I recently had a virus problem and virus protection took care of it but i read this thread http://www.daniweb.com/techtalkforums/thread36931.html
with the same problem and it said i should download Hijack This and post a log so here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:42 AM, on 2/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection Plus\FSPC\fspc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\AOL\1168653640\ee\AOLSoftware.exe
C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
F:\Program Files\i-tunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\DADAND~1\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://aifind.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =

http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://in.webcounter.cc/-/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://drusearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://t.rack.cc/s.php?aid=359
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://t.rack.cc/h.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =

http://www.teenhqpics.com/?homeweber.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://t.rack.cc/s.php?aid=359
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://t.rack.cc/h.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =

http://www.teenhqpics.com/?homeweber.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =

http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =

http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =

http://ie.search.psn.cn/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

http://t.rack.cc/h.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

http://t.rack.cc/h.php?aid=359
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe

C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} -

C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: date send - {F6724457-6D6E-D5F0-0B2A-34D1FCE6933D} -

C:\PROGRA~1\CAMPFI~1\realthird.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -

C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\nz\NetZero\toolbar.dll (file missing)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\nz\NetZero\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1168653640\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common

Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program

Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program

Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [UPSUtl] C:\WINDOWS\web.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mswspl] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [More Blah] C:\PROGRA~1\SOFTWA~1\vc hole bash.exe
O4 - HKLM\..\Run: [Mcgiurv] C:\Program Files\Fmaqc\Oyblm.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program

Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe

rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye

Network\bin\bargains.exe
O4 - HKLM\..\Run: [apihg32.exe] C:\WINDOWS\system32\apihg32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD

Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection

Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection

Plus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC

Protection Plus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [aifikoh] c:\windows\system32\vnikcc.exe r
O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner

Free\UDC.exe" /min
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common

Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common

Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner

Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program

Files\i-tunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Windows Security Assistant]

C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program

Files\SpyMarshal\SpyMarshal.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell

Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common

Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - Global Startup: PC Protection Plus.lnk = C:\Program Files\PC

Protection Plus\backweb\6731405\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\PC

Protection Plus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program

Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program

Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00}

- C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter -

{200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection

Plus\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... -

{300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection

Plus\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\aim\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

(file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll'

missing
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -

http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -

http://specific911.com/acc1/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -

http://66.98.190.22/04/msits.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} -

ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/20609/online.chm::

/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} -

its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe
O16 - DPF: {11111111-1111-1111-1111-111111111234} -

its:mhtml:file://C:.mht!http://69.50.191.52/2484/b.chm::/b.exe
O16 - DPF: {11111111-1111-1111-1111-111111111321} -

its:mhtml:file://C:.mht!http://69.50.191.52/2484/b.chm::/b.exe
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} -

http://counter.69counter.com/cont/sc.cab
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) -

http://67.15.94.29/~popular/load/1495/hhctrl.ocx
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} -

http://allways.drusearch.com/traf/458/load.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/w

uweb_site.cab?1169615291390
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -

http://www.mt-download.com/MediaTicketsInstaller.cab?refid=1050
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} -

http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) -

Unknown owner - C:\WINDOWS\system32\crqz.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: WideOpenWest PC Protection Plus (BackWeb Plug-in -

6731405) - WideOpenWest -

C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner -

C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure

Corporation - C:\Program Files\PC Protection

Plus\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC

Protection Plus\backweb\6731405\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure

Corporation - C:\Program Files\PC Protection

Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -

C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC

Protection Plus\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner -

C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Security Agent (scagent) - Unknown owner -

C:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

I recently had a virus problem and virus protection took care of it. . . .

Wow - I have not seen this many different infections on a machine in quite some time!
You have collected quite a diverse boatload of malware!


It may be easier to simply reformat your machine. However, if you'd like to have a go at cleaning it, please do the following:

Follow the steps that I have written here.
Please obtain the three logs listed below as directed in my steps and post them here.
-- Be sure to EXTRACT HijackThis to a safe folder and RENAME HijackThis.exe as directed in the steps!

1- Kaspersky Online Scan Log
2- AVG Anti-Spy Log
3- Fresh HJT Log

Those ought to provide a decent starting point.
Let me know if you have any questions . . .

Best Luck
PP

thank its actually my family comupter not my own so my brothers mess it up pretty good, i'll try out the steps and get back to you. thanks

thank its actually my family comupter not my own so my brothers mess it up pretty good, i'll try out the steps and get back to you. thanks

Well . . . The sure messed it up pretty good this time! :)

There are more bad than good items in the HJT log!
-- You will be able to uninstall some via Add/Remove programs, while others will require some specifically designed tools.

It will be a lot of work, but not particularly difficult. Just time-consuming due to the number of tools and scanners you'll need to run.


Cheers :)
PP

The Kaspersky scan is attached here (quite long)

The Kaspersky scan is attached here (quite long)

That's quite a healthy list! Those have been rendered harmless by your resident AV program. We can delete them manually - I do not know why your AV did not remove them. It just changed their extensions to disable them....

--- I'll need the AVG Anti-spy and Fresh HJT Logs before I can post the first removal steps for you.

PP :)