3.
Remove bad HijackThis entries
•
Run HijackThis
• Click on the
System Scan Only button
• Put a
check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: DVA Media - {2D97AD74-0CBD-443C-82E7-74093471B3B7} - C:\WINDOWS\temlxopqkxo.dll (file missing)
O2 - BHO: (no name) - {53785057-93C8-46F7-BC52-9590DDB74995} - C:\WINDOWS\system32\byXPIbxY.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {BC80E8C9-AE50-48D7-AA75-445DACF41F36} - C:\WINDOWS\system32\geBusppq.dll (file missing)
O3 - Toolbar: vnbptxlf - {2A800B4E-351C-4230-B792-D73A5EA9CB31} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKCU\..\Run: [emokqvcj] C:\WINDOWS\system32\ylizerqz.exe
O21 - SSODL: AvpCD - {1e465f36-2d1b-4a2c-ad45-c940f5e2933d} - C:\WINDOWS\Installer\{1e465f36-2d1b-4a2c-ad45-c940f5e2933d}\AvpCD.dll (file missing)
• Close all open windows and browsers/email, etc...
• Click on the
"Fix Checked" button
• When completed, close the application.
Download SDFix HERE and save to your desktop
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
* Attach Report.txt back here
Please run SuperAntispyware, missing fro original logs, follow with new scan in HijackThis. Attach all logs and reports.