I need help with a Winshow virus please.

My girlfriend called me and told me her computer got infected with this virus and can't do anything. She downloaded HJT but can't install it. She's having problems getting internet pages to load. She ran Ad-Aware and it came up with some tracking cookies, and got rid of them, but nothing else came up. It's preventing her from opening websites with Quick Launch. It's preventing Windows from opening. RegEdit won't open unless in safe mode. AVG won't get rid of the virus no matter what option she chooses. She gets numerous errors from housecall (TrendMicro), it wouldn't install updates properly. She's about to just start deleting items in her registry that say "browser helper objects". Any advice?

I tried walking her through the steps in the site below, but nothing on that site was on her computer. She gets lots of pop-ups advertising various things (kind of like 'only the best' i had a while back).

http://www.securemost.com/articles/trou_3_remove_winshow.htm

She has a:
Gateway M350WVN
WinXP Personal Edition
AVG Free Edition
Ad-AwareSE
Spybot S&D

All spyware removal tools were updated today.

I'll relay all information to her as soon as I get it and post what happens until she can come here herself. Thank you in advance.

If there's anything I left out that you need to know, I'll be on here all night, so it won't take long for me to get the info and post it.
http://www.securemost.com/articles/trou_3_remove_winshow.htm

 

She's telling me that she can't download anything with the internet. A message pops up saying "Your current security settings do not allow you to download this file". She has never had this problem before until the virus. She has also tried using Leech Get downloading assistant, and it won't download it either. It freezes up. The virus keeps killing her net connection so she can't get anything. She is on dial-up.

Any other suggestions? Should she just continue throught the steps with what she has, i.e. Ad-Aware and Spybot?

 

Okay, nevermind for now. She finally got it to download and install after a lot of fussing and cussing. So, we're back on track for now hopefully. Once she's done with those, I'll post where she's at.

 

She couldn't run either of the online scans just as yesterday. Her internet keeps her from loading almost everything. She got to the symantec scan page, but it told her she couldn't scan because of her ActiveX control settings. She tried to change them, but her box was greyed out, it wouldn't let her change anything.

The only way she's been able to see what processes are running is through MSInfo32. She can see dees.exe on there and we looked it up and saw that it's bad. She's trying to delete it.

Is there any other way she can kill processes that are running without using cntl+alt+del?

 

I forgot to mention in the last post, she had to run HJT in safe mode. She couldn't get it to run at all in normal mode.

 

She decided to reformat instead. I'm sorry for the inconvenience and I appreciate your help.

 

Well that last post makes it look like I just chose to ignore the advice, Stritheor.
After I got off work I didn't check my email (which was the only way I could get your instructions, Chaslang, because whenever I would connect I couldn't navigate to any websites, and I didn't want anymore inconvenience with all the popups and problems with my connection.)
If I had known about this post beforehand I wouldn't have ignored it, I would have tried it for sure, but I decided to reformat because I am so pressed for time and I desperately needed my computer to get some work done.
I am posting now not only to thank you Chaslang for all your time and effort, which is GREATLY appreciated, but to clear up a couple of things for anyone else who might be affected by this virus.

First, I did go back and install HJT into another permanent directory, only I hadn't posted an updated log file for you to look at after I had received that advice. The fact that I got it to run in normal mode once was a fluke, and it didn't run again that way, only in safe mode later. I had the 2 IE windows open in part because I forgot they needed to be closed, but also because I couldn't manually open any windows, so I was afraid to close any for fear I wouldn't be able to navigate to websites to download these programs (which I couldn't anyway because of the virus eating up my connection.)

On to the other stuff, you asked:

Yes, it's a valid program that I use to change my desktop wallpapers. I had it running from a temp file because I ran it off one of my backup disks instead of installing it properly.

Yes, it is valid, it is what I set my start page to myself.

Lol, this is apparently the only piece of advice I had managed to follow (remember, Stritheor was walking me through this on the phone and by this time was delirious from all the stress from this stupid thing, so I obviously overlooked some things.)

As for the rest, I hope your advice on what to remove can help someone else. I hated to reformat but at the time it seemed the only solution to get things back in working order to get everything done by a deadline.
Thank you so much for your time.