Hi kmac182,
Gotta love that AVG Anti-Spyware--it tool out the bulk for us. Let's go get the rest of it now.
Please copy this page to
Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
***************************************************
Download KillBox http://www.greyknight17.com/spy/KillBox.exe. (it's important that you get version v2.0.0.175)
-----------------------------------
Please reboot your computer in
Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5)
Login with your usual account. Make sure to close any open browsers.
-----------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\ujkwikjq.dll
O2 - BHO: (no name) - {B76DC9C6-8E5C-4626-ADFD-6BAF9C592D40} - C:\WINDOWS\Config\svsva.dll
O20 - Winlogon Notify: svsva - C:\WINDOWS\Config\svsva.dll
Click
'Fix Checked' and close HijackThis.
-----------------------------------
Launch KillBox.exe & select the following options:
Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:
C:\WINDOWS\system32\ujkwikjq.dll
C:\WINDOWS\Config\svsva.dll
C:\WINDOWS\system32\bbwhxclh.exe
C:\WINDOWS\system32\btanamwt.exe
C:\WINDOWS\system32\fmadnhbo.exe
C:\WINDOWS\system32\fwehymsw.exe
C:\WINDOWS\system32\gowtiskk.exe
C:\WINDOWS\system32\grpuuwmv.exe
C:\WINDOWS\system32\hjpopuet.dll
C:\WINDOWS\system32\ibtvuavg.exe
C:\WINDOWS\system32\idhsgfvs.exe
C:\WINDOWS\system32\knxhetvn.exe
C:\WINDOWS\system32\ldrdfjnd.exe
C:\WINDOWS\system32\oxkuvpqq.dll
C:\WINDOWS\system32\pycvgaed.exe
C:\WINDOWS\system32\sidriopw.exe
C:\WINDOWS\system32\twgmqmyi.dll
C:\WINDOWS\system32\ujgtqyai.exe
C:\WINDOWS\system32\verpbdqy.dll
C:\WINDOWS\system32\vnlcqvpm.dll
C:\WINDOWS\system32\woptkjdj.exe
Within Killbox, go to the
File menu, and choose
Paste from Clipboard
*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there
Select/tick the following:
*
Delete on Reboot
*
End Explorer Shell While Killing File
*
Unregister.dll Before Deleting" if it's not grayed out.
Click the
RED X button.
Click
Yes at the
'Delete on Reboot' prompt. Click
YES at the
Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run [b]missingfilesetup.exe[/color]. Then try Killbox again.
----------------------------------
From Normal Mode, run
another online scan at Panda and save the results.
----------------------------------
Run another scan with kmac.exe and save the log.
----------------------------------
Please include the following in your next reply:
Panda results
New HijackThis log (kmac.exe)
Update on how your system is behaving.
__________________
Member of ASAP since 2005
Member of UNITE since 2006
"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."