Please Help! I cannot remove WinFavourite Infected File

Hi
I firstly want to say thanks for a great forum

My son recently got the PC majorly infected through accepting a MSN file and I have over the last 24 hours managed to remove all except one item found by following the read me first thread
http://forums.majorgeeks.com/showthread.php?t=35407

I run avg free which detected 7 instances of virus and spyware
Symantec online found 13 instances
and trend had 3
I have managed to remove all except the following one

I have downloaded and run everything as instructed and done the online scans in safe mode.
System restore is disabled already and I have deleted all temp internet files/cookies and java cache
Already run
Trend online scan in both normal and safe mode.
Panda Online scan in both modes.
Symantec in both modes.
Spybot SE in both modes
Ad-aware in both modes
CCleaner, CW Shredder, Kill2Me, About:Buster, HSRemove, in safe

I have run the scans again several times and Nortons online is showing that I still have

C:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites
When I navigate to this it is not there and I do not know where else to look not to get rid of the problem

I have also followed the steps as best I can in the hijack this thread to remove most of the probs myself but this one has me totally stumped.
http://forums.majorgeeks.com/showthread.php?t=38752

Can someone Please help me as I am not sure how to kill it
thanks muchly in advance for any suggestions or help

 

thanks for the reply

I was using the hijack this log to remove the other cases of infection that were still running
This is what one scan showed.
C:\dd.exe is infected with Adware.WinTaskAd
C:\WINDOWS\a95kfrhe.exe is infected with Adware.SAHAgent
C:\WINDOWS\Key2.txt is infected with Adware.BlazeFind
C:\WINDOWS\system32\ap9h4qmo.exe is infected with Adware.SAHAgent
C:\WINDOWS\system32\q17i9a4j.exe is infected with Adware.SAHAgent
C:\WINDOWS\system32\qh4mkbv9.dll is infected with Adware.SAHAgent
C:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites
C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.exe is infected with Adware.SAHAgent
C:\Downloads\NewImage-9.exe is infected with W32.Spybot.Worm
C:\Documents and Settings\Administrator\Local Settings\Temp\cdt_bbi8016.exe is infected with Adware.BargainBuddy
C:\Documents and Settings\Administrator\Local Settings\Temp\DelB.tmp is infected with Adware.180Search
C:\Documents and Settings\Administrator\Local Settings\Temp\omnigate.exe is infected with Adware.Blazefind.B
C:\Documents and Settings\Administrator\Local Settings\Temp\FLEOK\msbb.exe is infected with Adware.180Search

some I cleaned while a couple still ran in the background and hijack this detected them. I then used the analysis this that is posted in the forum and it told me which to delete.
It also has a few in there that it does not know what they are (unknown programs) and tells me to check them
but when I search google, I cannot find info

I have followed the steps above and I am now running the virus scanagain to see if I am finally free of it
fingers crossed

 

Hi
Thanks again

I have run the virus scan again from Symantec and it is clean and same with my avg.

I now have a new problem.
Other than this site, I cannot access any page where I have to enter a password

I cannot get in to my ISP Server to check my mail etc
I am not sure as to what is going wrong and I have removed CCleaner via add remove, reset my internet security back to default and have tried a password from a site I regularly visit after site owner sent me a new password
After checking my temp folders, I find that I am NOT storing/saving ANY cookies at all ????
I have installed everything that is in the read first thread and also Zonealarm Pro Trial version & Spyware blaster.

Can you please check the log which I have attached and advise as to what to do next

thanks in advance

 

I also have Hijack this in it's own folder in my D Drive rather than my C Drive just incase I had to reformat.
I am not sure if this makes a difference

Also the backups are showing 12:22 am but here it is only 9:07 pm and that is the time that the lower right hand clock thing is showing on my PC

 

Ok I have re-installed CCleaner
I uninstalled Spybot and re-installed it as I did not know where to disable the teatimer thing

I ran the hijack this and selected fix on the
O4 - HKLM\..\Run: [ovehqpyr] C:\WINDOWS\ovehqpyr.exe
O4 - Startup: PowerReg Scheduler.exe
Prior to this I removed the files from the trusted internet sites.
Closed all windows and fixed.

I booted in safe mode and then went to C:\WINDOWS to find the oveqpyr.exe but it was not there. Did a search which showed no results so I could not delete the file.

Ran ccleaner and then emptied prefetch folder.

Booted in normal mode and then tried to access mail on isp server and usual web site and couldn't
removed the Zone Alarm and I CAN access them

I have obviously done something majorly wrong with the firewall as it totally blocks cookies (none at all in temp folder) even after allowing first and third party cookies ?????
I don't know how to set it up to let me go where I want but have it stop crap getting in

I have also posted new hijack this log
Can you please check it to see if I am finally clean ?? thank you

also is there a tutorial somewhere for dummies to set up firewall as I followed the steps when I installed it but still got it wrong

thanks ever so much for your help

 

Thanks very much chaslang for your help

I think I would still be struggling with that horrid bridge file if not for you

and thanks for checking the log - glad to know I am finally clean
I had so many nasties at once I did not know where to start in the beginning

I will tough out the Zone Alarm until I get it right

Thank you

ps. the first place I head to if I have any sort of nasty is here to the forums
This site it great
please let the powers that be know I am grateful for such a site.