I thought you said you`d already followed the instructions in the Trojan Pakes thread. If that`s the case, why aren`t you running any antivirus or firewall software? Also, you have not posted an AVG Antispyware log as I requested.
Do The following.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Perfect Codec
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
gdnFR2339.exe
Close task manager.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {006B5443-E2C1-4855-8DF6-A1DD1BDC2588} - (no file)
O2 - BHO: (no name) - {230FCC99-1422-B8A0-57C6-0755281AB5BE} - (no file)
O2 - BHO: (no name) - {52E330A3-31DD-910C-7006-0441F3212C3E} - (no file)
O2 - BHO: (no name) - {B34B6CAB-3C8C-4FC8-B4D0-4026EBA6328B} - (no file)
O3 - Toolbar: Protection Bar - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - C:\Program Files\Perfect Codec\iesplugin.dll (file missing)
O16 - DPF: {3CB5FA37-0602-4E70-33BD-34C84053DDEA} -
http://85.255.113.214/1/gdnFR2339.exe
O16 - DPF: {62B6584F-0C13-4E70-A56B-33266071A70B} -
http://85.255.113.214/1/gdnFR2339.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: winlogon.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(if there).
C:\Program Files\
Perfect Codec<Delete the entire folder.
Reboot your computer.
Go
HERE, download, install and run antivirus and firewall programmes.
Post fresh HJT and
AVG ANTISPYWARE logs, only after doing the above.
Regards Howard
This thread is for the use of zander7526 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.