First This is a machine I am reparing for a Customer..IT IS NOT MINE..
Consideration of Clean Install Is out of the Question..SO DON'T RECOMMEND
I am after pointers not weather reports..and not after hand holding
yes I am in a bad mood.. to add to it it is the Bah Humbug Season again.. I have to go back to the sales floor untill new Year.. An this bloody Compaq laptop finds its way to my desk problem Porn popups.. bloody 15yr old boarding school id-10-t... hormone ridden numb brain retarded boy..

Started where:

Bart-pe: Stinger Scan: Clean

Cant get to the Shell load commands useing the remote registry tools i use.. so can't check .. i do suspect

So: boot the system Live into Safe mode:
CWshredder: 1 hit.. CWS_IEengine

Found a **** load of files in the Win/System Folder random file names 8 to 15 characters in length .. mixture of numbers and letters (as I said random) DLL's and BAK's.. created at set times over 4 days.. but in groups 7:25 - 7:44 one day 18:20 - 18:38 the next day.. about 2 or 3 hundred of these were found.. moved what I could identify to a temp folder..
Spybot with month old defs was throwen into the pit:

Webdailer
VX2/f
Vloading
TIBS
Spex
RadLight media player
Powerscan
n-Case
ISTbar.slotch
Haxdoor-H
DyFuCa.InternetOptimizer
CoolWWWSearch.? (some idiot spilt coffee on his desk damaged his notes)
BlazeFind.SearchEnhancer.ISTbar

Reboot..back to SafeMode

Now Spy Sweeper has a go:

Trojan Jeem
CWS
Hot as Hell
Istbar
Slotchbar
Powerscan
TeenXXX
MoneyTree nem216.dll (had to manually delet this sucker)

Reboot..back to SafeMode

The Cleaner:

BetterInternet 2 versions
LocalNRD 2 versions as well

Reboot..back to SafeMode
Tried to install Adaware.. no joy.. hour glass appeared.. then disappeared

This is when I tried my first normal mode scan with Spybot SnD

Found some odd BHO entries and it errored before completion

BTW.. the Adaware se install file.. that I tried to install.. gone.. (hey I copied it in a folder with a shitload of malware tools while in bart-pe) gone deleted.. recopied from my cd as well as a def update file and moved these to the desk top.. BUT FIRST

HJT: should have looked at this in Bart..note to self..do a win.ini check when next useing Bart..

the entry in the win.ini .. Shell= explorer.exe ; init32m.exe

this init32m.exe is loading with explorer EVEN IN SAFEMODE

edited the entry.. moved the file to my temp folder

restarted: rerun Spybot.. no errors..

displayed some reg entries as BHO problems..

these were in HKLU\software\microsoft\windows\current version\internet settings\WWRU_Owner|....... (I now am pissed at spilling my coffee I am not sure if the WWRU is correct.. but I do know there was a branch for each user including the Administrator)
yet to check how valid thse branches are.. I could only see them when I restarted the machine in safemode.. .. even after deleting them.. still problems safe mode scan again with:
A-squared, the cleaner, spysweeper, spybot, stinger.. and bugger me.. Adaware has gone bloddy AWOL again.. copied back stupid thing won't install..

Boot back to normal mode.. bloody Adaware AWOL again.. copied it back renamed it to "some stupid name".. bugger me if it didn't disappear on restart.. even renamed the darn file on a clean machine copied it to the machine.. same story AWOL after a restart.. even tried to execute the new named file.. btw.. I found I cant leave my USB drive pluged in on restart.. bloody Adaware AWOL...

What ever it is I have missed.. it has wiped the Adaware file.. not just hiddn from view

did a google on this.. 2 mentions.. 1 was the adaware forum.. the other pointed a question back to the same thread.... the ****tards there were implying that the users was just installing the program wrong.. last reply was on the 11th of Nov.. I think the guy gave up in disgust.. so the Lavasoft people are no real help..

hmm tried joining their forum earlier 2day.. still cant post..

so any intelligent ppl there.. clues...???
..