Ok, here we go with round 2.
Please copy this page to
Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It is
IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
***************************************************
Download KillBox. (it's important that you get version v2.0.0.175)
------------
Download the attached
glaze.zip file to your desktop. Do not run it just yet.
-------------------------------------
Close any open browsers.
-------------------------------------
Double click on the glaze.zip folder, then double click on the
.reg file within. Click
yes to allow it to merge into your registry.
-------------------------------------
Launch KillBox.exe & select the following options:
Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:
C:\WINDOWS\system32\xuaiaqri.exe
C:\WINDOWS\system32\zrozspsd.exe
C:\WINDOWS\system32\bltjlhci.exe
C:\WINDOWS\system32\ilfxsymw.exe
C:\WINDOWS\system32\srybqetk.exe
C:\WINDOWS\system32\server.exe
C:\Documents and Settings\Administrator\Desktop\unused\BSINSTALL(2).exe
Go to the
File menu, and choose
Paste from Clipboard
*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there
Select/tick the following:
*
Delete on Reboot
*
End Explorer Shell While Killing File
Click the
RED X button.
Click
Yes at the
'Delete on Reboot' prompt. Click
No at the
Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run [b]missingfilesetup.exe[/color]. Then try Killbox again.
-----------------------------------
Using My Computer, navigate to and delete the following
Folders if they still exist.
C:\Program Files\DaemonTools_WhenUSaveNow_Installer
C:\Program Files\Save
c:\program files\zango
-----------------------------------
Clear Mozilla Firefox cookies:
Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear
-----------------------------------
Clear Internet Explorer Cookies: (you do not need to be connected to the internet to perform this)
Launch Internet Explorer>Tools>Internet Options>Delete Cookies
-----------------------------------
Click
Start then
Run then
copy/paste the entire text below into the Run box then click
OK
"%userprofile%\desktop\combofix.exe" /v jkhfd macoejhg lhnjsrk uhvjsul fusxnywh
When finished, it shall produce a log for you. We'll need that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
-----------------------------------
After the reboot, run another online scan at Panda and save the report.
-----------------------------------
Run another scan with glaze.exe and save the log.
-----------------------------------
Please include the following in your next reply:
ComboFix.txt
Panda results
New HijackThis log (glaze.exe)
How is your system behaving now?
__________________
Member of ASAP since 2005
Member of UNITE since 2006
"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."