Ok, sorry for the dealy.

Attached Files

	vundofix.txt (1.2 KB, 2 views)
	hijackthis.log (7.9 KB, 2 views)

Vamp, please launch HijackThis and place a tick by the following entries:
O2 - BHO: (no name) - {96EF248A-EFDB-4CD4-9986-936A584EF74D} - C:\WINDOWS\System32\jkkjg.dll
O20 - Winlogon Notify: jkkiggf - jkkiggf.dll (file missing)
O20 - Winlogon Notify: pmnlkif - pmnlkif.dll (file missing)
O20 - Winlogon Notify: rqrrsrp - rqrrsrp.dll (file missing)
O20 - Winlogon Notify: wingkb32 - wingkb32.dll (file missing)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Upon reboot, please navigate to and delete the following file if it still exists:
C:\WINDOWS\System32\jkkjg.dll


Now rescan with HijackThis and post the new log in your next reply.

Hmm, I just ran a scan and all those items have been removed already...Wierd.

I tried to delete "C:\WINDOWS\System32\jkkjg.dll" but it says it is being used by another program.

Here's the log.

Attached Files

hijackthis.log (7.3 KB, 1 views)

1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger?s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

Avenger Log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\guxytxko

*******************

Script file located at: \??\C:\Program Files\vawxdpoa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\jkkjg.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Attached Files

HJT.txt (8.2 KB, 1 views)

Run HijackThis , select to do a "system scan only" and then place a check beside each of the following:

Now first close all windows and browsers other than HiJackThis , then click fix checked and close HijackThis.

Reboot youre pc , and post a new hjt log please. (by attaching it to a post)

Done.

Attached Files

hijackthis.log (7.6 KB, 3 views)