Help me and here is my hijack log

**Mohi212** · 6th Sep 2008

hi . My computer is definitely infect by trojan, malware or spyware . whenever I open my computer, a balloon pops up from the taskbar saying that my computer is infected and suddenly all these ads pop up and keep on opening new ones . and i believe theses processes that i see in the task manager are respnsible

something like lssmon.exe , lssmgr.exe (may not exactly be the same) cuz when i close them the balloon disappears .

anyways, here is my hijack log, so Plz help me out .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:14 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
E:\ALL THE SOFTWARES\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG:system.ini: Shell=explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program

Files\DAP\DAPBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet

Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Layersecurity Servicemonitor] D:\WINDOWS\system32\LSSMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

/NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

/NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download

Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download

Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download

Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -

D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program

Files\Ares\chatServer.exe
O23 - Service: avast! Antivirus avast!SamSs (avast!SamSs) - Unknown owner -

D:\WINDOWS\system32\dllcaches.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - D:\Program Files\Sunbelt

Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4603 bytes

**evilfantasy** · 6th Sep 2008

Hello Mohi212. Welcome to CJ.

Disable Counterspy so it does not block the fixes we make.

Right click the tray icon and turn off Counterspy.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Layersecurity Servicemonitor] D:\WINDOWS\system32\LSSMON.EXE
O23 - Service: avast! Antivirus avast!SamSs (avast!SamSs) - Unknown owner - D:\WINDOWS\system32\dllcaches.exe

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code:

@ECHO OFF
sc stop avast!SamSs
sc delete avast!SamSs
exit

In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy the text in the Code box below and paste it into Notepad.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Layersecurity Servicemonitor"=-

In Notepad go to File > Save as...

Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the Desktop.

There should now be a file on the Desktop that looks like this

Double-click fixme.reg it and allow it to merge with the Registry.

You may not see anything happen but give it a few seconds or so to finish.

Now delete the fixme.reg file from the Desktop.

Restart the Computer.

----------

Now run a new HijackThis scan and post the log.

Important: When the log from HijackThis comes up in Notepad, before copying it, go to Format and click Word Wrap. Then copy and paste the log here.

**Mohi212** · 6th Sep 2008

hey thanks for your help . but when i restarted the pc, the pop up are still opening and that balloon saying spyware detected . click here to install anti-virus is still appearing

Anyways, here is the hijack log after the restart .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:35 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\wscntfy.exe
E:\ALL THE SOFTWARES\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG:system.ini: Shell=explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Layersecurity Servicemonitor] D:\WINDOWS\system32\LSSMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4384 bytes

**evilfantasy** · 6th Sep 2008

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

**Mohi212** · 6th Sep 2008

this result is of full scan . when i did the the quick scan it detect the an adware which i removed .

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/7/2008 2:21:54 AM
mbam-log-2008-09-07 (02-21-54).txt

Scan type: Full Scan (D:\|)
Objects scanned: 92811
Time elapsed: 38 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**evilfantasy** · 6th Sep 2008

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

**Mohi212** · 7th Sep 2008

here is the combo fix log . When after restarting, it was making the log, the those pop-ups and balloon appeared again .

here it is .

ComboFix 08-09-05.02 - Burhan 2008-09-07 13:40:43.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 5:00]Running from: D:\Documents and Settings\Burhan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Burhan\Cookies\burhan@ad.yieldmanager[1].txt
D:\Documents and Settings\Burhan\Cookies\burhan@antispywaremaster[2].txt
D:\Documents and Settings\Burhan\Local Settings\Temporary Internet Files\descript.ion
D:\setup.exe
D:\WINDOWS\system32\autorun.ini
D:\WINDOWS\system32\avpo0.dll
D:\WINDOWS\system32\SCVHSOT.exe
D:\WINDOWS\system32\setting.ini
D:\WINDOWS\system32\spool.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CSNETMANAGERXP
-------\Legacy_SYSREST.SYS

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-07 13:47 . 2008-09-07 13:47 <DIR> d--hs---- D:\FOUND.145
2008-09-06 13:10 . 2008-09-06 13:10 <DIR> d-------- D:\Program Files\XoftSpySE
2008-09-06 00:19 . 2008-09-06 00:19 <DIR> d--hs---- D:\FOUND.144
2008-09-05 23:07 . 2008-09-05 23:37 741,376 --a------ D:\WINDOWS\system32\msupd32.exe
2008-09-05 22:29 . 2008-09-05 23:37 741,376 --a------ D:\WINDOWS\system32\LSSMON.EXE
2008-09-05 22:29 . 2008-09-04 17:49 17,920 --a------ D:\WINDOWS\system32\LSASSMGR.EXE
2008-09-05 17:04 . 2008-09-05 22:41 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-09-05 17:04 . 2008-09-05 17:04 1,409 --a------ D:\WINDOWS\QTFont.for
2008-09-05 15:15 . 2008-09-07 13:48 0 --a------ D:\WINDOWS\system32\bsc32.dll
2008-09-05 15:14 . 2008-09-05 15:14 <DIR> d--hs---- D:\FOUND.143
2008-09-05 13:25 . 2008-09-05 13:25 <DIR> d--hs---- D:\FOUND.142
2008-09-05 00:39 . 2008-09-05 00:39 <DIR> d--hs---- D:\FOUND.141
2008-09-04 18:19 . 2008-09-04 18:19 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-04 17:49 . 2008-09-05 23:37 741,376 --a------ D:\WINDOWS\divx32.dll
2008-09-04 17:49 . 2008-09-04 17:49 17,920 --a------ D:\WINDOWS\system32\srtsrv32.exe
2008-09-04 17:48 . 2008-09-05 12:40 741,376 --a------ D:\WINDOWS\system32\upd01.exe
2008-09-04 17:45 . 2008-09-04 17:45 <DIR> d--hs---- D:\FOUND.140
2008-09-04 07:11 . 2008-09-04 07:11 <DIR> d-------- D:\Documents and Settings\Burhan\Application Data\Yahoo!
2008-09-03 12:21 . 2008-09-03 12:21 <DIR> d--hs---- D:\FOUND.139
2008-09-01 20:51 . 2008-09-01 20:51 <DIR> d--hs---- D:\FOUND.138
2008-08-31 13:53 . 2008-08-31 13:53 <DIR> d--hs---- D:\FOUND.137
2008-08-28 23:04 . 2008-08-28 23:04 <DIR> d--hs---- D:\FOUND.136
2008-08-27 08:13 . 2008-08-27 08:13 <DIR> d--hs---- D:\FOUND.135
2008-08-27 00:54 . 2008-08-27 00:54 4,096 --a------ D:\WINDOWS\d3dx.dat
2008-08-26 10:33 . 2008-08-26 10:33 <DIR> d--hs---- D:\FOUND.134
2008-08-26 02:27 . 2008-08-26 02:27 <DIR> d--hs---- D:\FOUND.133
2008-08-26 01:07 . 2008-08-26 01:07 <DIR> d--hs---- D:\FOUND.132
2008-08-26 00:15 . 2008-08-26 00:15 <DIR> d--hs---- D:\FOUND.131
2008-08-25 23:13 . 2008-08-25 23:13 <DIR> d-------- D:\Program Files\Microsoft Encarta
2008-08-25 18:41 . 2008-08-25 18:41 <DIR> d--hs---- D:\FOUND.130
2008-08-25 17:09 . 2008-08-25 17:09 <DIR> d--hs---- D:\FOUND.129
2008-08-25 08:14 . 2008-08-25 08:14 <DIR> d--hs---- D:\FOUND.128
2008-08-25 06:09 . 2008-08-25 06:09 23,552 --a------ D:\Documents and Settings\Burhan\S87ekhV.exe
2008-08-25 06:00 . 2008-08-25 06:00 <DIR> d--hs---- D:\FOUND.127
2008-08-25 05:36 . 2008-08-25 05:36 <DIR> d--hs---- D:\FOUND.126
2008-08-24 23:36 . 2008-08-24 23:36 <DIR> d--hs---- D:\FOUND.125
2008-08-24 03:11 . 2008-08-24 03:11 <DIR> d--hs---- D:\FOUND.124
2008-08-23 12:06 . 2008-08-23 12:06 <DIR> d--hs---- D:\FOUND.123
2008-08-23 10:55 . 2008-08-23 10:55 <DIR> d--hs---- D:\FOUND.122
2008-08-23 08:38 . 2008-08-23 08:38 <DIR> d--hs---- D:\FOUND.121
2008-08-23 01:49 . 2008-08-23 01:49 <DIR> d--hs---- D:\FOUND.120
2008-08-22 18:20 . 2008-08-22 18:20 <DIR> d--hs---- D:\FOUND.119
2008-08-20 21:05 . 2008-08-20 21:05 <DIR> d-------- D:\spoolerlogs
2008-08-19 22:32 . 2008-08-19 22:32 <DIR> d--hs---- D:\FOUND.118
2008-08-19 22:12 . 2008-08-19 22:12 <DIR> d--hs---- D:\FOUND.117
2008-08-19 16:13 . 2008-08-19 16:13 <DIR> d--hs---- D:\FOUND.116
2008-08-18 03:50 . 2008-08-18 03:51 108 --a------ D:\Documents and Settings\Burhan\Application Data\netstat.bat
2008-08-17 09:54 . 2008-08-17 09:54 <DIR> d--hs---- D:\FOUND.115
2008-08-13 02:42 . 2008-08-13 02:42 <DIR> d--hs---- D:\FOUND.114
2008-08-12 16:17 . 2008-08-12 16:17 <DIR> d--hs---- D:\FOUND.113
2008-08-11 13:37 . 2008-09-05 22:31 0 --a------ D:\WINDOWS\system32\sc02.sc
2008-08-11 13:33 . 2008-08-11 13:33 <DIR> d--hs---- D:\FOUND.112
2008-08-11 10:55 . 2008-08-11 10:55 857,037 --a------ D:\WINDOWS\system32\CSRLT.EXE
2008-08-11 10:55 . 2008-08-11 10:55 857,037 --a------ D:\WINDOWS\MSBLT.EXE
2008-08-09 02:36 . 2008-08-09 02:36 <DIR> d--hs---- D:\FOUND.111
2008-08-08 21:17 . 2008-08-08 21:17 <DIR> d--hs---- D:\FOUND.110
2008-08-08 16:54 . 2008-08-08 16:54 <DIR> d--hs---- D:\FOUND.109
2008-08-08 02:35 . 2008-08-08 02:35 <DIR> d-------- D:\Documents and Settings\Burhan\Application Data\GlarySoft
2008-08-08 02:20 . 2008-08-08 02:20 <DIR> d-------- D:\Program Files\Glary Registry Repair
2008-08-08 00:18 . 2008-08-08 00:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 20:27 . 2008-08-07 20:27 <DIR> d-------- D:\Program Files\Internet Download Manager
2008-08-07 20:27 . 2008-08-07 20:27 <DIR> d-------- D:\Documents and Settings\Burhan\Application Data\IDM
2008-08-07 14:01 . 2008-08-07 14:01 <DIR> d--hs---- D:\FOUND.108
2008-08-07 01:26 . 2008-08-07 01:26 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-01 19:16 38,528 ----a-w D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 19:16 17,200 ----a-w D:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 22:08 109,150 ----a-w D:\WINDOWS\system32\drivers\b88b9e8e.sys
2008-08-04 16:05 --------- d-----w D:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 16:05 --------- d-----w D:\Documents and Settings\Burhan\Application Data\Malwarebytes
2008-08-04 16:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 16:24 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-07-30 16:24 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-07-29 22:43 --------- d-----w D:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-29 22:42 --------- d-----w D:\Program Files\Common Files\ACD Systems
2008-07-29 22:42 --------- d-----w D:\Program Files\ACD Systems
2008-07-21 16:50 --------- d-----w D:\Documents and Settings\Burhan\Application Data\uTorrent
2008-07-21 11:05 --------- d-----w D:\Program Files\uTorrent
2008-07-19 19:28 --------- d-----w D:\Documents and Settings\Burhan\Application Data\DMCache
2008-07-19 10:00 --------- d-----w D:\Program Files\Common Files\L&H
2008-07-17 13:32 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-17 01:11 --------- d-----w D:\Program Files\Ares
2008-07-16 23:15 --------- d-----w D:\Program Files\AdVantage
2008-07-09 22:08 41,984 --sh--r D:\WINDOWS\system32\dllcaches.exe
2008-06-27 21:05 33,576 ----a-w D:\Documents and Settings\Burhan\Application Data\GDIPFONTCACHEV1.DAT
2008-06-22 15:33 7,680 ----a-w D:\WINDOWS\system32\ff_vfw.dll
2008-06-22 15:33 60,273 ----a-w D:\WINDOWS\system32\pthreadGC2.dll
.

------- Sigcheck -------

2004-08-03 21:14 359040 1745b00fc1141404b28f4b94f69a8871 D:\WINDOWS\system32\drivers\tcpip.sys
2004-08-03 21:14 359040 1745b00fc1141404b28f4b94f69a8871 D:\WINDOWS\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"googletalk"="D:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"Layersecurity Servicemonitor"="D:\WINDOWS\system32\LSSMON.EXE" [2008-09-05 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firefox.exe]
"Debugger"=D:\Program Files\Mozilla Firefox\firefoxe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=D:\Program Files\Internet Explorer\iexplor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe]
"Debugger"=D:\WINDOWS\system32\spool.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\AIM\\aim.exe"=
"D:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\NetMeeting\\conf.exe"=
"D:\\Program Files\\Opera\\Opera.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

R2 dmsmbios;dmsmbios;D:\WINDOWS\system32\dmsmbios.sys [2001-05-31 16480]
R3 XIRLINK;IBM PC Camera;D:\WINDOWS\system32\DRIVERS\C-itnt.sys [1999-10-19 435655]
S0 SBHR;SBHR;D:\WINDOWS\system32\drivers\sbhr.sys [ ]
S1 b88b9e8e;b88b9e8e;D:\WINDOWS\system32\drivers\b88b 9e8e.sys [2008-08-05 109150]
S3 AvFlt;Antivirus Filter Driver;D:\WINDOWS\system32\drivers\av5flt.sys [ ]
S3 SBRE;SBRE;D:\WINDOWS\system32\drivers\SBREdrv.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7bd71c60-e76a-11dc-a790-00065b298742}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9dd929e0-69d0-11dd-a9b5-00065b298742}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{def7f600-a9a1-11dc-a733-00065b298742}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Burhan\Application Data\Mozilla\Firefox\Profiles\419o3i2e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - D:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations (Beta) -------
.
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 13:48:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

D:\Program Files\Internet Explorer\iexplor.exe [492] 0xFF7A8620
D:\WINDOWS\system32\LSASSMGR.EXE [1872] 0xFF832D60
D:\WINDOWS\system32\LSASSMGR.EXE [524] 0xFF8FD600

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
.
************************************************** ************************
.
Completion time: 2008-09-07 13:52:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 08:51:54

Pre-Run: 253,583,360 bytes free
Post-Run: 537,141,248 bytes free

216

here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:52 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\taskmgr.exe
E:\ALL THE SOFTWARES\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Layersecurity Servicemonitor] D:\WINDOWS\system32\LSSMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4350 bytes

**evilfantasy** · 7th Sep 2008

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

File::
D:\FOUND.145
D:\FOUND.144
D:\WINDOWS\system32\msupd32.exe
D:\WINDOWS\system32\LSSMON.EXE
D:\WINDOWS\system32\LSASSMGR.EXE
D:\WINDOWS\system32\bsc32.dll
D:\FOUND.143
D:\FOUND.142
D:\FOUND.141
D:\WINDOWS\system32\srtsrv32.exe
D:\WINDOWS\system32\upd01.exe
D:\FOUND.140D:\FOUND.139
D:\FOUND.138
D:\FOUND.137
D:\FOUND.136
D:\FOUND.135
D:\FOUND.134
D:\FOUND.133
D:\FOUND.132
D:\FOUND.131
D:\FOUND.130
D:\FOUND.129
D:\FOUND.128
D:\Documents and Settings\Burhan\S87ekhV.exe
D:\FOUND.127
D:\FOUND.126
D:\FOUND.125
D:\FOUND.124
D:\FOUND.123
D:\FOUND.122
D:\FOUND.121
D:\FOUND.120
D:\FOUND.119
D:\spoolerlogs
D:\FOUND.118
D:\FOUND.117
D:\FOUND.116
D:\Documents and Settings\Burhan\Application Data\netstat.bat
D:\FOUND.115
D:\FOUND.114
D:\FOUND.113
D:\WINDOWS\system32\sc02.sc
D:\FOUND.112
D:\WINDOWS\system32\CSRLT.EXE
D:\WINDOWS\MSBLT.EXE
D:\FOUND.111
D:\FOUND.110
D:\FOUND.109
D:\FOUND.108
D:\Program Files\Internet Explorer\iexplor.exe
D:\WINDOWS\system32\LSASSMGR.EXE
D:\WINDOWS\system32\LSASSMGR.EXE

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Layersecurity Servicemonitor"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd71c60-e76a-11dc-a790-00065b298742}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd929e0-69d0-11dd-a9b5-00065b298742}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def7f600-a9a1-11dc-a733-00065b298742}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

**Mohi212** · 8th Sep 2008

I am sorry man but the Combofix result file was 725 kb so wasnt able to paste it over here and so had to upload it in .zip . hope thats okay .

**evilfantasy** · 8th Sep 2008

Download OTMoveIt2 by OldTimer

Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

Code:

[kill explorer]
D:\FOUND.145
D:\FOUND.144
D:\FOUND.143
D:\FOUND.142
D:\FOUND.141
D:\FOUND.140
D:\FOUND.139
D:\FOUND.138
D:\FOUND.137
D:\FOUND.136
D:\FOUND.135
D:\FOUND.134
D:\FOUND.133
D:\FOUND.132
D:\FOUND.131
D:\FOUND.130
D:\FOUND.129
D:\FOUND.128
D:\FOUND.127
D:\FOUND.126
D:\FOUND.125
D:\FOUND.124
D:\FOUND.123
D:\FOUND.122
D:\FOUND.121
D:\FOUND.120
D:\FOUND.119
D:\spoolerlogs
D:\FOUND.118
D:\FOUND.117
D:\FOUND.116
D:\FOUND.115
D:\FOUND.114
D:\FOUND.113
D:\FOUND.112
D:\FOUND.111
D:\FOUND.110
D:\FOUND.109
D:\FOUND.108
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
Close OTMoveIt2

----------

Also let me know how things are now.

**Mohi212** · 8th Sep 2008

hey i havent done the above thing u told me but i wanted to tell you that ever since the latest combo fix restart happened, internet explorer isnt running . when i click on it , i get this msg in a window with the heading "desktop" .

"Windows cannot find '(null)' . Make sure you typed the name correctly, and then try again . To search for a file, click the Start button, and then click search

**evilfantasy** · 8th Sep 2008

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in Section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

How is everything now?

**evilfantasy** · 8th Sep 2008

Run the OTMoveIt2 instructions and let me know if Dial a fix worked.

**Mohi212** · 9th Sep 2008

hey man here is the OTMoveIt2 log

Explorer killed successfully
D:\FOUND.145 moved successfully.
D:\FOUND.144 moved successfully.
D:\FOUND.143 moved successfully.
D:\FOUND.142 moved successfully.
D:\FOUND.141 moved successfully.
D:\FOUND.140 moved successfully.
D:\FOUND.139 moved successfully.
D:\FOUND.138 moved successfully.
D:\FOUND.137 moved successfully.
D:\FOUND.136 moved successfully.
D:\FOUND.135 moved successfully.
D:\FOUND.134 moved successfully.
D:\FOUND.133 moved successfully.
D:\FOUND.132 moved successfully.
D:\FOUND.131 moved successfully.
D:\FOUND.130 moved successfully.
D:\FOUND.129 moved successfully.
D:\FOUND.128 moved successfully.
D:\FOUND.127 moved successfully.
D:\FOUND.126 moved successfully.
D:\FOUND.125 moved successfully.
D:\FOUND.124 moved successfully.
D:\FOUND.123 moved successfully.
D:\FOUND.122 moved successfully.
D:\FOUND.121 moved successfully.
D:\FOUND.120 moved successfully.
D:\FOUND.119 moved successfully.
D:\spoolerlogs moved successfully.
D:\FOUND.118 moved successfully.
D:\FOUND.117 moved successfully.
D:\FOUND.116 moved successfully.
D:\FOUND.115 moved successfully.
D:\FOUND.114 moved successfully.
D:\FOUND.113 moved successfully.
D:\FOUND.112 moved successfully.
D:\FOUND.111 moved successfully.
D:\FOUND.110 moved successfully.
D:\FOUND.109 moved successfully.
D:\FOUND.108 moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_170634

Things are a lot better than before now man

: ) . No more pop-ups are opening also the spyware detected balloon . The processes that used to run when the computer start are also not running ......And I HAVE noticed that my computer has gotten a little faster....Thanks a LOT man ....you rock .

btw the dial-a-fix didnt work . and the steps you told to follow it , they didnt apear like that .

here is the dial-a-fix log

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 6.0.2900.2180
MPC: 55274-649
CPU: Pentium III (~933MHz)
BIOS: 6/26/2001
Memory (approx): 125MB
Uptime: 0 hour(s)
Current directory: D:\DOCUME~1\Burhan\LOCALS~1\Temp\Temporary Directory 1 for Dial-a-fix-v0.60.0.24.zip\Dial-a-fix-v0.60.0.24
---

9/9/2008 5:11:01 PM -- Dial-a-fix : [v0.60.0.24] -- started
5:11:01 PM | Policy scan started
5:11:01 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
5:12:01 PM | Deleting D:\Documents and Settings\Burhan\Local Settings\temp...
5:12:02 PM | D:\Documents and Settings\Burhan\Local Settings\temp could not be completely emptied, please reboot and try again
5:12:02 PM | Deleting D:\WINDOWS\temp...
5:12:02 PM | D:\WINDOWS\temp has been re-created
5:12:02 PM | Deleting D:\DOCUME~1\Burhan\LOCALS~1\Temp...
5:12:03 PM | D:\DOCUME~1\Burhan\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
5:12:09 PM | Registered: D:\WINDOWS\system32\msi.dll
--- SSL/HTTPS/Cryptography ---
5:12:18 PM | Executed 'cmd.exe /c rmdir /q /s D:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
5:12:23 PM | Unregistered: D:\WINDOWS\system32\cryptdlg.dll
5:12:23 PM | Registered: D:\WINDOWS\system32\cryptdlg.dll
5:12:23 PM | Unregistered: D:\WINDOWS\system32\cryptui.dll
5:12:23 PM | Registered: D:\WINDOWS\system32\cryptui.dll
5:12:28 PM | Unregistered: D:\WINDOWS\system32\cryptext.dll
5:12:28 PM | Registered: D:\WINDOWS\system32\cryptext.dll
5:12:29 PM | Unregistered: D:\WINDOWS\system32\dssenh.dll
5:12:29 PM | Registered: D:\WINDOWS\system32\dssenh.dll
5:12:29 PM | Unregistered: D:\WINDOWS\system32\gpkcsp.dll
5:12:29 PM | Registered: D:\WINDOWS\system32\gpkcsp.dll
5:12:30 PM | Unregistered: D:\WINDOWS\system32\initpki.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\initpki.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\licdll.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\licdll.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\mssign32.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\mssign32.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\mssip32.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\mssip32.dll
5:13:01 PM | Unregistered: D:\WINDOWS\system32\scardssp.dll
5:13:01 PM | Registered: D:\WINDOWS\system32\scardssp.dll
5:13:02 PM | Unregistered: D:\WINDOWS\system32\sccbase.dll
5:13:02 PM | Registered: D:\WINDOWS\system32\sccbase.dll
5:13:02 PM | Unregistered: D:\WINDOWS\system32\scecli.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\scecli.dll
5:13:04 PM | Unregistered: D:\WINDOWS\system32\softpub.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\softpub.dll
5:13:04 PM | Unregistered: D:\WINDOWS\system32\slbcsp.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\slbcsp.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\regwizc.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\regwizc.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\rsaenh.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\rsaenh.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\winhttp.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\winhttp.dll
5:13:06 PM | Unregistered: D:\WINDOWS\system32\wintrust.dll
5:13:06 PM | Registered: D:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
5:13:07 PM | Registered: D:\WINDOWS\system32\acelpdec.ax
5:13:08 PM | Registered: D:\WINDOWS\system32\actxprxy.dll
5:13:08 PM | Registered: D:\WINDOWS\system32\asctrls.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\daxctle.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\hhctrl.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\l3codecx.ax
5:13:09 PM | Registered: D:\WINDOWS\system32\licmgr10.dll
5:13:10 PM | Registered: D:\WINDOWS\system32\mpg4ds32.ax
5:13:32 PM | Registered: D:\WINDOWS\system32\msdxm.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\plugin.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\proctexe.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\tdc.ocx
5:13:33 PM | Registered: D:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
5:13:35 PM | DllInstalled: D:\WINDOWS\system32\inetcpl.cpl
5:13:36 PM | DllInstalled: D:\WINDOWS\system32\appwiz.cpl
5:13:36 PM | Registered: D:\WINDOWS\system32\appwiz.cpl
5:13:36 PM | DllInstalled: D:\WINDOWS\system32\nusrmgr.cpl
5:13:36 PM | Registered: D:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
5:13:36 PM | Registered: D:\WINDOWS\system32\quartz.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\danim.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dmscript.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dmstyle.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dxmasf.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\dxtmsft.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\dxtrans.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
5:13:38 PM | Registered: D:\WINDOWS\system32\atl.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\corpol.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\jscript.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\dispex.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\scrrun.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\scrobj.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\vbscript.dll
5:13:40 PM | Registered: D:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
5:13:40 PM | Registered: D:\WINDOWS\system32\activeds.dll
5:13:40 PM | Registered: D:\WINDOWS\system32\audiodev.dll
5:13:41 PM | DllInstalled: D:\WINDOWS\system32\browseui.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\browseui.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\browsewm.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\cabview.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\cdfview.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\clbcatex.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\clbcatq.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\comcat.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\cscui.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\credui.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\datime.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\devmgr.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dfsshlex.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmdlgs.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmdskmgr.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmloader.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmocx.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dmview.ocx
5:13:43 PM | DllInstalled: D:\WINDOWS\system32\dsuiext.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dsuiext.dll
5:13:43 PM | DllInstalled: D:\WINDOWS\system32\dsquery.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dsquery.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dskquoui.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\els.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\es.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\fontext.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\hlink.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\hnetcfg.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\iedkcs32.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\iepeers.dll
5:13:45 PM | DllInstalled: D:\WINDOWS\system32\iesetup.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\iesetup.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\ils.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\imgutil.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inetcfg.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inetcomm.dll
5:13:45 PM | DllInstalled: D:\WINDOWS\system32\inseng.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inseng.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\laprxy.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\lmrt.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\mlang.dll
5:13:47 PM | Registered: D:\WINDOWS\system32\mmcndmgr.dll
5:13:48 PM | Registered: D:\WINDOWS\system32\mmcshext.dll
5:13:49 PM | DllInstalled: D:\WINDOWS\system32\mshtml.dll
5:13:50 PM | Registered: D:\WINDOWS\system32\mshtml.dll
5:13:50 PM | Registered: D:\WINDOWS\system32\mshtmled.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msieftp.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msoeacct.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msr2c.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\msrating.dll
5:13:52 PM | DllInstalled: D:\WINDOWS\system32\mydocs.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\mydocs.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\mstime.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\netcfgx.dll
5:13:52 PM | DllInstalled: D:\WINDOWS\system32\netplwiz.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\netplwiz.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\netman.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\netshell.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\ntmsevt.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\ntmsmgr.dll
5:13:53 PM | DllInstalled: D:\WINDOWS\system32\ntmssvc.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\ntmssvc.dll
5:13:54 PM | DllInstalled: D:\WINDOWS\system32\occache.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\occache.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\ole32.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\oleaut32.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\oleacc.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\olepro32.dll
5:13:54 PM | DllInstalled: D:\WINDOWS\system32\photowiz.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\photowiz.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\pngfilt.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\remotepg.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\rpcrt4.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\rshx32.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\sendmail.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\slayerxp.dll

5:13:57 PM | DllInstalled: D:\WINDOWS\system32\shdocvw.dll
5:13:58 PM | Registered: D:\WINDOWS\system32\shdocvw.dll
5:13:58 PM | Registered: D:\WINDOWS\system32\shell32.dll
5:14:14 PM | DllInstalled: D:\WINDOWS\system32\shell32.dll
5:14:14 PM | Registered: D:\WINDOWS\system32\shmedia.dll
5:14:15 PM | DllInstalled: D:\WINDOWS\system32\shimgvw.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\shimgvw.dll
5:14:15 PM | DllInstalled: D:\WINDOWS\system32\shsvcs.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\shsvcs.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\srclient.dll
5:14:16 PM | Unregistered: D:\WINDOWS\system32\stobject.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\stobject.dll
5:14:16 PM | DllInstalled: D:\WINDOWS\system32\themeui.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\themeui.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\twext.dll
5:14:17 PM | DllInstalled: D:\WINDOWS\system32\urlmon.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\urlmon.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\userenv.dll
5:14:17 PM | DllInstalled: D:\WINDOWS\system32\webcheck.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\webcheck.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\webvw.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\winhttp.dll
5:14:18 PM | DllInstalled: D:\WINDOWS\system32\wininet.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\zipfldr.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdadc.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaenum.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaer.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaipp.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaora.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaosp.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaps.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasc.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasql.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdatt.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaurl.dll
5:14:21 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmeng.dll
5:14:21 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmine.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msjtor35.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolap80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolui80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msxactps.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32r.dll
5:14:24 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqloledb.dll
5:14:24 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

**evilfantasy** · 9th Sep 2008

Open Dial-a-fix and click the hammer icon. Select Flush DNS and click Go
When complete, select Repair Permissions and click Go
When complete, select Repair/reinstall IE and click Go

**Mohi212** · 19th Sep 2008

Hey man.....extremely sorry for the later reply .....the thing is he asks for the xp cd and i have kinda lost it .

**evilfantasy** · 19th Sep 2008

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

**Mohi212** · 26th Sep 2008

here is the log from the esod online scan .
btw, just telling i have my xp which i use installed on d drive , not c drive .

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3473 (20080926)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a78d3f75d45a13479ae8da046d645966
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-26 01:15:09
# local_time=2008-09-26 06:15:09 (+0500, West Asia Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=189638
# found=74
# scan_time=2498
C:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\spoolsv.exe Win32/Virut.B virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\winsys32.dll a variant of Win32/TrojanProxy.Agent.NCB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\rpcc.dll Win32/TrojanProxy.Dlena trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\HTML\readme.eml Win32/Chir.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\6.0\ACDInTouch\EN\StaticPages\readm e.eml Win32/Chir.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154623.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154624.exe Win32/Virut.B virus (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154625.dll a variant of Win32/TrojanProxy.Agent.NCB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154626.dll Win32/TrojanProxy.Dlena trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\FOUND.014\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
C:\FOUND.012\FILE0000.CHK a variant of Win32/Nulprot trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.019\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.032\FILE0002.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.034\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.036\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.037\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.038\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.049\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.045\FILE0000.CHK a variant of Win32/Pacex.Gen virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.058\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.065\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.072\FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.061\FILE0045.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.062\FILE0010.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.086\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.089\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.076\FILE0000.CHK a variant of Win32/Injector.AR trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\autorun.in i.vir INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\avpo0.dll. vir probably a variant of Win32/Obfuscated trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\spool.exe. vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\LSASSMGR.E XE.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\LSSMON.EXE .vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\msupd32.ex e.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\srtsrv32.e xe.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\upd01.exe. vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\Documents and Settings\Burhan\S87ekhV.exe.vir Win32/TrojanDownloader.Delf.OGD trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\Program Files\Internet Explorer\iexplor.exe.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.079\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.091\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.095\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.098\FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.099\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\WINDOWS\divx32.dll probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\WINDOWS\system32\dllcaches.exe probably a variant of Win32/IRCBot trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\Program Files\Mozilla Firefox\firefoxe.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.105\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0009.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0010.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0015.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0001.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0002.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0006.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0007.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0008.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0361.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0408.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0409.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0011.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0015.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0016.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.134\ FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.134\ FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
E:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\FOUND.001\FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\FOUND.002\FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154630.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\ALL THE SOFTWARES\AVICodecPackPlus21.exe a variant of Win32/Adware.Webdir application (deleted) 00000000000000000000000000000000
E:\ALL THE SOFTWARES\AVICodecPackPlus21.exe »NSIS »VirtualDNS.dll a variant of Win32/Adware.Webdir application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
F:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154632.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000

**evilfantasy** · 26th Sep 2008

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

**Mohi212** · 26th Sep 2008

hey man, this is the log file first .

Logfile of random's system information tool 1.02 (written by random/random)
Run by Burhan at 2008-09-26 23:02:15
Microsoft Windows XP Professional Service Pack 2
System drive D: has 3 GB (33%) free of 10 GB
Total RAM: 126 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:32 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\Burhan\Desktop\RSIT.exe
E:\ALL THE SOFTWARES\Burhan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4633 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\At1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]
DAPHelper Class - D:\Program Files\DAP\DAPBHO.dll [2007-11-27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2007-11-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2007-11-10 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"PCSuiteTrayApplication"=D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"googletalk"=D:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"=D:\WINDOWS\system32\

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"authentication packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBCSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SBCSSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\AIM\aim.exe"="D:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Program Files\NetMeeting\conf.exe"="D:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Program Files\Opera\Opera.exe"="D:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-09-26 23:02:15 ----D---- D:\rsit
2008-09-26 17:04:34 ----D---- D:\Program Files\EsetOnlineScanner
2008-09-26 04:23:04 ----D---- D:\Program Files\Viewpoint
2008-09-26 04:21:34 ----D---- D:\Program Files\AIM6
2008-09-26 03:42:44 ----D---- D:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-09-26 03:42:37 ----A---- D:\WINDOWS\atid.ini
2008-09-25 20:06:00 ----SHD---- D:\FOUND.123
2008-09-25 05:05:38 ----D---- D:\Documents and Settings\Burhan\Application Data\acccore
2008-09-25 05:03:13 ----D---- D:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-25 05:03:13 ----D---- D:\Documents and Settings\All Users\Application Data\AOL
2008-09-25 05:02:51 ----D---- D:\Program Files\Common Files\AOL
2008-09-25 04:13:10 ----SHD---- D:\FOUND.122
2008-09-24 06:58:39 ----D---- D:\spoolerlogs
2008-09-24 02:16:55 ----D---- D:\Program Files\USBAntiVirus
2008-09-24 00:15:40 ----SHD---- D:\FOUND.121
2008-09-21 04:45:19 ----D---- D:\Program Files\CCleaner
2008-09-21 03:36:32 ----SHD---- D:\FOUND.120
2008-09-21 03:14:20 ----SHD---- D:\FOUND.119
2008-09-20 13:33:10 ----D---- D:\WINDOWS\system32\Adobe
2008-09-20 08:54:16 ----SHD---- D:\FOUND.118
2008-09-19 22:59:13 ----A---- D:\WINDOWS\system32\spupdsvc.exe
2008-09-19 22:59:12 ----HD---- D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2008-09-19 22:57:25 ----HD---- D:\WINDOWS\$NtUninstallKB915865$
2008-09-19 22:57:23 ----HD---- D:\WINDOWS\$hf_mig$
2008-09-19 22:57:04 ----N---- D:\WINDOWS\system32\xmllite.dll
2008-09-19 21:12:15 ----A---- D:\WINDOWS\Active Setup Log.txt
2008-09-19 21:12:15 ----A---- D:\WINDOWS\Active Setup Log.BAK
2008-09-16 13:07:40 ----SHD---- D:\FOUND.117
2008-09-15 02:39:34 ----SHD---- D:\FOUND.116
2008-09-15 02:27:50 ----SHD---- D:\FOUND.115
2008-09-14 21:31:02 ----SHD---- D:\FOUND.114
2008-09-12 13:27:22 ----SHD---- D:\FOUND.113
2008-09-12 03:40:40 ----SHD---- D:\FOUND.112
2008-09-12 02:05:50 ----SHD---- D:\FOUND.111
2008-09-11 21:40:52 ----SHD---- D:\FOUND.110
2008-09-11 20:16:25 ----D---- D:\WINDOWS\system32\NtmsData
2008-09-11 16:03:38 ----SHD---- D:\FOUND.109
2008-09-10 02:15:06 ----SHD---- D:\FOUND.108
2008-09-09 17:12:39 ----D---- D:\WINDOWS\system32\CatRoot2
2008-09-09 17:12:02 ----D---- D:\WINDOWS\temp
2008-09-09 17:06:34 ----D---- D:\_OTMoveIt
2008-09-09 14:56:52 ----SHD---- D:\FOUND.150
2008-09-09 02:01:24 ----SHD---- D:\FOUND.149
2008-09-09 00:26:38 ----SHD---- D:\FOUND.148
2008-09-08 19:12:36 ----A---- D:\ComboFix.txt
2008-09-08 13:14:04 ----SHD---- D:\FOUND.147
2008-09-07 14:42:08 ----SHD---- D:\FOUND.146
2008-09-07 13:49:46 ----A---- D:\WINDOWS\system32\mssc32.dll
2008-09-07 13:39:57 ----D---- D:\WINDOWS\erdnt
2008-09-07 13:39:19 ----D---- D:\QooBox
2008-09-07 13:39:16 ----A---- D:\WINDOWS\zip.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\VFind.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swxcacls.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swsc.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swreg.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\sed.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\Nircmd.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\grep.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\fdsv.exe
2008-09-04 07:11:57 ----D---- D:\Documents and Settings\Burhan\Application Data\Yahoo!

======List of files/folders modified in the last 1 months======

2008-09-26 21:12:14 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-09-19 22:58:18 ----A---- D:\WINDOWS\imsins.BAK
2008-09-14 02:46:06 ----A---- D:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2008-09-09 22:01:22 ----A---- D:\WINDOWS\OEWABLog.txt
2008-09-09 17:14:18 ----RD---- D:\WINDOWS\Web
2008-09-09 17:14:18 ----RD---- D:\Program Files
2008-09-09 16:16:32 ----A---- D:\WINDOWS\ntbtlog.txt
2008-09-08 19:08:38 ----A---- D:\WINDOWS\system.ini
2008-09-07 10:46:08 ----A---- D:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Intel PentiumIII Processor Driver; D:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-03 42496]
R2 dmsmbios;dmsmbios; \??\D:\WINDOWS\system32\dmsmbios.sys []
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); D:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; D:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 i81x;i81x; D:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 MODEMCSA;Unimodem Streaming Filter Device; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; D:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 Slntamr;Smart Link 56K Modem Driver; D:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; D:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 XIRLINK;IBM PC Camera; D:\WINDOWS\system32\DRIVERS\C-itnt.sys [1999-10-19 435655]
S1 b88b9e8e;b88b9e8e; D:\WINDOWS\System32\drivers\b88b9e8e.sys [2008-08-05 109150]
S3 AvFlt;Antivirus Filter Driver; D:\WINDOWS\system32\drivers\av5flt.sys []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 iAimFP0;iAimFP0; D:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; D:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; D:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; D:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; D:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; D:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; D:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; D:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; D:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; D:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; D:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; D:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; D:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; D:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; D:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; D:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; D:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NtMtlFax;NtMtlFax; D:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 SBRE;SBRE; \??\D:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; D:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SLService;SmartLinkService; D:\WINDOWS\system32\slserv.exe [2004-08-04 73796]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 SBCSSvc;Sunbelt CounterSpy Antispyware; D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
S3 AresChatServer;Ares Chatroom server; D:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-10 138168]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

**Mohi212** · 26th Sep 2008

Hey man here is the info log .

info.txt logfile of random's system information tool 1.02 2008-09-26 23:02:40

======Uninstall list======

-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\IbmPcCamera\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
ACDSee-->D:\PROGRA~1\ACDSYS~1\ACDSEE\UNWISE.EXE D:\PROGRA~1\ACDSYS~1\ACDSEE\INSTALL.LOG
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe
AIM 6-->D:\Program Files\AIM6\uninst.exe
Ares 2.0.9-->"D:\Program Files\Ares\uninstall.exe"
Astro123 v1.40-->"D:\Program Files\Astro123\unins000.exe"
Axialis AX-Icons 4.5-->D:\Program Files\Axialis\AX-Icons\UnInstall.exe "AX-Icons 4.5" "AXIcons.exe"
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8-->"D:\Program Files\CDisplay\unins000.exe"
Download Accelerator Plus -->D:\PROGRA~1\DAP\UNWISE.EXE D:\PROGRA~1\DAP\INSTALL.LOG
ESET Online Scanner-->D:\WINDOWS\system32\OnlineScannerUninstaller.ex e
ffdshow [rev 2019] [2008-06-22]-->"D:\Program Files\ffdshow\unins000.exe"
Flash Studio PRO Trial-->"D:\Program Files\Flash Studio PRO Trial\unins000.exe"
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Glary Registry Repair 2.9-->"D:\Program Files\Glary Registry Repair\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)-->"D:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"D:\Documents and Settings\Burhan\My Documents\ALL THE SOFTWARES\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"D:\WINDOWS\$NtUninstallKB915865$\spuninst\spunin st.exe"
Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual Basic 6.0 Enterprise Edition-->"D:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection D:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mobysaurus Thesaurus-->"D:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>D:\WINDOWS\system32\SpoonUninstall-Mobysaurus Thesaurus.dat
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia Multimedia Player-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}
Nokia PC Suite-->D:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Opera 9.51-->MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PowerDVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RichFX Player-->RunDll32 D:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall _Player
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TIMES Education - A Level Physics-->D:\WINDOWS\uninst.exe -f"D:\Program Files\TIMES Education\A Level\Physics\DeIsL2.isu" -cD:\PROGRA~1\TIMESE~1\ALEVEL~1\Physics\_ISREG32.DL L
TZ Connection Booster 2.6-->"D:\Program Files\TZ Connection Booster\unins000.exe"
USB Drive AntiVirus 2.3-->"D:\Program Files\USBAntiVirus\unins000.exe"
Viewpoint Media Player-->D:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB 44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC7291 8CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F7 76984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->D:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1 EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\ spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->D:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemr oot%\system32\wbem;D:\Program Files\PC Connectivity Solution;D:\PROGRAM FILES\QUICKTIME\QTSYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=D:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

**evilfantasy** · 26th Sep 2008

Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Looking over your log, it seems you don't have any anti-virus software.

Before we continue download and install a free anti-virus software.

Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Comodo Antivirus
5) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

----------

How is everything now?

**Mohi212** · 27th Sep 2008

thing are a little better now man.....i feel the pc is a has gotten a little faster ...........but after that online scan and all this, ie still doesnt work ........i downloaded firefox 3 and it gave me the same msg for firefox .

**evilfantasy** · 27th Sep 2008

You may need to reinstall your router drivers.

**Mohi212** · 27th Sep 2008

how do i do that ?

Help me and here is my hijack log

Thread Tools