Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
I see you have disabled some startup entries using MSConfig. This makes it diffcult for us to see all the infections present on your system because they are hidden from Hijackthis.
- Please click Start>Run and type "msconfig".
- On the "General" tab please click "Normal Startup- load all device drivers and services" and click OK.
- Do not restart when prompted.
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
Launch
KillBox.exe & select the following
options:
Select all the filenames below & then right-click & select Copy
- C:\Mendoza1.exe
C:\WINDOWS\system32\2a0c93d9.exe
C:\WINDOWS\mc-110-12-0000488.exe
C:\WINDOWS\srvqxexyef.exe
C:\WINDOWS\system32\dlh9jkdq1.exe
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\WINDOWS\system32\vxgame6.exe3072.exe
C:\WINDOWS\System32ftuninst.exe
C:\WINDOWS\system32\ftuninst.exe
C:\WINDOWS\system32\WINKRNME.DLL
C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe
C:\WINDOWS\System32\0mcamcap.exe
C:\PROGRA~1\COMMON~1\owim\owimm.exe
C:\Documents and Settings\DAWN\Start Menu\Programs\Startup\Zeno.lnk
C:\WINDOWS\system32\pwinqqez.exe
C:\WINDOWS\rkncx.exe
C:\WINDOWS\System32\dxvwgqyt.exe
C:\WINDOWS\System32\mptft.exe
C:\WINDOWS\System32\ssn6tuu.exe
C:\WINDOWS\nsdajwp.exe
C:\WINDOWS\System32\kernels8.exe
C:\windows\system32\ppdsregp.exe
c:\windows\system32\f3PSSavr.scr
C:\WINDOWS\LastGood\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
C:\WINDOWS\REFXTg\lHIrn0.vbs
C:\WINDOWS\srvqxexyef.exe
C:\WINDOWS\mc-110-12-0000488.exe
* Go to the File menu, and choose
Paste from Clipboard
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
Run a new scan with hijackthis and post the log here.