cant remove winsoftantiviruspro2006 and adult friend finder and blackworm

I did stpes 1 - 6 on your site before posting.. I am running XP home . I removed symantec antivirus which had expired on this computer, my friends, can not remove any more ofsymantec ran a search and found 5 items and they would not remove.
Installed , updated and ran AVG safe mode and regular, found teh clicker.fl and could not clean it.
Installed and updated ewedo wh found Trojan Clicker.Fl and could not clean. said it was in SUn java archive
I also turned off system restore.
Then I started your 6 steps. downlaoded all the programs and booted to safe mode.
installed and ran ccleaner found nothing
Windows maliciious software tool - ran it found nothing.
While I have been trying to navigate and install from these web site I get pop up "Windows has detected youareinfected with the blackworm virus. click here to remove. I x it out and get directed to www. amaena page with winsoft antiviruspro2006 . they want me to run it I X itr out a few times and it goes away for a while. Previously, I also had this downloaded to my desktop without concent on booting it would try to install it and run it. and dragged it to recycle bin and deleted it.
Installed Spybot. could not update in safe mode or run. skipped for now. Later booted to windos normally and it still would not download the updates and would not run without updates. suspect the spyware responsible.
Downloaded windows defender beta2 it would not allow me to install Said OS could not be validated in microsoft. this is a legal copy of XP came on new compaq computer. I suspect this is thespyware also.
Downloaded and ran counterspy which found wild tangent and say was low and to ignore.
Ran CW shredder. I had previously deleted cool web search with Ewido
It found nothing.
Downloaded kill2me and it found and deleted look 2 me.
On the sun java the Ewido and AVG told they could not clean the clicker because it ws in the sun java archive.
None orf the programs are mentioning this clicker.fl now.
Ran hijack this 3 times in normal windows. with MSconfig on then off then on again. It took about a week to boot up with all the start ups in place.
Organic matter turns to soil faster than this computer processes info.
I will attach the HIjack logs 1, 2, and 3.
I ran bit defender and it found nothing.
I ran panda and if found 4 cookies.I I have been cleaning cookies and clearing history regularly in this process.
It found C:|hp\bin\kills.exe which it would not clean so I wnet in and deleted it and deleted it from recycle bin.
So I just rebooted it and it hung up after slow boot when I tried to access the internet with explorer. opened CAD and CIP usage was very low saw virtually no processes runnig. click tabls and CPU was 0% did not respond to anything so I caded it again and go a little cpu usage for this window soshut it down.
Rebooted sloooowwwww was able to get on itnernet to your site. tried spybot and it sitll had same problems got a slide up message similar to what the defender gives in right corner, message most likely from counter spy although it is not telling me what program originates it the massage said allowed shell browser browseui.dll because of your previous actions. I looked everywhere to find it and change it could not. Immediately after this i got a popup from adult friend finder. (sigh) then I ran the 3rd and most recent hijack this. I have everything but Agv, Ewido, and counter spy deselected in MSconfig. Sorry for the long message but I have sooooo many hours on this machine and am no where. I have read all the posts about ADULT FRIEND FINDER AND WINSOFTANTIVIRUSPRO2006 but thought if my log was differentthe solution might be also. I really appreciate any help you can give and admire your smarts in figuring all this out.I promise I will read again the post about interpreting the HJT logs and learn more about it.I have been working ehavily withcomputers for about 6 years but these malwares are getting worse and worse. I hate to give up but aughhhhhhhh> thanks again
Mad Maven

 

Thanks for answering. I thought I posted incorrectly and that was why no one read it. In the meantime I downloaded the vundofix.exe. ran it and rebooted to less than an ice ages wait. I got auto updated for ewedo, and counter spy, ( which hadn't happened before< I then went to spybot and was able to update. previously it stated SPybot error 1000612 Connection refused. After the update I ran it normal and it found the winantiviruspro2006, winfixer, and deleted them. I ran it again in safe mode and it was clean. I was able to update ad aware and ran it and it found some tracking cookies and Mrus so I deleted them. I then updated and ran AVG antivirus and it found nothing. I am browsing without popups for about a half hour and all seems well. I'll run hijack this and if those entries are still there I will delete them as instructed. I gotta get some sleep now I was up real late last night and early this morning. Dont want to make careless erors cause I am beat. Have to work in am but will get backto it tomorrow. thank you sooooo much.
I'm very greatful for the work you do. sorry for over posting the attachments and any un clear info. Really appreciate getting the information on this web site. I have visited quite a few forums and Thank go for all the dedicated people out there helping . Its good to know there are fixers for the destroyers out ther. God bless.
MM

 

All seems well here is attached file from HJT

 

HI I misunderstood HJT entirely. I ws uing 2 computers and installed it correctly on the uninfected one where I was reading the posts. When I went back to hers I got install confusion. I also did not catch the part in your last log about opening the install manager. I missed it entirely. I did not take that as an uninstall and reinstall of HJT. So sorry. I get annoyed sometimes when my instructions aren't followed and I have certainly felt like a bungler here .
I DID UNINSTALL the HJT file O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\OLYNKDEV\WinAntiVirusPro2006Installer[1].exe" -nag
along with the others.
I am surprised to see it there.
Let me ask how critical this is because my friend came over and took her machine back. needs it for school and her kids. I couldn't really stop her, but she really hasn't a clue about all this. I put a link to your web site on her desktop and showed here the tools and how to use them. Gave the lecturea about risky web sites, downloads, and set up a restricted act for her teens. If I need to delete that file I can probably do it over the phone. IS HJT compromised by not being installed according to your directions?
Thanks again. Whew... you sure cover a lot of teritory!

 

I'll call her and have her walk through it and make sure. thanks a million. I sure have a lot more ammunition against malware than when I first found major geeks through google search and started this trek. My machine stays pretty clean because I constantly monitor it but so many people bring me machines just riddled with parasites. it is scary. People dont even have service pack 2 never install updates even when they are delivered automatically, let their antivirus expire, never heard of antispyware or malware for that matter. I have seen all this this week. the one girl stated she had AOL and didnt need her antivirus cause they protected her. Her machine was so bad it was scary. Well, thanks again, I will be back reading the posts and trying to learn as much as I can. thats the fun of it. I am definitely passing this site along to all. You all deserve a Hear, Hear, keep up the good work. God bless!
MM