What I wrote above is mainly for adware and other trojans. Viruses are harder to squash. It's also good to virus scan with other brands from time to time. I think pandascan offers a free online scan, but google usually gives good hits on that. Avgfree does detect some trojans.
Thanks for all the help guys! Really appreciate it. Unfortunately I still haven't been able to fix this crap. I've rebooted in safe mode and run Ad-Aware and done a system restore to two different times in safe mode, first to Sept. 5 and, when that didn't have any discernable effect on my computer whatsoever, I did another system restore to July 29. Again, this did not appear to change anything whatsoever on my computer, as the new Rockets wallpaper I downloaded yesterday as well as programs such as Ad-Aware and LimeWire that I downloaded AFTER Sept. 5 remained on my computer unchanged. I also used the instructions in this thread to run system restores in "normal" mode and again, absolutely nothing happened. Needless to say, I'm pretty discouraged, but I'm still fightin' this. Any more suggestions? I'll try downloading some of the other filters mentioned in this thread.
I should also mention that whenever I shut down my laptop, my computer asks if it should shut down the program "rundll32.exe" Could this program be related to my problem? If so, what should I do about it?
Run Spybot Search and Destroy as well. Also, download a program called hijackthis and put up a post of the log it generates.
unfortunatly programs like adware suck and will not entirely eliminate crap... try this. 1) download this file http://www.trendmicro.com/ftp/products/online-tools/tmas-web-scan.exe 2) reboot run in safe mode (F9) 3) run this program 4) reboot If this does not do the trick (which it should) go to start, run, type "msconfig" go to the startup and services tabs and disable anything that looks suspect.
I ran Spybot. No dice. I'll try tmas-web-scan now. Does anyone know why my attempts at system restore didn't seem to work?
Because all system restore does, is rollback and revert to old copies of your system files and registry keys. If a seperate, non-windows utility is causing the popups then system restore is worthless. Post a copy of a hijackthis log on here. Hijackthis is a program that lists all the stuff the runs in your background including dlls and other crazy stuff that might be causing this.
Here we go: Logfile of HijackThis v1.99.1 Scan saved at 8:39:51 PM, on 9/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\c2V0dXA\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\kybrdff_17.exe C:\dfndrff_16.exe C:\WINDOWS\win320891-4015488.exe C:\WINDOWS\Duce6.exe C:\WINDOWS\thiselt.exe C:\windows\system32\ojdsregq.exe C:\WINDOWS\system32\nwinkpex.exe C:\WINDOWS\sys0201548891-4.exe C:\WINDOWS\sys031548891-40.exe C:\WINDOWS\ms0548891-4015.exe C:\WINDOWS\sys01401548891-.exe C:\WINDOWS\sgzejycA.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\ms068891-40154.exe C:\Program Files\Common Files\{E810D9A5-095A-1033-0902-030218200001}\Update.exe C:\Program Files\PSCloner\PSCloner.exe C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\setup\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xauto.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iucxygj.exe O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_17.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe O4 - HKLM\..\Run: [win320891-4015488] C:\WINDOWS\win320891-4015488.exe O4 - HKLM\..\Run: [ghihnx] C:\WINDOWS\system32\hpepoa.exe reg_run O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe O4 - HKLM\..\Run: [{0D-D9-9A-A5-ZN}] C:\windows\system32\ojdsregq.exe GEN001 O4 - HKLM\..\Run: [cal1fda0] RUNDLL32.EXE w59d66e6.dll,n 0041fd9c0000000259d66e6 O4 - HKLM\..\Run: [dal1fda1] RUNDLL32.EXE w59d3c9d.dll,n 0041fd9d0000000359d3c9d O4 - HKLM\..\Run: [sys10-401548891] C:\WINDOWS\sys10-401548891.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinkpex.exe GEN001 O4 - HKLM\..\Run: [w59ed64d.dll] RUNDLL32.EXE w59ed64d.dll,I2 0041fd9d059ed64d O4 - HKLM\..\Run: [sys0201548891-4] C:\WINDOWS\sys0201548891-4.exe O4 - HKLM\..\Run: [sys031548891-40] C:\WINDOWS\sys031548891-40.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poqpkw.exe reg_run O4 - HKLM\..\Run: [ms0548891-4015] C:\WINDOWS\ms0548891-4015.exe O4 - HKLM\..\Run: [sys01401548891-] C:\WINDOWS\sys01401548891-.exe O4 - HKLM\..\Run: [sgzejycA] C:\WINDOWS\sgzejycA.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ms068891-40154] C:\WINDOWS\ms068891-40154.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [zqfk] C:\PROGRA~1\COMMON~1\zqfk\zqfkm.exe O4 - HKCU\..\Run: [deoip] C:\WINDOWS\system32\hpepoa.exe reg_run O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe" O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe" O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe" O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinkpex.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab O20 - AppInit_DLLs: repairs303169590.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\l66olgj316o.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\c2V0dXA\command.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
you've got a lot of crap that's messing with your computer.. here's what i see that is bad C:\kybrdff_17.exe C:\dfndrff_16.exe C:\WINDOWS\Duce6.exe C:\WINDOWS\thiselt.exe winlog.exe EDIT: This dll file also looks fishy and appears to be a winlogon hook which can really **** up your computer... l66olgj316o.dll Deleting it may not solve it though, since a lot of winlogons recreate themselves on shutdown. But go into safe mode and try deleting it anyway. Post a new hijackthis log on here and we can see if it went away. There might be more. I don't recognize a lot of the stuff on there so there could plenty more. But I believe duce6 and thiselt are causing the popups. You seem to have a lot of other spyware and viruses that are running the background. Delete the stuff above in safe mode. Make sure you do it in safe mode. Also, go through add/remove programs in the control panel and delete any extraneous crap you aren't using. See if that fixes it. If it doesn't, create another hijackthis log and post it.
I deleted those files in safe mode. Still with the ****ING popups. Here's a new log. Thanks for holding my hand, gee! Logfile of HijackThis v1.99.1 Scan saved at 9:59:53 PM, on 9/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\win320891-4015488.exe C:\windows\system32\ojdsregq.exe C:\WINDOWS\system32\nwinkpex.exe C:\WINDOWS\sys0201548891-4.exe C:\WINDOWS\sys031548891-40.exe C:\WINDOWS\ms0548891-4015.exe C:\WINDOWS\sys01401548891-.exe C:\WINDOWS\sgzejycA.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\ms068891-40154.exe C:\Program Files\Common Files\{E810D9A5-095A-1033-0902-030218200001}\Update.exe C:\Program Files\PSCloner\PSCloner.exe C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe C:\WINDOWS\Duce6.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\setup\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\xauto.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iucxygj.exe O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_17.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe O4 - HKLM\..\Run: [win320891-4015488] C:\WINDOWS\win320891-4015488.exe O4 - HKLM\..\Run: [ghihnx] C:\WINDOWS\system32\hpepoa.exe reg_run O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe O4 - HKLM\..\Run: [{0D-D9-9A-A5-ZN}] C:\windows\system32\ojdsregq.exe GEN001 O4 - HKLM\..\Run: [cal1fda0] RUNDLL32.EXE w59d66e6.dll,n 0041fd9c0000000259d66e6 O4 - HKLM\..\Run: [dal1fda1] RUNDLL32.EXE w59d3c9d.dll,n 0041fd9d0000000359d3c9d O4 - HKLM\..\Run: [sys10-401548891] C:\WINDOWS\sys10-401548891.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinkpex.exe GEN001 O4 - HKLM\..\Run: [w59ed64d.dll] RUNDLL32.EXE w59ed64d.dll,I2 0041fd9d059ed64d O4 - HKLM\..\Run: [sys0201548891-4] C:\WINDOWS\sys0201548891-4.exe O4 - HKLM\..\Run: [sys031548891-40] C:\WINDOWS\sys031548891-40.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\poqpkw.exe reg_run O4 - HKLM\..\Run: [ms0548891-4015] C:\WINDOWS\ms0548891-4015.exe O4 - HKLM\..\Run: [sys01401548891-] C:\WINDOWS\sys01401548891-.exe O4 - HKLM\..\Run: [sgzejycA] C:\WINDOWS\sgzejycA.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ms068891-40154] C:\WINDOWS\ms068891-40154.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [zqfk] C:\PROGRA~1\COMMON~1\zqfk\zqfkm.exe O4 - HKCU\..\Run: [deoip] C:\WINDOWS\system32\hpepoa.exe reg_run O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe" O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe" O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe" O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinkpex.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab O20 - AppInit_DLLs: repairs303169590.dll O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\enlsl1371.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I'll be honest with you.. you have tons of crap on there. And there's probably more that isn't showing up on hijackthis. These are all dll files and subtle exe's that no antivirus or spyware program will pickup and you would need someone familiar with hijackthis and these types of programs to weed it out. I could do it, but it's virtually impossible to do online. I'm almost tempted to say that you should backup whatever is important to you and reformat because it looks really ugly. If it would be easy for you to do that, I would really recommend it.
Gahhh dammit!! All I wanted to do was watch the first season of "The Wire!" Okay, well, thanks for the help, bud.
Have you updated your adware and virus scanners? I'd check out the programs that are in your C:\ or windows directory. O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe O4 - HKLM\..\Run: [sys0201548891-4] C:\WINDOWS\sys0201548891-4.exe O4 - HKLM\..\Run: [sys031548891-40] C:\WINDOWS\sys031548891-40.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe C:\WINDOWS\ms068891-40154.exe C:\WINDOWS\sgzejycA.exe I might've missed some. Checking out means running the programs and seeing what happens. Keep note of the ones that do nothing or have popups. Run MSconfig again and click the startup tab. Uncheck all the files that Hijack This says is running in the C:/ or windows directory. Reboot and run MSconfig again. If new lines are made in startup, they're probably the trojan and it means there are trojans you missed that weren't turned off. I wouldn't delete them unless you're 100% sure they're viruses/adware. This guy seems to be the cause. O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe Google the unfamiliar names. First 3 links should tell you if they're trouble or not. http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=thiselt http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=Duce6 O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_17.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe These files should be nabbed with a common scanner. Once you turned off all the adware in startup (and reboot). Run a new scan with an updated scanner.
What is the 'rundll' Before I reformatted my computer I used to get a message telling me that rundll was not responding..
Yea make sure you are unchecking files on hijack this AND deleting them. I didn't notice surfsidekick but that is always trouble. Invisible Fan is probably right on that one. You have a lot of strange executables that are running as per the hijackthis log so even if you solve the adware problem, you should do another substantive cleanup after you fix this initial issue. As for your rundll issue, that's a windows system file that probably got corrupted or deleted somehow and windows kept searching for it but couldn't find it.
