Help with virus, please.

Hi and welcome to Daniweb forums :).

Please download this file - combofix.exe by sUBs

• Save it to your Desktop
• Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
• Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
  
  

  "%userprofile%\desktop\ComboFix.exe" /KillAll

  
  

• Click OK and this will start ComboFix.
• When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

• 
  
• ComboFix.txt
• Fresh HijackThis log run after all the other tools have performed their cleanup.

Thank you very much for the quick response Crunchie.

I ran combofix and it definitely seems to have fixed the constant msg's from AVG about having a trojan on my computer, also it fixed my problem about MSN crashing whenever it started, a problem which I had been told was caused by the virus.

Here is my new hijackthis post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20, on 2007-12-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HJTrenamed.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [url]www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4060911[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {44899979-6F17-4D8A-890C-39F12EEB01C8} - (no file)
O2 - BHO: (no name) - {4E930F3F-69FB-479A-AACD-0866B512D7EB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {71573D66-8062-409C-8F2C-89A33B88A697} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {c81cb02c-54d5-419f-acae-5e52b3367c6a} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - (no file)
O2 - BHO: (no name) - {F35E8489-37D5-4077-BCA3-F1D87217F382} - (no file)
O2 - BHO: (no name) - {FE65489F-CB08-4B95-ABF5-C0DAA4A1E849} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] ---------"C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] ---------stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] ---------C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] ---------"C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] ---------"C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] ---------"C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] ---------C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] ---------C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] ---------"C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LWBMOUSE] ---------C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Resume copy] ---------copyfstq.exe /startup
O4 - HKLM\..\Run: [Dell QuickSet] ---------C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] ---------"C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] ---------KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] ---------"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ---------C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] ---------"C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmer\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmer\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmer\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCCC07C-0FBF-4FBE-B755-FD40A778D073}: NameServer = 193.162.153.164,194.239.134.83
O21 - SSODL: E404Helper - {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: Advanced Networking Service (hnmsvc) - Unknown owner - ---------"C:\Programmer\Dell Network Assistant\hnm_svc.exe" (file missing)
O23 - Service: NICCONFIGSVC - Unknown owner - ---------C:\Programmer\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - ---------"C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - ---------C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe (file missing)

--

And here is my Combofix log:

ComboFix 07-12-05.2 - Erik 2007-12-06 11:11:44.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.666 [GMT 1:00]
Running from: C:\Documents and Settings\Erik\skrivebord\ComboFix.exe
Command switches used :: /KillAll
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Erik\Foretrukne\Online Security Guide.lnk
C:\Programmer\F‘lles filer\microsoft shared\web folders\ibm00001.dll
C:\Programmer\F‘lles filer\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\system32\bjnetjrn.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\VEIP38.sys
C:\WINDOWS\system32\lsass2.exe
C:\WINDOWS\system32\mdtaogsw.dll
C:\WINDOWS\system32\uwctrsjh.dll
C:\WINDOWS\system32\wsgoatdm.ini
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\WINDOWS\system32\xpdx.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTIO256
-------\LEGACY_NTMLSVC
-------\LEGACY_VEIP38
-------\DomainService
-------\ntio256
-------\NtmlSvc


(((((((((((((((((((((((((   Files Created from 2007-11-06 to 2007-12-06  )))))))))))))))))))))))))))))))
.

2007-12-06 10:40 . 2007-12-06 10:40 <DIR>    d--------   C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-12-06 10:16 . 2007-07-30 19:19 271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2007-12-06 10:16 . 2007-07-30 19:19 207,736 --a------   C:\WINDOWS\system32\muweb.dll
2007-12-06 10:16 . 2007-07-30 19:18 30,072  --a------   C:\WINDOWS\system32\mucltui.dll.mui
2007-12-05 11:43 . 2007-12-05 12:27 <DIR>    d--------   C:\Programmer\Trillian
2007-12-05 11:34 . 2007-12-05 11:34 <DIR>    d--------   C:\Programmer\MSN Messenger
2007-12-05 11:28 .  <DIR>        C:\Programmer\Fælles filer\WindowsLiveInstaller
2007-12-05 11:28 . 2007-12-05 11:28 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-05 11:10 . 2007-12-05 11:10 3,052   --a------   C:\WINDOWS\system32\tmp.reg
2007-12-05 10:52 . 2007-12-05 10:52 <DIR>    d--------   C:\VundoFix Backups
2007-12-05 10:37 . 2007-12-06 10:31 669,292 ---hs----   C:\WINDOWS\system32\almrekdw.ini
2007-12-05 10:20 . 2007-07-06 18:39 401,720 --a------   C:\Programmer\HJTrenamed.exe
2007-12-04 14:00 . 2007-12-04 14:00 29  --a------   C:\WINDOWS\system32\ddafuuqi.tmp
2007-12-04 10:40 . 2007-12-04 10:40 <DIR>    d--------   C:\Documents and Settings\Erik\Application Data\Grisoft
2007-12-04 10:38 . 2007-12-04 10:38 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 10:38 . 2007-05-30 13:10 10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 10:21 . 2007-12-04 14:03 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 10:17 . 2007-12-04 10:17 46,592  --a------   C:\WINDOWS\system32\e404d.dll
2007-12-04 10:17 . 2007-12-04 10:17 2   --a------   C:\745295825
2007-12-04 10:15 . 2007-12-04 10:16 <DIR>    d--------   C:\WINDOWS\Web Download
2007-12-04 10:15 . 2007-12-04 10:15 28,160  --a------   C:\WINDOWS\system32\dxdllreg.exe~
2007-12-04 10:11 . 2007-12-05 12:23 <DIR>    d--------   C:\WINDOWS\SxsCaPendDel
2007-12-04 10:11 . 2007-12-05 11:13 <DIR>    d--------   C:\Documents and Settings\Erik\Tracing
2007-12-04 10:10 . 2007-12-05 11:28 <DIR>    d--------   C:\Programmer\Windows Live
2007-12-04 10:08 . 2007-12-04 10:08 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-04 10:08 . 2007-12-04 10:37 <DIR>    d--------   C:\Documents and Settings\Erik\Application Data\AVG7
2007-12-04 10:08 . 2007-12-04 10:37 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\avg7
2007-11-14 12:55 . 2007-11-14 12:55 <DIR>    d--------   C:\Programmer\Hasbro
2007-11-14 12:54 . 2007-11-14 12:55 <DIR>    d--------   C:\Programmer\DAEMON Tools
2007-11-14 12:42 . 2007-11-14 12:42 <DIR>    dr-h-----   C:\Documents and Settings\Erik\Application Data\SecuROM
2007-11-06 21:21 . 2007-11-06 21:21 <DIR>    d--------   C:\Programmer\Flagship Studios
2007-11-06 21:21 . 2007-05-16 16:45 3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-11-06 21:21 . 2007-05-16 16:45 1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-06 21:21 . 2007-05-16 16:45 443,752 --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-11-06 10:54 . 2007-11-06 10:54 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
2007-11-06 09:24 . 2007-11-13 09:28 <DIR>    d--------   C:\Programmer\WMR11

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 09:41    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-05 11:19    ---------   d-----w C:\Documents and Settings\Erik\Application Data\Azureus
2007-12-05 09:43    10,635  ----a-w C:\Programmer\hijackthis.log
2007-11-20 12:18    ---------   d-----w C:\Programmer\Java
2007-11-14 11:53    685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-12 10:09    ---------   d-----w C:\Programmer\Ricochet Infinity
2007-11-08 09:04    ---------   d-----w C:\Programmer\Winamp
2007-11-06 09:46    ---------   d-----w C:\Programmer\Jewel Quest 2
2007-11-02 12:16    ---------   d-----w C:\Documents and Settings\Erik\Application Data\iWin
2007-11-02 12:16    ---------   d-----w C:\Documents and Settings\All Users\Application Data\03-9q-n7-26-3p-56
2007-11-02 12:15    ---------   d-----w C:\Programmer\GameHouse
2007-11-02 11:34    ---------   d-----w C:\Programmer\Oxford
2007-11-02 11:34    ---------   d-----w C:\Documents and Settings\Erik\Application Data\oald7
2007-11-02 10:57    ---------   d-----w C:\Programmer\Azureus
2007-11-01 11:59    ---------   d-----w C:\Programmer\Bubble Shooter Premium Edition
2007-11-01 11:59    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Absolutist
1999-03-24 20:44    50,971  -c--a-w C:\Programmer\BUBBLE.PRG
2006-09-19 19:16    88  --sh--r C:\WINDOWS\system32\0BDCD9831E.sys
2006-09-19 19:16    3,766   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44899979-6F17-4D8A-890C-39F12EEB01C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E930F3F-69FB-479A-AACD-0866B512D7EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71573D66-8062-409C-8F2C-89A33B88A697}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c81cb02c-54d5-419f-acae-5e52b3367c6a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E271F4E9-D46E-4C7A-8608-AFDD4A87E582}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F35E8489-37D5-4077-BCA3-F1D87217F382}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE65489F-CB08-4B95-ABF5-C0DAA4A1E849}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="---------C:\Programmer\Messenger\msmsgs.exe" []
"ctfmon.exe"="---------C:\WINDOWS\system32\ctfmon.exe" []
"DAEMON Tools"="---------C:\Programmer\DAEMON Tools\daemon.exe" []
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="---------C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" []
"SigmatelSysTrayApp"="---------stsystra.exe" []
"SynTPEnh"="---------C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" []
"ATICCC"="---------C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" []
"IntelZeroConfig"="---------C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" []
"IntelWireless"="---------C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" []
"DMXLauncher"="---------C:\Programmer\Dell\Media Experience\DMXLauncher.exe" []
"dla"="---------C:\WINDOWS\system32\dla\tfswctrl.exe" []
"ISUSPM Startup"="---------C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="---------C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"LWBMOUSE"="---------C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE" []
"Resume copy"="---------copyfstq.exe" []
"Dell QuickSet"="---------C:\Programmer\Dell\QuickSet\quickset.exe" []
"Logitech Hardware Abstraction Layer"="---------C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE" []
"Kernel and Hardware Abstraction Layer"="---------KHALMNPR.EXE" []
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-19 20:32:11]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-06-13 14:25:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
            C:\Programmer\DAEMON Tools\daemon.exe -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
            C:\Programmer\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
            C:\Programmer\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29    49152   ---------   C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
            C:\Programmer\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
            C:\Programmer\NetLimiter\NetLimiter.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
            C:\Programmer\Eset\nod32kui.exe /WAITSERVICE

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7e98eba-4809-11db-b0c4-0013024f44a4}]
\Shell\AutoRun\command - F:\MonopolyPBInstall.exe

*Newly Created Service* - USNJSVC 
.

Can you please do the following.

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\ddafuuqi.tmp
C:\WINDOWS\system32\almrekdw.ini
C:\WINDOWS\system32\e404d.dll

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done :).
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: (no name) - {44899979-6F17-4D8A-890C-39F12EEB01C8} - (no file)
O2 - BHO: (no name) - {4E930F3F-69FB-479A-AACD-0866B512D7EB} - (no file)
O2 - BHO: (no name) - {71573D66-8062-409C-8F2C-89A33B88A697} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {c81cb02c-54d5-419f-acae-5e52b3367c6a} - (no file)
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - (no file)
O2 - BHO: (no name) - {F35E8489-37D5-4077-BCA3-F1D87217F382} - (no file)
O2 - BHO: (no name) - {FE65489F-CB08-4B95-ABF5-C0DAA4A1E849} - (no file)

O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?

O21 - SSODL: E404Helper - {aae60006-7f03-4565-8be8-6fda4c35ca6e} - e404d.dll (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.