Ok lloyd, download these programs.
CWShredder
Aboutbuster
Ccleaner
Unzip them all to the desktop. Check Aboutbuster for updates, then boot into safemode
(without networking).
Go start > run, type
services.msc Find the service called Network Security Service, right click, select "properties", hit "stop" and change the startup type to "disabled".
Then run CWShredder and hit "fix".
Then run Aboutbuster twice.
Then run Ccleaner.
Then Ewido again (I know it takes ages but it's needed for this fix)
Then run Hijackthis and check these lines.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eqjodnftcjcr.biz/T6uLOkY...giWeByo W.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R3 - Default URLSearchHook is missing
All the 02 entries apart from one adobe and 2 Norton entries
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [CSV7P26] C:\Program Files\CSBB\CSV7P26.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlkt32.exe] C:\WINDOWS\atlkt32.exe
O4 - HKLM\..\Run: [Fork Gram Draw Real] C:\Documents and Settings\All Users\Application Data\skippollforkgram\Soap Byte.exe
O4 - HKCU\..\Run: [Intra Way] C:\DOCUME~1\other\APPLIC~1\PROCBAT\Dale Play.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkjk.exe (file missing)
Close all open windows and hit "fix checked".
Find and delete these folders\files (if they exist).
C: Program Files\
Mywebsearch
C: Program Files\
Web Rebates
C: Program Files\
NewDotNet
C: Program Files\
Party Poker
C:\Program Files\
CSBB
C:\Documents and Settings\All Users\Application Data\
skippollforkgram
C:\WINDOWS\
atlkt32.exe
C:\WINDOWS\
sdkjk.exe
Then boot back to normal mode and post a new log, and say how things are now.
