tetonbob

Thanks for the feedback....I've updated my link.

Go to Control Panel>Scheduled Tasks and delete the following task(if necessary, stop the task first:

RUTASK

Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Update your Ewido definitions.

REBOOT into safe mode!

Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gkmfymkk

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{564ca57a-f4b7-483d-a93b-2c79f6f5b0df}

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINNT\lpt$vpn.785
C:\WINNT\svcproc.exe
C:\WINNT\VPTNFILE.785
C:\WINNT\SYSTEM32\datadx.dll
C:\WINNT\SYSTEM32\ddfssfd.dll
C:\WINNT\SYSTEM32\dkeja.dll
C:\WINNT\Tasks\RUTASK.job
C:\WINNT\SYSTEM32\conres.cpl
C:\WINNT\system32\dkeja.dll
C:\WINNT\system32\kdslps.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dcrn.exe
C:\WINNT\SYSTEM32\KDSLPS.EXE
C:\WINNT\SYSTEM32\datadx.dll
C:\DOCUMENTS AND SETTINGS\SLAMBROW\APPLICATION DATA\Sskknwrd.dll
C:\PROGRAM FILES\Aprps

On the reboot...please boot back to safe mode.

Once in safe mode run KILLBOX again and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections if available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

We need to run killbox TWICE as some of these files may survive our first attempt at deletion.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: SDWin32 Class - {1ECEF3D6-3797-4AA4-AC21-D883E44424D5} - C:\WINNT\system32\kutxz.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kdslps.exe reg_run


Now close all windows other than HiJackThis, then click Fix Checked.

Run Ewido again.

* Click [Scanner]
* Click [Complete System Scan] to begin scanning.
* Click [OK] when prompted to clean files
* With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
* Once finished, click the [Save report] button
* Save the report to your desktop

Restart back in Normal Mode and Post a fresh HijackThis log along with another WinPFind.txt log, Track qoo.vbs log and Ewido log!