Download KILLBOX, extract it to your desktop.

Open killbox.exe.

First

Click on Tools>Delete Temp Files

A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then,,

Check on the Button titled "Delete Selected Temp Files"

Exit by clicking the Button titled "Exit(Save Settings)"

Once back into the main killbox program.

Check the following boxes:

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.
Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.

Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes to allow the reboot.

Note: Killbox will let you know if a file does not exist.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot


Post a new HJT log when done

After running killbox rather than a yes option it told me "pending file renameoperationregistrydata has been removed by external process. I have attached my hjt, but the computer didnot reboot when I said to do so, should I re-run killbox and then manually reboot, then do my hjt log?

Attached Files

hijackthis.log (6.6 KB, 2 views)

Yes.Just to be on the safe side run it again and do a manual reboot posting a new HJT after.

here is my new hjt log, I had to use killbox in safemode because my pc wouldn't load properly. on a reboot it would not open explorer.exe, after I manually opened it the desktop would freeze, I could still move my mouse, I just couldn't give the pc any commands. other times I could click to open a program after a reboot, but no programs would open, when I used task manager to reboot the system it would tell me that explorer.exe wasn't responding, and on one occasion in task manager one of the svchost.exe tasks was showing 100% CPU usage.

Thanks again, and again
Swizz

Oh yeah, and constant pop-ups for drive cleaner and pcdoctor

Attached Files

hijackthis.log (6.6 KB, 1 views)

Go into safe mode,search for and delete this folder and these files.....

C:\Program Files\Microsoft Security Adviser
C:\WINDOWS\SYSTEM32\mkagq.dll
C:\WINDOWS\SYSTEM32\ws_3s32.dll
C:\WINDOWS\System32\xpe.dll

Then run HJT and remove these entries from the log

O2 - BHO: (no name) - {335DB538-08BF-4CB6-9E85-002757D58844} - C:\WINDOWS\System32\xjddmwps.dll
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\mkagq.dll
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O20 - Winlogon Notify: mkagq - C:\WINDOWS\SYSTEM32\mkagq.dll
O20 - Winlogon Notify: ws_3s32 - C:\WINDOWS\SYSTEM32\ws_3s32.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Jolcoo32.dll (file missing)
O21 - SSODL: JtWWPczcl - {ECA19705-460B-3DAF-49A9-EC1ABFE6CE54} - C:\WINDOWS\System32\xpe.dll
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\.exe (file missing)


And a new log when done...

here is my hjt log, I was able to delete the main program but the .dll files gave me the error "this file is currently being used by another program" also when I reboot, I am finding that I have to kill and restart explorer.exe several times for it to finally load properly.

Attached Files

hijackthis.log (5.2 KB, 1 views)

Ok.We are making progress.....

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.