That didn't go as well as planned, let's try this. I see something I should have caught ages ago Doh!!!!!
You need to download a anti virus and put it in your system right away.
AVG Free Edition
Download it, set it up how you like and make sure it runs full time.
Please download these tools, do not run them until asked to do so.
Trojan Remover (Free for 30 days)
Download and run iSearchFix.exe
- Allow it to install to its default location.
- Reboot to safe mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow to highlight Safe Mode, then hit enter.
- Open the iSearchFix folder and run isearch.bat
- Allow it to finish running then reboot into normal mode and post the isearchlog.txt
Unzip it to the desktop but do NOT run it yet.
Now you must boot back into safe mode
Fire up hijack this, press scan only and place checks next to these.
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
Close all browsers and click fix on hijack this.
Run the tools Trojan Remover, iSearchFix.
Once in Safe Mode, please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\iewi.exe
C:\WINDOWS\system32\d3pp.exe
C:\WINDOWS\system32\atlyi32.exe
C:\WINDOWS\system32\crez.exe
C:\WINDOWS\system32\ipjf.exe
C:\WINDOWS\system32\crdd32.exe
C:\WINDOWS\System32\sys005.exe
C:\WINDOWS\System32\16cgftv7.exe
C:\WINDOWS\system32\d3ze.exe
C:\WINDOWS\System32\raifd264.exe
C:\WINDOWS\System32\dstart4.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
Let the system reboot.
Reboot and send a new log please.