So this PC is acting progressively worse, severe internet deteroration etc. Adware hadn't seen anything and had not refreshed my anti virus key.

So you start googling on that and download all kind of spy detectors. Spy sweeper told me that the culprit was Trojan Downloader Ruin but it would not kill it for me unless I payed. And I will not now or ever put credit card nrs on the net. No way.

But it told me a lot more:

http://www.webroot.com/php/spysweeper_spydesc.php

So I restarted in the safe mode and jotted down all the 5 letter program names in C:\windows\system32.

I managed to google those and all except one turned out to be legimate. Google had never heard of "dmvll.exe".

So back to the safe mode and I created a isolated folder (not accessable by the system after editing the specific safety features) and transferred that program, just in case it was a mistake.

In Regedit I emtied the entries in HKLM\software\microsoft\windows\currentversion\rui n and...\urls as Sky sweeper indicated that those were entries of the trojan.

Then I installed a fresh virus scanner in the safe mode, did all the reinitiations and now the system seems fine. Things act normal again.

However Spy Sweeper still thinks that the trojan is active. Apparantly it detects HKLM\software\microsoft\windows\currentversion\rui n and...\urls and then decides that the trojan is still there.

Question: Can I safely remove those entire sub registers?: HKLM\software\microsoft\windows\currentversion\rui n and...\urls and would the system be clean again then?

When you flushed your system for the entries in question, did you flush your System Restore cache?

Also, check out the following folder WINDOWS>Prefetch for anything that relates to the problems you're trying to get shot of - in order to work a Trojan needs to be loaded and Prefetch is usually where the buggers set up.

Win-Zip anything suspect you find before deleting anything, this includes registry entries. Back them up and zip 'em - that'll isolate anything from the system.

Once done, turn off System Restore, My Computer> Properties>System Restore. This'll flush everything you've got backed up. Check you're system over, see what it says then.

Personally, I'd recommend using SpyBot Search & Destroy. Partly for the terribly butch sounding name but mostly, not only is it terribly good at finding this shit, it has an application called TeaTimer which, when installed, monitors your registry for all registry changes and notifies you the instant any programme attempts to make a significant registry change.

Plus, it doesn't pull this "Pay us and we'll take care of the problem" shite.

Once done, turf that useless piece of crap you're currently using and use something that actually does its job.

All the best with it,

A ;)

If I am doing the cleaning, I will remove the hard disk from the problemed machine and mount it on a clean machine through something like USB 2.0 to IDE converter. Then do a virus scan on that drive. Spybot and Ad-aware won't do much on trojans. You should avoid running scan on an known inflected system, because some trojans might employ stealth to restore themselves right scanner deleted them.