It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!
* Download and install CCleaner
Do not use it yet.
* Download Nail/Aurora Spyware Fix
Do not use it yet.
* Download ewido security suite here: http://www.ewido.net/en/download/
Install and update it. Don't let it scan yet!!* Reboot into Safe Mode`
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.
Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
* Run Ccleaner and click Run Cleaner (bottom right)
* Still in safe mode; open Ewido Security Suite
Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [xdfxne] c:\windows\system32\zgeokz.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
* Click on Fix Checked when finished and exit HijackThis.
* Reboot your system back to normal mode.
Post a new HijackThis Log
and the Ewido Log
by using Add Reply
If that random file is still there in your processes afterwards, I have other tools to deal with it. But it is really important you perform those previous steps because more is going on on your system.