Hi Joe i have sent you my logs thanks mate

Yet an other Spyware Quake infection , that goes around alot lately. And i would also disable the windows messenger service:


Download this regfix , but dont run it yet:

http://www.pchelpforum.com/downloads...id=67&act=down

Now download smitRem.exe written by noahdfear and save the file to your Desktop.
Double click on the smitRem.exe file and click the Start button to extract it to its own folder named SmitRem on the desktop. (this should be the default selection). Do not run anything else related to the program yet!
Now you will need to print or save these instructions locally (to a text file on your Desktop) for later reference. This is necessary because you must not have any browers open and must not connect to the internet while following the below steps.
After saving the instructions, reboot into Safe mode
Now once in safe mode, goto Add/Remove programs and uninstall Spyware Quake. (if present)
Now unpack the rar file you have just downloaded and double-click on the NewfixSQ.reg file and when it prompts to Add in to the registry, say yes.
Run Windows Explorer by right clicking Start & Select Explore
Navigate to your %System32% folder C:\Windows\system32 )or C:\Winnt\system32 depending on how/which OS you have installed.)
Look for the following files based upon where you have Windows installed:

• %System32%\stickrep.dll
• %System32%\suprox.dll
• %System32%\xenadot.dll
• %System32%\sivudro.dll
• %System32%\twain32.dll
• %System32%\dvdcap.dll
  When you locate the files, right click on them and select Rename. Change the dll extension to DDD. For example: rename xenadot.dll to xenadot.DDD We will fully delete the files later.

Now open the smitRem folder on your Deskop, double click on it to access the folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. If you cannot get RunThis.bat to work in safe mode, REBOOT into normal mode (with no internet connection) and repeat the above step from the point of booting in safe mode.
The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Upload this file later after reboot.
Now reboot your system into normal mode.
Now after reboot relocate the DLL files we renamed with a DDD extension in the above step and delete them. If you have a problem deleting these files, try rebooting one more time into safe mode and attempt another deletion. If it still does not delete, make sure you tell us later.
Also delete the below files and folders if found:

• C:\Program Files\Spyware Quake
• C:\Program Files\SpywareQuake.com
• C:\Windows\System\1024 (or C:\Winnt\System\1024 )
• %System32%\1024
• %System32%\dcomcfg.exe
• %System32%\dfrgsrv.exe
• %System32%\hp????.tmp ( where ???? is any 4 random characters)
• %System32%\mssearchnet.exe
• %System32%\nvctrl.exe
• %System32%\ot.ico
• %System32%\simpole.tlb
• %System32%\stdole3.tlb
• C:\Documents and Settings\[Current User Account]\Start Menu\Programs\SpywareQuake <---- where [Current User Account] is the actual user account name you are logged into.

And then fix this entry with hjt if still present:

When done , please post the Smitrem log , and also a new hjt log.