Boot into safe mode. See how HERE.
http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE.
http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type
regsvr32 /u C:\Program Files\Intel\medonuga.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
POlNT32.EXE
taskdir.exe
keyboard16.exe
mousepad16.exe
newname16.exe
susp.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: clsemixer.MyBHO - {898827FA-0AE9-4F7A-ADD9-1E7CE37CF4B0} - C:\WINDOWS\system32\clsemixer.dll (file missing)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard16.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad16.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname16.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [POlNTER] POlNT32.EXE
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107963243203
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
http://www.azebar.com/install/1.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files(if there).
C:\WINDOWS\system32\
taskdir.exe
C:\WINDOWS\system32\
susp.exe
C:\windows\
newname16.exe
C:\windows\
mousepad16.exe
C:\windows\
keyboard16.exe
C:\Program Files\Intel\
medonuga.dll
POlNT32.EXE You will need to search your computer for this file. Probably it is in the Windows or system or system32. folders.
Reboot into normal mode and turn system restore back on.
Regards Howard