Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(
if there).
Lxrllriq
Close control panel.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
File::
C:\WINDOWS\mrofinu1000272.exe
C:\Documents and Settings\Swornim\keygen.exe
C:\Documents and Settings\Swornim\install.exe
C:\Documents and Settings\Swornim\readme.bat
C:\WINDOWS\system32\mljjh.dll
Folder::
C:\Program Files\Lxrllriq
C:\qoobox
C:\VundoFix Backups
C:\Program Files\naxghyxo
C:\WINDOWS\$hf_mig$
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]
Save this as
CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Regards Howard
This thread is for the use of Jker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.