Looks much better.Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: (no name) - {067D372B-8468-40AE-92B2-00DC51B879CD} - (no file)
O2 - BHO: (no name) - {32E0AE4F-6780-1C54-AB3B-6CE34DE5FAC3} - (no file)
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {5142FE17-20E6-4121-A925-A4C6385CDDAA} - (no file)
O2 - BHO: (no name) - {60B4AA15-3287-4F0B-F03B-6CE34DE5FBC1} - (no file)
O2 - BHO: (no name) - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B7DFBF8C-D57A-4BE5-9389-BBB872336A7B} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: 0 - {D1876F5A-8501-40C1-6582-6990823F6048} - (no file)
O20 - Winlogon Notify: jkkjjhf - jkkjjhf.dll (file missing)
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
Exit Hijack This but remain in safe mode.
While still in safe mode navigate to and delete these folders if found:
C:\qoobox
C:\Program Files\Ofb11 (delete if you don't know what this is)
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
reboot into normal mode.
Post the AVG Antispyware report.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjjhf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpdc32]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post a new Vundofix log, a new combofix log and a new Hijack This log.
