kpwn1.exe

Yeah those lpt type named files are another symptom of Gromozon. It is strange that it was not found the first time. I would run the tool one more time to see if it comes up clean! Did this file really get deleted? The second scan should tell us!

Can you see this file? It may only show as PXR2.tmp. If you can see it, try deleting it. If you cannot see it try installing and using the below tool and see if you can find it:

ExplorerXP

If so, see if it can delete the file. If not, see if you can delete the whole Temp folder. If the Temp folder does delete, you must create a new Temp folder (right away) so that you still have the below:

C:\Documents and Settings\Administrator\Local Settings\Temp

If the above options do not work to delete the file, we could try a trick from a command prompt window but I need to know how the file name actually appears. If it is just PXR2.tmp in the C:\Documents and Settings\Administrator\Local Settings\Temp folder, you would have to open a command prompt window and change to that folder and then enter the below command

del \\.\PXR2.tmp

There is a space between del and the first \ and then no more spaces! Ignore the underline! The editor here in the forum automatically adds that because it thinks this is a link!


If you still can not delete the file, you may have no rights to do it.

In XP Professional Edition you can right click on it and select Properties. From the Protection Windows you can grant to your user all required rights on that file. If you can't see that option unselect disable simplified sharing from Folder Option.

In XP Home Edition you should see the "Protection" tab from the safe mode. You can also use some tools of Resource Kit such as ntrights.exe, cacls.exe e takeown.exe.


Another possible useful tool which may help with removal of the additonal files isDarkSpy Anti-Rootkit 1.0.5 Test Version . You need a copy of WinRaR (like WinZip) to extract the files.

 

Did you use CCleaner's ability to uninstall the LinkOptimizer? If not, give it a try. When you get it removed, yes flush System Restore and then move on to the below:


How to Protect yourself from malware!

 

I don't blame you! This LinkOptimizer was a real PITA!

Run this Getting Uninstall Programs List From The Registry and attach the log.

 

Okay try the below and let me know the results after a reboot!


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

Yes that's fine! Make sure you work thru the How to protect thread!

I'm happy we got this fixed and that you did not have to goto a PC repair shop and reinstall your OS.

 

You're welcome! I'm happy I could help!