0

Hi, I'm new to these forums and I really hope someone can help me with my problem. My computer seems to be highly infected, I keep getting popups in my taskbar with badly written warnings of virus that I need to download this and this file to be protected etc. I had a problem with my turn off computer, run and task manager were missing, but I ran AVG in safe mode and spybot s&d and got that fixed, but now my computer seems to run somewhat slow, and there are those popups constantly.

I ran a Hijackthis and here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:49, on 05-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Fælles filer\Logitech\WebColct\webcolct.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/hws/sb/dell-row/da/side.html?channel=dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk/hws/sb/dell-row/da/side.html?channel=dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=dk&l=da&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=dk&l=da&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.dk/hws/sb/dell-row/da/side.html?channel=dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {44899979-6F17-4D8A-890C-39F12EEB01C8} - C:\WINDOWS\system32\ddayw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\auxuwtmu.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - (no file)
O2 - BHO: (no name) - {F35E8489-37D5-4077-BCA3-F1D87217F382} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\auxuwtmu.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ---------"C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] ---------stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] ---------C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] ---------"C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] ---------"C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] ---------"C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] ---------C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] ---------C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LWBMOUSE] ---------C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Resume copy] ---------copyfstq.exe /startup
O4 - HKLM\..\Run: [Dell QuickSet] ---------C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] ---------"C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [] ---------
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] ---------KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [2c6c4f7e] rundll32.exe "C:\WINDOWS\system32\wdkermla.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] ---------"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ---------C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] ---------"C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmer\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmer\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCCC07C-0FBF-4FBE-B755-FD40A778D073}: NameServer = 193.162.153.164,194.239.134.83
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c003B24.dat
O20 - Winlogon Notify: auxuwtmu - C:\WINDOWS\SYSTEM32\auxuwtmu.dll
O21 - SSODL: E404Helper - {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Advanced Networking Service (hnmsvc) - Unknown owner - ---------"C:\Programmer\Dell Network Assistant\hnm_svc.exe" (file missing)
O23 - Service: NICCONFIGSVC - Unknown owner - ---------C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - ---------"C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - ---------"C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe (file missing)

--
End of file - 10633 bytes

I really hope someone is able to help me, I'm kind of oblivious right now on what I have to do.

2
Contributors
3
Replies
4
Views
10 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

Please download this file - combofix.exe by sUBs

  • Save it to your Desktop
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll


  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:


  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.
0

Thank you very much for the quick response Crunchie.

I ran combofix and it definitely seems to have fixed the constant msg's from AVG about having a trojan on my computer, also it fixed my problem about MSN crashing whenever it started, a problem which I had been told was caused by the virus.

Here is my new hijackthis post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20, on 2007-12-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HJTrenamed.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [url]www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {44899979-6F17-4D8A-890C-39F12EEB01C8} - (no file)
O2 - BHO: (no name) - {4E930F3F-69FB-479A-AACD-0866B512D7EB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {71573D66-8062-409C-8F2C-89A33B88A697} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {c81cb02c-54d5-419f-acae-5e52b3367c6a} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - (no file)
O2 - BHO: (no name) - {F35E8489-37D5-4077-BCA3-F1D87217F382} - (no file)
O2 - BHO: (no name) - {FE65489F-CB08-4B95-ABF5-C0DAA4A1E849} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] ---------"C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] ---------stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] ---------C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] ---------"C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] ---------"C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] ---------"C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] ---------C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] ---------C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LWBMOUSE] ---------C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Resume copy] ---------copyfstq.exe /startup
O4 - HKLM\..\Run: [Dell QuickSet] ---------C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] ---------"C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] ---------KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] ---------"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ---------C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] ---------"C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmer\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmer\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCCC07C-0FBF-4FBE-B755-FD40A778D073}: NameServer = 193.162.153.164,194.239.134.83
O21 - SSODL: E404Helper - {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Advanced Networking Service (hnmsvc) - Unknown owner - ---------"C:\Programmer\Dell Network Assistant\hnm_svc.exe" (file missing)
O23 - Service: NICCONFIGSVC - Unknown owner - ---------C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - ---------"C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe (file missing)

--

And here is my Combofix log:

ComboFix 07-12-05.2 - Erik 2007-12-06 11:11:44.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.666 [GMT 1:00]
Running from: C:\Documents and Settings\Erik\skrivebord\ComboFix.exe
Command switches used :: /KillAll
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Erik\Foretrukne\Online Security Guide.lnk
C:\Programmer\F‘lles filer\microsoft shared\web folders\ibm00001.dll
C:\Programmer\F‘lles filer\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\system32\bjnetjrn.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VEIP38.sys
C:\WINDOWS\system32\lsass2.exe
C:\WINDOWS\system32\mdtaogsw.dll
C:\WINDOWS\system32\uwctrsjh.dll
C:\WINDOWS\system32\wsgoatdm.ini
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\WINDOWS\system32\xpdx.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTIO256
-------\LEGACY_NTMLSVC
-------\LEGACY_VEIP38
-------\DomainService
-------\ntio256
-------\NtmlSvc


(((((((((((((((((((((((((   Files Created from 2007-11-06 to 2007-12-06  )))))))))))))))))))))))))))))))
.

2007-12-06 10:40 . 2007-12-06 10:40 <DIR>    d--------   C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-12-06 10:16 . 2007-07-30 19:19 271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2007-12-06 10:16 . 2007-07-30 19:19 207,736 --a------   C:\WINDOWS\system32\muweb.dll
2007-12-06 10:16 . 2007-07-30 19:18 30,072  --a------   C:\WINDOWS\system32\mucltui.dll.mui
2007-12-05 11:43 . 2007-12-05 12:27 <DIR>    d--------   C:\Programmer\Trillian
2007-12-05 11:34 . 2007-12-05 11:34 <DIR>    d--------   C:\Programmer\MSN Messenger
2007-12-05 11:28 .  <DIR>        C:\Programmer\Fælles filer\WindowsLiveInstaller
2007-12-05 11:28 . 2007-12-05 11:28 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-05 11:10 . 2007-12-05 11:10 3,052   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-05 10:52 . 2007-12-05 10:52 <DIR>    d--------   C:\VundoFix Backups
2007-12-05 10:37 . 2007-12-06 10:31 669,292 ---hs----   C:\WINDOWS\system32\almrekdw.ini
2007-12-05 10:20 . 2007-07-06 18:39 401,720 --a------   C:\Programmer\HJTrenamed.exe
2007-12-04 14:00 . 2007-12-04 14:00 29  --a------   C:\WINDOWS\system32\ddafuuqi.tmp
2007-12-04 10:40 . 2007-12-04 10:40 <DIR>    d--------   C:\Documents and Settings\Erik\Application Data\Grisoft
2007-12-04 10:38 . 2007-12-04 10:38 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 10:38 . 2007-05-30 13:10 10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 10:21 . 2007-12-04 14:03 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 10:17 . 2007-12-04 10:17 46,592  --a------   C:\WINDOWS\system32\e404d.dll
2007-12-04 10:17 . 2007-12-04 10:17 2   --a------   C:\745295825
2007-12-04 10:15 . 2007-12-04 10:16 <DIR>    d--------   C:\WINDOWS\Web Download
2007-12-04 10:15 . 2007-12-04 10:15 28,160  --a------   C:\WINDOWS\system32\dxdllreg.exe~
2007-12-04 10:11 . 2007-12-05 12:23 <DIR>    d--------   C:\WINDOWS\SxsCaPendDel
2007-12-04 10:11 . 2007-12-05 11:13 <DIR>    d--------   C:\Documents and Settings\Erik\Tracing
2007-12-04 10:10 . 2007-12-05 11:28 <DIR>    d--------   C:\Programmer\Windows Live
2007-12-04 10:08 . 2007-12-04 10:08 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-04 10:08 . 2007-12-04 10:37 <DIR>    d--------   C:\Documents and Settings\Erik\Application Data\AVG7
2007-12-04 10:08 . 2007-12-04 10:37 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg7
2007-11-14 12:55 . 2007-11-14 12:55 <DIR>    d--------   C:\Programmer\Hasbro
2007-11-14 12:54 . 2007-11-14 12:55 <DIR>    d--------   C:\Programmer\DAEMON Tools
2007-11-14 12:42 . 2007-11-14 12:42 <DIR>    dr-h-----   C:\Documents and Settings\Erik\Application Data\SecuROM
2007-11-06 21:21 . 2007-11-06 21:21 <DIR>    d--------   C:\Programmer\Flagship Studios
2007-11-06 21:21 . 2007-05-16 16:45 3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-11-06 21:21 . 2007-05-16 16:45 1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-06 21:21 . 2007-05-16 16:45 443,752 --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-11-06 10:54 . 2007-11-06 10:54 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
2007-11-06 09:24 . 2007-11-13 09:28 <DIR>    d--------   C:\Programmer\WMR11

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 09:41    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-05 11:19    ---------   d-----w C:\Documents and Settings\Erik\Application Data\Azureus
2007-12-05 09:43    10,635  ----a-w C:\Programmer\hijackthis.log
2007-11-20 12:18    ---------   d-----w C:\Programmer\Java
2007-11-14 11:53    685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-12 10:09    ---------   d-----w C:\Programmer\Ricochet Infinity
2007-11-08 09:04    ---------   d-----w C:\Programmer\Winamp
2007-11-06 09:46    ---------   d-----w C:\Programmer\Jewel Quest 2
2007-11-02 12:16    ---------   d-----w C:\Documents and Settings\Erik\Application Data\iWin
2007-11-02 12:16    ---------   d-----w C:\Documents and Settings\All Users\Application Data\03-9q-n7-26-3p-56
2007-11-02 12:15    ---------   d-----w C:\Programmer\GameHouse
2007-11-02 11:34    ---------   d-----w C:\Programmer\Oxford
2007-11-02 11:34    ---------   d-----w C:\Documents and Settings\Erik\Application Data\oald7
2007-11-02 10:57    ---------   d-----w C:\Programmer\Azureus
2007-11-01 11:59    ---------   d-----w C:\Programmer\Bubble Shooter Premium Edition
2007-11-01 11:59    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Absolutist
1999-03-24 20:44    50,971  -c--a-w C:\Programmer\BUBBLE.PRG
2006-09-19 19:16    88  --sh--r C:\WINDOWS\system32\0BDCD9831E.sys
2006-09-19 19:16    3,766   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44899979-6F17-4D8A-890C-39F12EEB01C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E930F3F-69FB-479A-AACD-0866B512D7EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71573D66-8062-409C-8F2C-89A33B88A697}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c81cb02c-54d5-419f-acae-5e52b3367c6a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F35E8489-37D5-4077-BCA3-F1D87217F382}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE65489F-CB08-4B95-ABF5-C0DAA4A1E849}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="---------C:\Programmer\Messenger\msmsgs.exe" []
"ctfmon.exe"="---------C:\WINDOWS\system32\ctfmon.exe" []
"DAEMON Tools"="---------C:\Programmer\DAEMON Tools\daemon.exe" []
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="---------C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" []
"SigmatelSysTrayApp"="---------stsystra.exe" []
"SynTPEnh"="---------C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" []
"ATICCC"="---------C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" []
"IntelZeroConfig"="---------C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" []
"IntelWireless"="---------C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" []
"DMXLauncher"="---------C:\Programmer\Dell\Media Experience\DMXLauncher.exe" []
"dla"="---------C:\WINDOWS\system32\dla\tfswctrl.exe" []
"ISUSPM Startup"="---------C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="---------C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"LWBMOUSE"="---------C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE" []
"Resume copy"="---------copyfstq.exe" []
"Dell QuickSet"="---------C:\Programmer\Dell\QuickSet\quickset.exe" []
"Logitech Hardware Abstraction Layer"="---------C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE" []
"Kernel and Hardware Abstraction Layer"="---------KHALMNPR.EXE" []
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-19 20:32:11]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-06-13 14:25:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
            C:\Programmer\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
            C:\Programmer\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
            C:\Programmer\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29    49152   ---------   C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
            C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
            C:\Programmer\NetLimiter\NetLimiter.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
            C:\Programmer\Eset\nod32kui.exe /WAITSERVICE

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7e98eba-4809-11db-b0c4-0013024f44a4}]
\Shell\AutoRun\command - F:\MonopolyPBInstall.exe

*Newly Created Service* - USNJSVC 
.

Edited by mike_2000_17: Fixed formatting

0

Can you please do the following.

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\ddafuuqi.tmp
C:\WINDOWS\system32\almrekdw.ini
C:\WINDOWS\system32\e404d.dll

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done :).
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {44899979-6F17-4D8A-890C-39F12EEB01C8} - (no file)
O2 - BHO: (no name) - {4E930F3F-69FB-479A-AACD-0866B512D7EB} - (no file)
O2 - BHO: (no name) - {71573D66-8062-409C-8F2C-89A33B88A697} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {c81cb02c-54d5-419f-acae-5e52b3367c6a} - (no file)
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - (no file)
O2 - BHO: (no name) - {F35E8489-37D5-4077-BCA3-F1D87217F382} - (no file)
O2 - BHO: (no name) - {FE65489F-CB08-4B95-ABF5-C0DAA4A1E849} - (no file)

O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?

O21 - SSODL: E404Helper - {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Please download VundoFix.exe
to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.