Now after all of that good god till us how it is & show new logfile.

HGD

You can do this my friend