I'll give that a try but i think i may have removed it and its called ernel32.dll the file seems to be stored in my system folders next to where kernel32.dll should be.
If you want to still see the logs but i knew most of this from before.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.163,93.188.166.194 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85970873-2a37-482c-9a2b-9edf76476164}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.163,93.188.166.194 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\Application Data\6aecb3c2.exe (Trojan.Dropper.Gen) -> No action taken.
C:\Documents and Settings\User\My Documents\64kbmovie(http://www.albinoblacksheep.com).exe (Malware.Packer.Krunchy) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Qrf.exe (Trojan.Dropper.Gen) -> No action taken.
C:\System Volume Information\_restore{12FC219E-10C6-4A08-9A4B-55E8682B8E9B}\RP807\A0188164.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\ernel32.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\179oC7.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\317y3c7s.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\555q5.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\9317mY1cE.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\e79317.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\G3iQ93cE9.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\GM79317m.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\wSKUO7.dll (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\yW7u31i9.dll (Trojan.Dropper.Gen) -> No action taken.
G:\Software\setupxv.exe (Rogue.Installer) -> No action taken.
G:\Documents and Settings\Compaq_Administrator\Software\MAX2010.FIX.INSTINCT\xf-a2010.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\MSWD-6aecb3c2.job (Trojan.DNSChanger) -> No action taken.