Ok, couple things.

First, uninstall 'Save' or 'WhenUSave', and 'Network Monitor' from the Add/Remove Programs list.

Then, fix the following with HJT:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O21 - SSODL: ECCEBHCG - {2D3033ED-1E8A-1569-3317-1FDD6211340E} - C:\WINDOWS\System32\Dakgiood.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Then, reboot into safe mode and delete the following folders:

C:\Program Files\Save
C:\Program Files\Network Monitor

Now, Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "delete on reboot" and put a check in the "unregister dll�.

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\Dakgiood.dll

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Now, follow this by tp://www.ewido.net/en/download/]Ewido Security Suite[/url].

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
  
  -=-=-=-=-=-=-==-==-=-= End here to download but not scan -=-=-=-=-=-=-==-==-=-=
  
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Post back here with an Ewido log, and a new HJT log.

Thanks.