Lets start now by rescanning once again with hijack, then insert a check next to each of the following items:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\system32\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [G3] C:\WINDOWS\system32\GSMedia3.exe
O4 - HKLM\..\Run: [mjdxlb] c:\windows\system32\qlwgfpf.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [co29RRj4S] occser.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZN
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} -
http://www.180searchassistant.com/180saax.cab
Then close down and open internet explorer windows then click "fix checked"
Reboot into safe mode
http://www.spyware911.net/forum/index.php?...age&pg=safemode
Show hidden files and folders
http://www.spyware911.net/forum/index.php?...ge&pg=showfiles
Then open windows explorer ( start/ programs/accessories)
Search for the following then right click and delete:
C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\cfgmgr51.dll
C:\WINDOWS\system32\GSMedia3.exe
c:\windows\system32\qlwgfpf.exe
C:\Program Files\AWS
When completed reboot, rescan again with hijack and post the fresh log here please.