Antivirus: Nod32 Firewall: Outpost Browser IE7 Software: Ad-Aware // HijackThis // SDFix // Dr. Web CureIt I've never had any troubles in the past with Trojans; until now. I'm infected with what I believe to be several Trojans & am at a loose-end on how to get rid of them. Problems Trojans have caused: Taken ShutDown button from Start Menu // Taken Run command from Start Menu // Disabled keyboard shortcuts (Win+R = Run & Alt-F4 = to shutdown; gives message, 'operation cancelled due to restrictions...') // Removed Run option from Task Manager // When I try to access Safe Mode, computer hangs. I created a command.bat to get to a command prompt, but the screen is just flooded, so I can't type. IE windows can close at random moments. 1714 open ports at present - and rising!! Trojan names: Rootkit.Agent.DW // Wigon.Z // Win32/BHO.G Files that keep popping up: runtime.sys // jjj.dll // ip6fw I've tried to be as thorough as possible with my dercriptions of my problem, without writing you out an essay. Virus scans pick up and clean , but as I mentioned I can't access Safe Mode to have a thorough clean out. Hope somebody can help, as i'm just at complete loss. Kind Regards Jimbo

**When I try to access Safe Mode, computer hangs.** You mean it hangs at the listed drivers? If so, wait untill the safe mode loads....could be between 2 minutes to an hour or more, but it will load. Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Here is some info about Win32/BHO.G : http://research.sunbelt-software.co... I have found some info about the Wigon.Z in Russian, but you probably do not understand that. As far as I see from that discussion there is no antivirus that could remove the trojan, so they have built some kind of script (yes, russians are good doing that). So please go to this link: http://depositfiles.com/ru/files/13... and download the file by clicking the red button on the right of the bottom. It should be free and in English. And here is a forum discussion about the Rootkit.Agent.DW removal: http://www.geekstogo.com/forum/Root... Good luck and let us know how did that work.

Hi, thank you very much for the responses, much appreciated. Update: Thanks to XpUser4Real advice to be patient, I finally got into Safe-Mode. Surikas: Couldn't get away with the Russian one; kept asking me to pay. (Comes up with 3 or 4 price plans) But the article on geekstogo.com was brilliant in the tools & software it offered to remove the Trojans. Removed 8 trojans, and as I write this things seem more stable. Next Problem: As I described in my first post, I have lost my Shut Down button, and seemingly my Administrative privileges (although everything is fine in Safe-Mode, and nothing wrong with Account Type in Users). So.... how do we get a new Shut-Down button, Run button, and administrative privileges? Again, thank you for you quick and helpfull responses. Kind Regards Jimbo

Good to hear you got into safe mode, now For the shutdown button, this may work for you: http://help.lockergnome.com/general... It is the last suggestion on that page. Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

For the other problems.... If you have an actual XP disc, you may try an sfc /scannow and if that doesn't work, do a repair install: http://www.microsoft.com/windowsxp/... Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Regedit worked like a charm. Got my shutdown button back, and the key for the run button was in the same place. Just ran an All Service Ports scan on Grc.com - got my results back to normal. Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Thanks very much for your help in resolving this issue. From hopelessly infected, to clean; in almost exactly 24 hours. Very Nice. Thanks Again. Jimbo