[hannyp]

Tried but still no joy, same message appears.

[evilfantasy]

Let's try this.

CCleaner
If you do not have CCleaner please download and install it. Download CCleaner (we will use this in a minute)

==

Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

==

Go to Start > Run > type Sevices.msc and click OK.
Find the EasySpyRemover and right click it and select Properties
Next to the Startup Type: use the dropdown box and select Disabled click OK.

Close the Services window.

==

You may want to boot into safe mode before uninstalling this to have the best chance at removal.

Open CCleaner.
Next click on the Tools tab and you will see a uninstall list.
Right click on any entry you want to uninstall and choose Run Uninstaller.
Remove any entry that has to do with:

Easy SpyRemover (if there)Also look for anything else that is installed that you do not know about and uninstall it.

==

If Easy SpyRemover was not in the CCleaner add/remove programs list, open this folder and see if there is an uninstaller in it and run it there.

Then locate and delete the following bold files (if there).

C:\Program Files\Easy SpyRemover

==

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall


==

Next post please add the combofix log.

[hannyp]

Here are the results:

ComboFix 07-11-19.4 - Hannah 2007-11-26 19:38:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT 0:00]
Running from: C:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\IV4761GN\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Hannah\ResErrors.log
C:\Documents and Settings\Olly\ResErrors.log
C:\Program Files\Common Files\PCPrivacyTool
C:\Program Files\Common Files\PCPrivacyTool\mc.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-26 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-26 19:31 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2007-11-26 19:17 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-26 19:17 <DIR> d-------- C:\Program Files\CCleaner
2007-11-26 18:08 <DIR> d-------- C:\Documents and Settings\Olly\Application Data\SUPERAntiSpyware.com
2007-11-25 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-25 20:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-25 20:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2007-11-25 20:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-25 20:39 <DIR> d-------- C:\Documents and Settings\Hannah\Application Data\SUPERAntiSpyware.com
2007-11-25 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-25 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-25 20:34 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-25 19:39 <DIR> d-------- C:\Program Files\Easy SpyRemover
2007-11-25 19:36 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-15 21:13 --------- d-----w C:\Program Files\FinePixViewer
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Olly\Application Data\CyberLink
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-21 07:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2003-08-27 22:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-07 18:27]
"eyeBeam SIP Client"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2006-08-10 21:23]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 01:41]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 00:44 C:\WINDOWS\RTHDCPL.exe]
"EDS"="C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe" [2006-03-28 20:27]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 21:44]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 20:32 C:\WINDOWS\AGRSMMSG.exe]
"AVStation Premium 3.75"="C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-05-13 00:27]
"MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-18 05:24]
"farstone"="" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 03:24]
"BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 21:05]
"DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 18:18]
"DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-04 02:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 22:20]
"adiras"="adiras.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.ex e" [2001-07-09 10:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-07-22 18:04]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"Easy SpyRemover"="C:\Program Files\Easy SpyRemover\EasySpyRemover.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-04]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-03-19 07:01:32]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-08-18 17:35:13]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Hannah.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
************************************************** ************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 19:43:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-11-26 19:46:59 - machine was rebooted
.
--- E O F ---


I can now access add/remove programs.
Thank you for all your help, site is fantastic!!!!

Do I need to complete anything else??

[evilfantasy]

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

Quote:

File::
C:\Program Files\Easy SpyRemover

Folder::
C:\Program Files\Easy SpyRemover\EasySpyRemover.exe

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

==========

Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

==========

Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version here --> Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.

==========

Next post please add
The new combofix log
Also run a new HijackThis scan and post the log to ensure everything is gone.

[evilfantasy]

After completing the above steps, you will want to finish with uninstalling combofix. It's backups may show up in malware scans and be confusing. Plus it will reset the hidden folderss and flush infected restore points.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

For more free tools see Keeping Yourself Safe On The Web