Hi

I have an infection of the above with 250+ files now isolated in a Vault after a full AVG scan..

Info on its removal suggests the reg key [HKCR\CLSID\{C111980D-B372-44b4-8095-1B6060E8C647}] contains the link to the virus exe file. But this does not exist.

Neither do the files:
%WINDIR%\c_126.nls

%WinDir%\App Patch\E
deamon.dll

which the virus extracts from its body

Following the Scan the laptop appears to be free only to be re-infected on re-boot.

can any one assist me by suggesting the next move please?

Dj

If all is working otherwise and they're in virus vault, switch off system restore reboot rescan to make sure all is OK if so switch system restore back on

then maybe pop along to the spyware forum and have a read >> Here <<