Download KillBox http://www.greyknight17.com/spy/KillBox.exe.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
AntiVirus Gold
MySearch
SearchRelevant
WebSpecials
ainlnhh9
Run KillBox and check the box that says
'End Explorer Shell While Killing File'. Next click on
'Delete on Reboot'. For each of the following files below, check the box that says
'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose
NO when it asks if you want to reboot):
C:\Documents and Settings\Darrell Miley\Application Data\onar.exe
C:\Documents and Settings\Darrell Miley\Application Data\Thunderbird\Profiles\default.hbf\Mail\pop.eas t.cox.net\Inbox[~000192.@x@]
C:\Documents and Settings\Darrell Miley\Application Data\Thunderbird\Profiles\default.hbf\Mail\pop.eas t.cox.net\Trash[~000060.@x@]
C:\Program Files\ainlnhh9\ainlnhh9.exe
C:\Program Files\MySearch\bar\2.bin\NPMYSRCH.DLL
C:\Program Files\MySearch\bar\2.bin\S42NS.EXE
C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
C:\Program Files\SearchRelevant\SearchRelevant.dll
C:\Program Files\SearchRelevant\uninstall.exe
C:\Program Files\WebSpecials\uninst.exe
C:\Program Files\WebSpecials\webspec.dll
C:\WINDOWS\system32\14yf08fg.exe
C:\WINDOWS\system32\Cache\InstallAPS.exe
C:\WINDOWS\system32\Cache\thin-8-3-x-x.exe
C:\WINDOWS\system32\hookdump.exe
C:\WINDOWS\system32\jlra.dll
C:\WINDOWS\system32\sysbz32.exe
C:\WINDOWS\system32\xmlparse.dll
C:\WINDOWS\system32\xmltok.dll
C:\WINDOWS\system32\??plorer.exe
Using Windows Explorer, delete the following
Files indicated in
RED and
Folders indicated in
BLUE if they still exist.
C:\Documents and Settings\Darrell Miley\Application Data\
onar.exe
C:\Documents and Settings\Darrell Miley\Application Data\Thunderbird\Profiles\default.hbf\Mail\pop.eas t.cox.net\Inbox
[~000192.@x@]
C:\Documents and Settings\Darrell Miley\Application Data\Thunderbird\Profiles\default.hbf\Mail\pop.eas t.cox.net\Trash
[~000060.@x@]
C:\WINDOWS\system32\
14yf08fg.exe
C:\WINDOWS\system32\Cache\
InstallAPS.exe
C:\WINDOWS\system32\Cache\
thin-8-3-x-x.exe
C:\WINDOWS\system32\
hookdump.exe
C:\WINDOWS\system32\
jlra.dll
C:\WINDOWS\system32\
sysbz32.exe
C:\WINDOWS\system32\
xmlparse.dll
C:\WINDOWS\system32\
xmltok.dll
C:\WINDOWS\system32\[color=Red]??plorer.exe[/COLOR
]--Careful here--those ?? could be any character.
C:\Program Files\
AntiVirus Gold
C:\Program Files\
ainlnhh9
C:\Program Files\
MySearch\bar\2.bin\NPMYSRCH.DLL
C:\Program Files\
SearchRelevant
C:\Program Files\
WebSpecials
Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
Reboot into Normal Mode.
Run another scan with Panda ActiveScan and save the log.
Restart and post a new HijackThis log along with the results from ActiveScan.
__________________
Member of ASAP since 2005
Member of UNITE since 2006
"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."