Hi all, I know i might be yelled at for posting this since it's probably been answered, or has tried to be answered, at some point, but i figured i would post a fresh log. ive tried looking up the answer on google and no one seems to know how to deal with it, i know a forum site has been posted to tell u how to try and deal with it but im afraid to mess anything up, so i figure its better to be safe than sorry since every problem and system is different and all. So heres the deal, homepage is hijacked to res://ppzxh.dll/index.html#96676, everytime i use google search an alternative search results page pops up, many many popups (only the best, etc), adaware pulls up the same results everytime (coolwebsearch files, etc, could not remove c:\windowssystem32\iedm.dll) avg is almost CONSTANTLY popping up the resident shield saying that avg has detected a virus in system32, etc, and its even to the point now that the "welcome" screen when i boot my computer up hits a blue screen saying that my comp has been shut down to prevent damage - physical dump of memory, etc, so it takes a couple times to boot my comp up when it lets me, ive ran avg and since theyre .exe files they just keep coming back over and over, most of them in system32, avg will not run in safe mode, i dont know if i should do a system restore to a week ago to see if that will fix the problem, mainly bc ive never done that before and i wouldnt even know how, i have spybot, adaware, avg, hijack this, cwshredder, even trojan hunter, im not as computer literate as people in here so please, if someone can help me, tell me exactly how to do it like im a 6yr old instead of telling me i should change the reg key files to something so it masks the virus before running hijack this at the same time im standing on my head, i would greatly appreciate ANY help you can give me, and im sorry if you guys have seen this problem before, thanks for having the patience to deal with it again! Jason

With all malware, you need to stop it from running then delete it. Your best bet would be to get a good process monitor something like winpatrol (you can get it from the freeware tools at http://www.anti-trojan.org). You winpatrol to kill the malware processes, then go to start, find and find the files you killed and manually delete them. For more information read this article on spyware http://anti-trojan.com/html/spyware_help.html

good news ppl ime running on windows xp pro edition.ive just had the virus agent.bf and i finally got rid of it.heres how-------follow this link-------> http://www.download.com/Ad-aware/3000-8022-10214379.html?tag=lst-0-2<---------- once downloaded install and run update immediatley.then follow this link -------->http://www.uant.net/antivirus/avgguide.html<-------- and download avg free edition you will need an email address for your serial number.once installed try an update you may not need as you have just downloaded it.make sure your internet cookies history and files are cleaned including all offline content.once updated close all browsers and customize your adaware settings. for help:add --->trancer242003<--- to your yahoo account or add ------->tranced45@hotmail.com<------- to your msn account. finally run adaware once it finishes click next and it will show you your log file.where you will see your hijacker.right click any file in the log and select all objects then press next.it will tell you that all the files that were interupting your system will be moved to quarentine click ok.then before going back to your internet browser goto tools internet options and put your homepage back in the top bar.once apllied close all browsers again and run an updated avg virus test.your system should be clean.if this also works for you just leave a message in thanks ;)

these are the files adaware deleted ArchiveData(auto-quarantine- 11-07-2004 08-05-29.bckp) ====================================================== POSSIBLE BROWSER HIJACK ATTEMPT ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[0]=RegData : Software\Microsoft\Internet Explorer\Main obj[1]=RegData : Software\Microsoft\Internet Explorer\Main obj[2]=RegData : Software\Microsoft\Internet Explorer\Main COOLWEBSEARCH ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[3]=RegKey : CLSID\{7ABEDA97-ADE8-D564-C19A-4D6D0E15F0CE} obj[4]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ABEDA97-ADE8-D564-C19A-4D6D0E15F0CE} obj[5]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA obj[6]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE obj[7]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW obj[8]=RegKey : SYSTEM\CurrentControlSet\Services\__NS_Service_3 obj[9]=File : c:\windows\sdkfb.dll obj[10]=File : c:\windows\system32\pbajp.dll obj[11]=File : c:\windows\system32\cgrqp.dll obj[12]=File : c:\windows\system32\qkmqb.dll obj[13]=File : c:\windows\system32\msyy.dll obj[14]=File : c:\windows\syswh32.dll obj[15]=File : c:\windows\javasi.dll obj[16]=File : c:\windows\atlho32.dll obj[17]=File : c:\windows\uycap.dll obj[18]=File : c:\windows\ntoh.dll obj[19]=File : c:\windows\vmyul.dll obj[20]=File : c:\windows\ensuo.dll obj[21]=File : c:\windows\ytpww.dll and ive never had the problem since ;)