I have tried a few things and it comes back. It's a lot better now it had hijacked my browser w/ a link to antivirus. My spybot has it on immune now.
My spybot keeps finding the aldd, rdfa and aoprndtws in registry.

I delete the 3 reg's and they come back. It was 13 at first. Even tried safe mode.

Ran ccleaner. found a few
Ran Dr. web found a few

Am attaching a hijack this log. I put my faith in your ability.

am also sending smitfraud log.

Attached Files

	Hijack this log.txt (6.1 KB, 2 views)
	rapport.txt (3.4 KB, 0 views)

OK followed instructions of yours to the T. after doing so made a new hijack log.
AVG only found the 2 cookies.

SAS found something listed as unknown at .HKEY_USERS\S-1-5-21-1202660629-1547161642-839522115-1003
and 2 adware cookies

Aldd and rdfa and other still there.

Forgot to mention the attack was a toolbar for ie7 and my cookies block in control panel kept reverting to add all cookies and they could read already put here. Now high block status stays in place. After reboot.

Attached Files

Hijack this log.txt (6.9 KB, 0 views)

OK been doing my own work so far. I'm down to just the aldd coming back.
Looks like i'm on the right track. Am posting new log.

Wait...maybe. Does anyone know if virtumonde is part of a torrent programs?
That hku seems to be part of that area. That may be the unknown entry.

One more note punkbuster may be the thing. This is a anti cheat program for games online.
I'm down to a few possibles now. I have gone through what i can figure. the others are assoc. w/ language and so on w/ legit programs like office 11.

Any help.............Thanks.

Attached Files

hijck log.txt (6.6 KB, 0 views)

A small oddity. I ran killbox trying to get rid of this last item...it can't see it as if it's not there.

HKEY_USERS\S-1-5-21-1202660629-1547161642-839522115-1003\Software\Microsoft\aldd

Is this due to spybot having it on immune?

BTW computer working great now even though nobody here helped yet..... i thought i should post my attempts to maybe help others.

SPYBOT is an awesome program it blocks all reg changes unless i approve them. It'll my my spyware forever.
Too bad i didnt use it b4 this.

OK...am all clean now. I used a program call..... DR. Web !
I shut down all programs my avast,spybot, everything ...make sure you check toolbar below right for autoloading programs and close them and off of internet. Scan with Dr. Web. It found the last item and killed it....WoooHooooooo.

I reset my system restore and updated spybot and update immunize.