Welcome to TSF.
Please do not create duplicate threads. Threads merged....
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
** You may change the above options back after your log is clean. If we ask you to fix something that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).
Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:
Kontiki
Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Josh\LOCALS~1\Temp\~DP11.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O21 - SSODL: AvpCheck - {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll
O21 - SSODL: zip - {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):
C:\Program Files\Kontiki\
C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\
C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\
Download KillBox at http://www.greyknight17.com/spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:
C:\Program Files\antiviirus.exe
C:\Program Files\tmp102390.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp151390.exe
C:\Program Files\tmp154890.exe
C:\Program Files\tmp157968.exe
C:\Program Files\tmp160953.exe
C:\Program Files\tmp2682375.exe
C:\Program Files\tmp75437.exe
C:\Program Files\tmp80796.exe
C:\tmp.bat
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\ssprs.dll
Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.
Restart the computer.
Perform an online scan with Internet Explorer at Panda ActiveScan
http://www.pandasoftware.com/products/activescan.htm
* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
Run DSS again and post the log here along with a new HijackThis log.