Check this out .
http://securityresponse.symantec.com...coreflood.html
Also it being a trojan horse and not a virus try the full working trial of trojan hunter .
http://www.trojanhunter.com/

Here's another way to get into Safe Mode:
Close all open programs.
Click Start, and then click Run; the Run dialog box will appear.
Type msconfig and then click OK.
The System Configuration Utility will appear.
Click on the BOOT.INI tab.
Check the "/SAFEBOOT" option, and then click OK.
You then see the prompt to restart the computer, click Restart.
The computer will then restart in Safe Mode.
Another box will open asking if you want to run in Safe Mode; click Yes.

OK, Im gonna try the Trojan Hunter.

msconfig doesn't work in W2000, its not implemented.

No it isn't but it can be .
http://www.perfectdrivers.com/howto/msconfig.html

Thanks, I downloaded msconfig, and booted in safe mode, and I removed the pesky .dll file. I also scanned with spybot, adaware and Trojan Hunter and removed everything they found.
Is there anything else I can remove?

Logfile of HijackThis v1.98.2
Scan saved at 14:03:48, on 02.10.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Programfiler\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programfiler\Navnt\POPROXY.EXE
C:\Programfiler\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programfiler\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\WINNT\system32\ctfmon.exe
C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Programfiler\Navnt\NAVAPW32.EXE
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kvinesdalsparebank.no/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: gcdexrfd - {0450EACE-ED6A-B9C6-A288-FEDCE78D21DE} - C:\WINNT\system32\gcdexrfd.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1044,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programfiler\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programfiler\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programfiler\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [TaskTray] C:\Programfiler\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programfiler\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programfiler\Navnt\NAVAPW32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programfiler\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programfiler\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programfiler\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programfiler\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programfiler\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programfiler\ICQ\ICQ.exe
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A23AE9-C2FD-4902-8DC0-7B3B3903CF5E}: NameServer = 130.67.60.68 193.213.112.4
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

Sorry about the msconfig thing, I didn't notice you were using Win2K.

Close all windows, scan with HJT, and have it fix the following entries:
O2 - BHO: gcdexrfd - {0450EACE-ED6A-B9C6-A288-FEDCE78D21DE} - C:\WINNT\system32\gcdexrfd.dll (file missing)
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

Reboot into Safe Mode, go to C:\Program Files, and delete the folder WindUpdates.

Reboot normally, close all windows, scan with HJT, and post a new log.

To help prevent reinfection, get SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
and keep it updated!

Thanks! :cheesy: I'm sorry, but I'm not at the same computer now, and I'm not home so I dont know when I can post a new log. Thanks again for all the help, you guys are great :mrgreen: