sUBs

It seems that Panda uncovered another infection from your machine. This particular infection is kinda nasty as it overwrites an important file in Windows. I making a guess that Panda must have removed the file & left your computer w/o this file. This would render IE to be inoperable.

I'm gonna prescribe a fix for this infection. This fix would kill the infection & search your computer for a backup copy of the missing file. If it finds one, it will reinstate that copy into it's proper place.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

You should not have any browsers on while carrying out the Fix. So please save the next instructions in Wordpad as this page would not be available then. I have customed my instructions on the assumption that you have Wordpad 'On'. If you should choose to do otherwise, it may lead to some confusion.

It is also important you don't miss a step and perform everything in the right order!!. .

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Download smitRem.zip

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

When doing the fix, you shall be viewing these instructions from Wordpad.
Copy the filename(s) listed below.
Select/Highlight all the filenames & then click on Wordpad's 'Edit' menu & select 'copy'

• C:\DOCUMENTS AND SETTINGS\DAWN D. SLEZAK\FAVORITES\SITES ABOUT\Ab scissor.url
  C:\DOCUMENTS AND SETTINGS\DAWN D. SLEZAK\APPLICATION DATA\PSGuard.com

Launch KillBox.

1. Go to the [File] menu, and choose [Paste from Clipboard].
   Verify that you've done this properly by clicking the dropdown-arrow next to the [Full Path of File to Delete] field. The filenames you pasted will be found in there.
2. Select/tick the following:
   • "Delete on Reboot"
   • "End Explorer Shell While Killing File"
   • "Unregister.dll Before Deleting" if it's not grayed out.
3. Click the RED X button.
4. Click [Yes] at the 'Delete on Reboot' prompt. Click [Yes] at the Pending Operations prompt.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Reboot to SafeMode

1. Shut Windows down, and then turn off the computer.
2. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
3. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the
   [Windows Advanced Options] menu appears.
4. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :

• Aveo

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files

1. Open Windows Explorer
2. Go to Tools>Folder Options>View tab.
3. enable the option for `Show hidden files and folder´
4. disable the option for `Hide file extensions for known types´
5. disable the option for `Hide protected operating system files´
6. click "Yes" to confirm & then click "OK"

Locate and delete the following folder(s), if present:

• C:\PROGRAM FILES\Aveo

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! with the following configuration:

1. Click Options...
2. Move the arrow down to Custom CleanUp!
3. Put a check next to the following:
   • Empty Recycle Bins
   • Delete Cookies
   • Delete Prefetch files (Windows XP only)
   • [X]Scan local drives for temporary files (Please uncheck this option)
   • Cleanup! All Users
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.

Reboot back into Windows and verify if IE is working properly.

If it's working, post a new HijackThis Log along with the afore mentioned smitfiles.txt

Let us know if there's any problems.