After running through all of my post (as advised by Howard), boot into safe mode.
Uninstall
Ghostsurf whatever that is
Uninstall whatever is left of
PCTools Site Guard
Run HJT on its own and let it "fix":
C:\WINDOWS\System32\??rvices.exe
C:\WINDOWS\System32\winpack.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\
sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: (no name) - {52DC9EC1-35A9-4914-98D9-D568A9854DA2} - C:\WINDOWS\System32\
guguya.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\
SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {6FABEA37-358A-4054-958B-B4EC5E76E2D8} - C:\WINDOWS\System32\
hkef.dll
O2 - BHO: (no name) - {7B7A1CDA-A798-4EF3-B084-921D1EDBDE9B} - C:\WINDOWS\System32\
vijarip.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)
O2 - BHO: (no name) - {ED61CEB4-255E-088C-0646-0805EA03549A} - C:\WINDOWS\System32\
jfarear.dll
O4 - HKCU\..\Run: [C:\WINDOWS\System32\iaiiora.dll] C:\WINDOWS\System32\
iaiiora.dll /c del ÉÂ >nul
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\
winpack.exe
O4 - HKCU\..\Run: [Wqjd] C:\WINDOWS\System32\
??rvices.exe
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\
GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093801768436
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BEEC85B-1385-47CD-B787-91ACF654FC9D}: NameServer = 205.231.144.10,205.231.144.20
Afterwards, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Delete everuthing in: C:\DOCUME~1\Owner\LOCALS~1\Temp