Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help me remove trojan horse win32.onlinegames


  • Please log in to reply

#1
nafisnafis

nafisnafis

    New Member

  • Member
  • Pip
  • 5 posts
hello. my computer is infected with a trojan horse called win32.onlinegames and a few others like win32.wow, win32.gen e.t.c. im not sure if these are all same viruses with different names. Im using avast antivirus and it keeps detecting the virus, but each time i delete the vrus, more of it keeps popping up and i have to keep on deleting them. The virus has made my computer very slow. Plase help me.
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nafisnafis and welcome to Geeks To Go,

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
nafisnafis

nafisnafis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello jimmy2012. first of all, i would like to thank you for your time. i greatly appreciate it. :) . ok heres the hijack this log: (by the way,my OS is installed in drive D, and not drive C where it is usually installed)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:19 AM, on 1/2/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\BitComet\BitComet.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: nhmxbjkl.dll - {27AC9076-C898-B098-D098-A18319080972} - D:\WINDOWS\system32\nhmxbjkl.dll (file missing)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - D:\WINDOWS\system32\lassaplo.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\reall\rpbrowserrecordplugin.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - D:\WINDOWS\system32\skqncbib.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - D:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - D:\WINDOWS\system32\apsgdjba.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - D:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Net2Phone Dialer] "D:\Program Files\Net2Phone SIP Dialer\dialer.exe" -auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [amva] D:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: SysWoWCt.dll,skqncbib.dll,nhmxcjkl.dll,yzztimsn.dll,
O20 - Winlogon Notify: ddcbXrSl - ddcbXrSl.dll (file missing)
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - D:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - Unknown owner - D:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10382 bytes
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nafisnafis,

If you have any questions please feel free to ask. :)

Your log shows a infection that can steal your passwords. You should change all of your passwords on a clean computer ASAP.

I see that you have 3 anti-virus running, I need you to remove two of them.Running 3 anti-virus at the same time can slow your computer down and also the anti-virus can conflict with each other.These are the 3 I see you have running.
AVG, Avast and Panda
Please remove two of those anti-virus.
If you need help removing two of them please let me know.

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: nhmxbjkl.dll - {27AC9076-C898-B098-D098-A18319080972} -
D:\WINDOWS\system32\nhmxbjkl.dll (file missing)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} -
D:\WINDOWS\system32\lassaplo.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} -
D:\WINDOWS\system32\skqncbib.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} -
D:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} -
D:\WINDOWS\system32\apsgdjba.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} -
D:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O4 - HKCU\..\Run: [amva] D:\WINDOWS\system32\amvo.exe
O20 - AppInit_DLLs: SysWoWCt.dll,skqncbib.dll,nhmxcjkl.dll,yzztimsn.dll,
O20 - Winlogon Notify: ddcbXrSl - ddcbXrSl.dll (file missing)
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} -
D:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\WINDOWS\system32\nhmxbjkl.dll
    D:\WINDOWS\system32\lassaplo.dll
    D:\WINDOWS\system32\skqncbib.dll
    D:\WINDOWS\system32\nhmxcjkl.dll
    D:\WINDOWS\system32\apsgdjba.dll
    D:\WINDOWS\system32\mnmhgsrv.dll
    D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    D:\WINDOWS\system32\amvo.exe
    D:\WINDOWS\AppPatch\Jview.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
~~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the DSS main.txt and extra.txt
  • 0

#5
nafisnafis

nafisnafis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello jimmy2012. Im having trouble removing Panda antivirus, its not there on 'add/remove programs' and when i try to delete it directly from progam files, it says 'the file is either write protected or is currently being used', even though im not running it currently(as far as im aware of). i think ive managed to remove AVG,though. Moving on, when OTMoveIt was runnig, it said there was an error and it closed saying that any unsaved changes were lost :) anways, heres the log for OTMoveit:

File/Folder D:\WINDOWS\system32\nhmxbjkl.dll not found.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\lassaplo.dll
D:\WINDOWS\system32\lassaplo.dll NOT unregistered.
D:\WINDOWS\system32\lassaplo.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\skqncbib.dll
D:\WINDOWS\system32\skqncbib.dll NOT unregistered.
D:\WINDOWS\system32\skqncbib.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\nhmxcjkl.dll
D:\WINDOWS\system32\nhmxcjkl.dll NOT unregistered.
D:\WINDOWS\system32\nhmxcjkl.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\apsgdjba.dll
D:\WINDOWS\system32\apsgdjba.dll NOT unregistered.
D:\WINDOWS\system32\apsgdjba.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\mnmhgsrv.dll
D:\WINDOWS\system32\mnmhgsrv.dll NOT unregistered.
D:\WINDOWS\system32\mnmhgsrv.dll moved successfully.
D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll unregistered successfully.
D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll moved successfully.
File/Folder D:\WINDOWS\system32\amvo.exe not found.
LoadLibrary failed for D:\WINDOWS\AppPatch\Jview.dll
D:\WINDOWS\AppPatch\Jview.dll NOT unregistered.
D:\WINDOWS\AppPatch\Jview.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 01032002_151836


And here are the DSS logs:
Main:


Deckard's System Scanner v20071014.68
Run by Nafis on 2002-01-03 15:23:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2002-01-03 12:23:41 UTC - RP155 - Deckard's System Scanner Restore Point
8: 2002-01-01 22:00:18 UTC - RP154 - Removed iLike Sidebar
7: 2008-05-29 20:05:31 UTC - RP153 - Removed The Shield Deluxe 2008.
6: 2008-05-29 19:29:33 UTC - RP152 - Installed The Shield Deluxe 2008.
5: 2008-05-23 12:57:53 UTC - RP151 - Removed TubeSucker


-- First Restore Point --
1: 2008-05-03 22:03:11 UTC - RP147 - Installed AVG Free 8.0


Backed up registry hives.
Performed disk cleanup.

System Drive D: has 1.91 GiB (less than 15%) free.


-- HijackThis (run as Nafis.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:48 PM, on 1/3/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
D:\Program Files\Net2Phone SIP Dialer\dialer.exe
D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\tjfyabyt.exe
D:\WINDOWS\system32\zxfhajpg.exe
D:\WINDOWS\system32\zxcsahlp.exe
D:\Documents and Settings\Nafis\Desktop\dss.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Nafis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - D:\WINDOWS\system32\opshbbty.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - D:\WINDOWS\system32\lassaplo.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\reall\rpbrowserrecordplugin.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - D:\WINDOWS\system32\skqncbib.dll (file missing)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - D:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - D:\WINDOWS\system32\nhmxcjkl.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - D:\WINDOWS\system32\lijzclit.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - D:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - D:\WINDOWS\system32\mpwddapi.dll
O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - D:\WINDOWS\system32\apsgdjba.dll (file missing)
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - D:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - D:\WINDOWS\system32\mpwdeapi.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - D:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - D:\WINDOWS\system32\mnmhgsrv.dll (file missing)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - D:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - D:\WINDOWS\system32\zxptejpg.dll
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - D:\WINDOWS\system32\yzztimsn.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - D:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Net2Phone Dialer] "D:\Program Files\Net2Phone SIP Dialer\dialer.exe" -auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nhmxcjkl.dll,yzztimsn.dll,skqncbib.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: The Shield Deluxe 2008 (AVP) - Unknown owner - D:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 11166 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20020103-151514-726 O2 - BHO: nhmxbjkl.dll - {27AC9076-C898-B098-D098-A18319080972} - D:\WINDOWS\system32\nhmxbjkl.dll (file missing)
backup-20020103-151514-456 O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - D:\WINDOWS\system32\lassaplo.dll
backup-20020103-151514-927 O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - D:\WINDOWS\system32\skqncbib.dll
backup-20020103-151514-822 O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - D:\WINDOWS\system32\nhmxcjkl.dll
backup-20020103-151515-724 O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - D:\WINDOWS\system32\apsgdjba.dll
backup-20020103-151515-615 O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - D:\WINDOWS\system32\mnmhgsrv.dll
backup-20020103-151515-380 O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
backup-20020103-151515-672 O4 - HKCU\..\Run: [amva] D:\WINDOWS\system32\amvo.exe
backup-20020103-151515-666 O20 - AppInit_DLLs: SysCbCDK.dll,yzztimsn.dll,nhmxcjkl.dll,skqncbib.dll
backup-20020103-151515-358 O20 - Winlogon Notify: ddcbXrSl - ddcbXrSl.dll (file missing)
backup-20020103-151516-421 O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - D:\WINDOWS\AppPatch\Jview.dll
backup-20020103-151516-998 O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mchInjDrv (madCodeHook DLL injection driver) - d:\windows\system32\drivers\mchinjdrv.sys
R2 sbbotdi - d:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - d:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S0 kl1 - d:\windows\system32\drivers\kl1.sys (file missing)
S1 klif - d:\windows\system32\drivers\klif.sys (file missing)
S3 eth8023 - d:\windows\system32\drivers\eth8023.sys (file missing)
S3 NTIDrvr - c:\program files\newtech infosystems\nti cd-maker\ntidrvr.sys (file missing)
S3 sdthook - d:\windows\system32\drivers\sdthook.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "d:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 NMIndexingService - "d:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S2 avg8wd (AVG8 WatchDog) - d:\progra~1\avg\avg8\avgwdsvc.exe (file missing)
S2 AVP (The Shield Deluxe 2008) - "d:\program files\pcsecurityshield\the shield deluxe 2008\avp.exe" -r (file missing)
S3 NBService - d:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_1025&PID_0041\00380E0000B1
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_1025&PID_0041\00380E0000B1
Service: USBSTOR

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_D5F7FDFB&REV_11\4&1F7DBC9F&0&08F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_D5F7FDFB&REV_11\4&1F7DBC9F&0&08F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_D5F7FDFB&REV_11\4&1F7DBC9F&0&09F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_D5F7FDFB&REV_11\4&1F7DBC9F&0&09F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 20:27:06 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2002-01-03 00:06:18 432 --a------ D:\WINDOWS\Tasks\XoftSpySE 2.job


-- Files created between 2001-12-03 and 2002-01-03 -----------------------------

2008-06-03 11:03:17 24 --a------ D:\WINDOWS\system32\lesxachu.sys
2008-06-02 15:51:19 24 --a------ D:\WINDOWS\system32\wymxajkl.sys
2008-06-01 17:21:44 0 d--hs---- D:\FOUND.004
2008-06-01 16:33:42 0 d-------- D:\Documents and Settings\Nafis\Application Data\PC Tools
2008-06-01 15:38:59 24 --a------ D:\WINDOWS\system32\ijsgajba.sys
2008-06-01 13:26:00 24 --a------ D:\WINDOWS\system32\toqnabib.sys
2008-05-30 19:48:32 24 --a------ D:\WINDOWS\system32\pzwmaime.sys
2008-05-30 12:49:24 0 d--hs---- D:\FOUND.003
2008-05-30 03:57:02 0 d--hs---- D:\FOUND.002
2008-05-30 01:04:53 0 d-------- D:\Program Files\Common Files\Panda Software
2008-05-29 23:00:14 0 d--hs---- D:\FOUND.001
2008-05-28 23:12:27 0 d-------- D:\Documents and Settings\Nafis\Application Data\TVU networks
2008-05-28 23:12:27 0 d-------- D:\Documents and Settings\All Users\Application Data\TVU networks
2008-05-28 23:12:18 0 d-------- D:\Program Files\TVUPlayer
2008-05-24 05:46:50 0 d--hs---- D:\FOUND.000
2008-05-23 15:56:41 0 d-------- D:\Documents and Settings\Nafis\Application Data\Sun
2008-05-21 21:33:41 0 d-------- D:\Program Files\SopCast
2008-05-20 15:46:56 0 d-------- D:\Program Files\Three Rings Design
2008-05-12 23:20:01 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2008-05-10 15:46:46 0 d-------- D:\Program Files\uTorrent
2008-05-05 18:21:20 0 d-------- D:\Program Files\BitComet
2008-05-04 02:21:55 0 d--h----- D:\$AVG8.VAULT$
2008-05-04 01:03:33 0 d-------- D:\WINDOWS\system32\drivers\Avg
2008-05-04 01:03:22 0 d-------- D:\Program Files\AVG
2008-05-04 01:03:22 0 d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-04-22 02:24:44 0 d-------- D:\Program Files\Conduit
2008-04-22 02:24:42 0 d-------- D:\Program Files\isoHunt
2008-04-18 11:04:30 0 d-------- D:\Program Files\Apple Software Update
2008-04-12 03:12:21 0 d-------- D:\Program Files\iPod
2008-04-12 03:12:05 0 d-------- D:\Program Files\iTunes
2008-04-12 03:09:56 0 d-------- D:\Program Files\QuickTime
2008-04-02 22:18:08 0 d-------- D:\Program Files\Google
2008-04-02 22:18:08 0 d-------- D:\Documents and Settings\Nafis\Application Data\Google
2008-04-01 20:35:09 0 d-------- D:\Documents and Settings\Nafis\Application Data\Yahoo!
2008-04-01 18:55:22 0 d-------- D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-01 18:52:06 0 d-------- D:\Program Files\Yahoo!
2008-03-29 19:15:50 0 d-------- D:\New Folder
2008-03-27 09:18:44 0 d--hs---- D:\FOUND.016
2008-03-26 15:48:18 0 d--hs---- D:\FOUND.015
2008-03-22 21:21:09 0 d-------- D:\Program Files\Common Files\xing shared
2008-03-22 21:18:51 0 d-------- D:\Program Files\reall
2008-03-21 11:08:02 0 d-------- D:\Program Files\Safari
2008-03-18 00:18:42 0 d-------- D:\Program Files\Total Video Converter
2008-03-08 02:32:52 0 d--hs---- D:\FOUND.014
2008-02-01 15:15:35 0 d-------- D:\Program Files\Guitar Pro 5
2008-02-01 15:10:45 92544 --a------ D:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-02-01 15:10:44 0 d-------- D:\Program Files\MagicDisc
2008-02-01 15:10:25 0 d-------- D:\Program Files\MagicISO
2008-01-31 21:23:44 0 d-------- D:\Documents and Settings\Nafis\Application Data\Ashampoo
2008-01-31 21:23:04 0 d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-01-31 21:22:37 0 d-------- D:\Program Files\Ashampoo
2008-01-31 00:33:06 0 d-------- D:\Program Files\Bonjour
2008-01-31 00:26:27 0 d-------- D:\Program Files\Common Files\Apple
2008-01-31 00:26:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-01-30 23:09:15 0 d-------- D:\Documents and Settings\Nafis\Application Data\Apple Computer
2008-01-30 23:01:42 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-29 15:32:25 0 d-------- D:\Program Files\Steam
2008-01-29 12:10:30 0 d-------- D:\Documents and Settings\Nafis\Application Data\CyberLink
2008-01-29 12:06:59 0 d-------- D:\MyWorks
2008-01-26 23:56:38 0 --a------ D:\WINDOWS\PowerReg.dat
2008-01-26 23:56:36 0 d-------- D:\Program Files\directx
2008-01-26 23:56:24 86016 --a------ D:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-26 23:52:20 0 d-------- D:\Program Files\Ubi Soft
2008-01-26 23:48:45 0 d-------- D:\Documents and Settings\Nafis\Application Data\DAEMON Tools
2008-01-26 23:48:44 0 d-------- D:\Program Files\DAEMON Tools Lite
2008-01-26 23:43:16 716272 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 22:13:50 0 d-------- D:\Warlords battlecry 2
2008-01-26 14:22:07 0 d-------- D:\Counter-Strike 1.6 + Half-Life
2008-01-26 02:00:54 0 d--hs---- D:\FOUND.013
2008-01-26 01:06:46 0 d--hs---- D:\FOUND.012
2008-01-26 00:27:49 0 d-------- D:\Program Files\Admiresoft
2008-01-25 23:58:30 0 d--hs---- D:\FOUND.011
2008-01-25 23:23:34 0 d-------- D:\Documents and Settings\Nafis\Application Data\Ahead
2008-01-25 23:21:50 0 d-------- D:\Program Files\Nero
2008-01-25 23:21:50 0 d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-01-25 23:21:49 0 d-------- D:\Program Files\Common Files\Ahead
2008-01-25 22:37:52 0 d--hs---- D:\FOUND.010
2008-01-24 21:07:02 724992 --a------ D:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-24 21:07:02 0 d-------- D:\Program Files\Power Encoder
2008-01-24 20:57:19 1269760 --a------ D:\WINDOWS\system32\ASTAudioFile.dll <Not Verified; American Shareware Technologies Inc.; ASTAudioFile DLL>
2008-01-24 20:57:18 1200128 --a------ D:\WINDOWS\system32\ASTAudioInformation.dll <Not Verified; American Shareware Technologies Inc.; ASTAudioInformation ActiveX DLL>
2008-01-24 20:57:18 0 d-------- D:\Program Files\MP3 WAV Converter
2008-01-23 02:12:50 0 d-------- D:\WINDOWS\system32\msmq
2008-01-20 18:12:16 352 --ah----- D:\WINDOWS\nod32fixtemdono.reg
2008-01-11 19:01:56 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-20 15:49:17 0 d-------- D:\Documents and Settings\Nafis\Application Data\iLike
2007-12-19 20:18:38 0 d-------- D:\Documents and Settings\Nafis\Application Data\MSNInstaller
2007-12-14 17:28:16 0 d-------- D:\Documents and Settings\Nafis\Application Data\Media Player Classic
2007-12-14 15:51:38 164352 --a------ D:\WINDOWS\system32\unrar.dll
2007-12-14 15:51:34 217088 --a------ D:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-14 15:51:34 39936 --a------ D:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-12-14 15:51:33 564224 --a------ D:\WINDOWS\system32\x264vfw.dll
2007-12-14 15:51:33 630784 --a------ D:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-12-14 15:51:33 438272 --a------ D:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-14 15:51:33 144384 --a------ D:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-12-14 15:51:32 282624 --a------ D:\WINDOWS\system32\xvidvfw.dll
2007-12-14 15:51:32 1559040 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-12-14 15:51:31 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-12-14 15:51:31 81920 --a------ D:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-14 15:51:30 739840 --a------ D:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-14 15:51:29 7680 --a------ D:\WINDOWS\system32\ff_vfw.dll
2007-12-14 15:51:26 0 d-------- D:\Program Files\K-Lite Codec Pack
2007-12-10 22:59:39 0 d--h----- D:\WINDOWS\PIF
2007-12-10 22:01:07 0 d-------- D:\WINDOWS\Freecorder Toolbar
2007-12-10 22:01:07 0 d-------- D:\Program Files\Freecorder Toolbar
2007-12-10 21:59:52 0 d-------- D:\WINDOWS\Replay Media Catcher
2007-12-10 21:59:38 0 d-------- D:\Program Files\Replay Media Catcher
2007-12-10 21:49:27 0 d-------- D:\Documents and Settings\Nafis\Application Data\GetRightToGo
2007-12-10 21:48:47 0 d-------- D:\WINDOWS\Applian FLV Player
2007-12-10 21:48:47 0 d-------- D:\Program Files\FLV Player
2007-12-09 22:09:01 0 d-------- D:\Documents and Settings\Nafis\Application Data\U3
2007-12-09 20:24:05 0 d-------- D:\Program Files\Math Mechanixs
2007-12-07 21:27:15 0 d-------- D:\Program Files\Net2Phone SIP Dialer
2007-12-07 17:22:20 0 d-------- D:\Documents and Settings\Nafis\Application Data\skypePM
2007-12-07 17:22:20 32 --a------ D:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-07 17:19:25 0 d-------- D:\Documents and Settings\Nafis\Application Data\Skype
2007-12-07 17:18:15 0 d-------- D:\Program Files\Skype
2007-12-07 17:18:14 0 d-------- D:\Program Files\Common Files\Skype
2007-12-07 17:17:56 0 d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 22:27:07 0 d-------- D:\Program Files\Common Files\Real
2007-12-04 22:27:05 0 d-------- D:\Program Files\Real
2007-12-04 22:26:36 0 d-------- D:\Documents and Settings\Nafis\Application Data\Real
2007-12-02 19:07:40 0 d-------- D:\Documents and Settings\Nafis\Application Data\Ulead Systems
2007-12-02 19:07:37 0 d-------- D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-28 20:27:15 0 d-------- D:\Program Files\Flash Effect Maker
2007-11-25 21:20:55 0 d-------- D:\Documents and Settings\Nafis\Application Data\AdobeUM
2007-11-23 21:53:03 0 d-------- D:\Program Files\Windows Media Connect 2
2007-11-23 19:04:07 0 d-------- D:\Program Files\SpeedOptimizer
2007-11-23 19:02:50 0 d-------- D:\Program Files\SpeedBit Video Accelerator
2007-11-23 18:57:36 0 d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2007-11-23 18:57:23 50688 --a------ D:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-11-23 18:57:20 0 d-------- D:\Program Files\DAP
2007-11-20 14:19:05 0 d-------- D:\WINDOWS\network diagnostic
2007-11-18 23:08:54 0 d-------- D:\Program Files\Microsoft.NET
2007-11-18 23:08:43 0 d-------- D:\Program Files\Microsoft ActiveSync
2007-11-18 23:07:47 0 d-------- D:\WINDOWS\SHELLNEW
2007-11-17 00:05:21 0 d-------- D:\Documents and Settings\Nafis\Application Data\dvdcss
2007-11-16 16:43:05 0 d-------- D:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-16 16:05:37 0 d-------- D:\Program Files\CyberLink
2007-11-16 15:47:17 0 d-------- D:\Documents and Settings\Nafis\Application Data\Adobe
2007-11-16 15:47:13 0 d-------- D:\Program Files\Common Files\Adobe
2007-11-16 10:04:40 0 d--hs---- D:\Program Files\Common Files\WindowsLiveInstaller
2007-11-16 10:04:33 0 d-------- D:\Program Files\Windows Live
2007-11-16 10:04:24 0 d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-16 09:58:30 0 d-------- D:\WINDOWS\system32\appmgmt
2007-11-15 01:23:22 0 d-------- D:\Documents and Settings\Nafis\Application Data\SoundSpectrum
2007-11-15 01:22:11 0 d-------- D:\Program Files\SoundSpectrum
2007-11-14 23:23:53 0 d--hs---- D:\Documents and Settings\Nafis\UserData
2007-11-14 06:45:41 0 d-------- D:\WINDOWS\system32\PreInstall
2007-11-14 06:45:39 0 d--h----- D:\WINDOWS\$hf_mig$
2007-11-14 01:18:34 0 d-------- D:\Documents and Settings\Nafis\Application Data\Macromedia
2007-11-14 00:50:11 0 d-------- D:\WINDOWS\system32\LogFiles
2007-11-14 00:47:33 0 d-------- D:\WINDOWS\system32\drivers\umdf
2007-11-14 00:44:50 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-14 00:39:19 0 d-------- D:\Program Files\VideoLAN
2007-11-13 23:21:10 0 d-------- D:\Documents and Settings\Nafis\Contacts
2007-11-13 23:19:07 0 d-------- D:\WINDOWS\system32\DRVSTORE
2007-11-13 22:23:51 0 d-------- D:\Documents and Settings\Nafis\Application Data\uTorrent
2007-11-13 22:20:59 0 d-------- D:\Documents and Settings\Nafis\Application Data\vlc
2007-11-13 22:15:51 0 --a------ D:\WINDOWS\nsreg.dat
2007-11-13 22:15:47 0 d-------- D:\Documents and Settings\Nafis\Application Data\Mozilla
2007-11-13 22:13:21 0 d-------- D:\Program Files\Realtek Sound Manager
2007-11-13 22:13:19 0 d-------- D:\Program Files\AvRack
2007-11-13 22:13:15 584 -----n--- D:\WINDOWS\system32\drivers\alcxinit.dat
2007-11-13 22:13:15 208896 -----n--- D:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-11-13 22:13:15 135168 -----n--- D:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-11-13 22:13:15 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-11-13 21:53:45 0 d-------- D:\WINDOWS\system32\ReinstallBackups
2007-11-13 21:53:15 0 d-------- D:\Program Files\Common Files\InstallShield
2007-11-13 21:44:42 0 d-------- D:\Program Files\Alwil Software
2007-11-13 21:42:25 0 d-------- D:\Documents and Settings\Nafis\Application Data\Identities
2007-11-13 21:42:23 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
2007-11-13 21:42:13 0 dr-h----- D:\Documents and Settings\Nafis\SendTo
2007-11-13 21:42:13 0 dr-h----- D:\Documents and Settings\Nafis\Recent
2007-11-13 21:42:13 0 d--h----- D:\Documents and Settings\Nafis\PrintHood
2007-11-13 21:42:13 0 d--h----- D:\Documents and Settings\Nafis\NetHood
2007-11-13 21:42:13 0 dr------- D:\Documents and Settings\Nafis\My Documents
2007-11-13 21:42:13 0 dr------- D:\Documents and Settings\Nafis\Favorites
2007-11-13 21:42:13 0 d-------- D:\Documents and Settings\Nafis\Desktop
2007-11-13 21:42:13 0 d--hs---- D:\Documents and Settings\Nafis\Cookies
2007-11-13 21:42:13 0 dr-h----- D:\Documents and Settings\Nafis\Application Data
2007-11-13 21:42:12 0 d--h----- D:\Documents and Settings\Nafis\Templates
2007-11-13 21:42:12 0 dr------- D:\Documents and Settings\Nafis\Start Menu
2007-11-13 21:42:12 9175040 --ah----- D:\Documents and Settings\Nafis\NTUSER.DAT
2007-11-13 21:42:12 0 d--h----- D:\Documents and Settings\Nafis\Local Settings
2007-11-13 10:21:52 0 d--hs---- D:\WINDOWS\Installer
2007-11-13 10:21:51 0 d-------- D:\Program Files\Common Files\ODBC
2007-11-13 10:21:46 0 d-------- D:\Program Files\Common Files\SpeechEngines
2007-11-13 10:21:45 0 d-------- D:\Program Files\Common Files
2007-11-13 10:21:09 0 d--h----- D:\Documents and Settings\Default User\Templates
2007-11-13 10:21:09 0 dr------- D:\Documents and Settings\Default User\Start Menu
2007-11-13 10:21:09 0 dr-h----- D:\Documents and Settings\Default User\SendTo
2007-11-13 10:21:09 0 d--h----- D:\Documents and Settings\Default User\Recent
2007-11-13 10:21:09 0 d--h----- D:\Documents and Settings\Default User\PrintHood
2007-11-13 10:21:09 0 d--h----- D:\Documents and Settings\Default User\NetHood
2007-11-13 10:21:09 0 d-------- D:\Documents and Settings\Default User\My Documents
2007-11-13 10:21:09 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
2007-11-13 10:21:09 0 d-------- D:\Documents and Settings\Default User\Favorites
2007-11-13 10:21:09 0 d-------- D:\Documents and Settings\Default User\Desktop
2007-11-13 10:21:09 0 d---s---- D:\Documents and Settings\Default User\Cookies
2007-11-13 10:21:09 0 d--h----- D:\Documents and Settings\All Users\Templates
2007-11-13 10:21:09 0 dr------- D:\Documents and Settings\All Users\Start Menu
2007-11-13 10:21:09 0 d-------- D:\Documents and Settings\All Users\Favorites
2007-11-13 10:21:09 0 dr------- D:\Documents and Settings\All Users\Documents
2007-11-13 10:21:09 0 d-------- D:\Documents and Settings\All Users\Desktop
2007-11-13 10:20:50 0 d-------- D:\WINDOWS\system32\CatRoot2
2007-11-13 10:20:50 0 d-------- D:\WINDOWS\system32\CatRoot
2007-11-13 10:20:44 0 dr-h----- D:\Documents and Settings\Default User\Application Data
2007-11-13 10:20:44 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-13 10:20:44 0 dr-h----- D:\Documents and Settings\All Users\Application Data
2007-11-13 10:20:44 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-13 10:20:03 0 d-------- D:\Documents and Settings
2007-11-13 10:14:50 0 d-------- D:\WINDOWS
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\WinSxS
2007-11-13 10:14:50 0 dr------- D:\WINDOWS\Web
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\twain_32
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\wins
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\wbem
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\usmt
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\spool
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\ShellExt
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\Setup
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\ras
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\oobe
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\npp
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\mui
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\inetsrv
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\IME
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\icsxml
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\ias
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\export
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\drivers
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\drivers\etc
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\drivers\disdn
2007-11-13 10:14:50 0 dr-hs---- D:\WINDOWS\system32\dllcache
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\dhcp
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\config
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\3com_dmi
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\3076
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\2052
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1054
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1042
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1041
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1037
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1033
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1031
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1028
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system32\1025
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\system
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\security
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Resources
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\repair
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Provisioning
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\PeerNet
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\pchealth
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\mui
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\msapps
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\msagent
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Media
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\java
2007-11-13 10:14:50 0 d--h----- D:\WINDOWS\inf
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\ime
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Help
2007-11-13 10:14:50 0 dr--s---- D:\WINDOWS\Fonts
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\ehome
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Driver Cache
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Debug
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Cursors
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Connection Wizard
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\Config
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\AppPatch
2007-11-13 10:14:50 0 d-------- D:\WINDOWS\addins
2007-11-13 09:40:41 0 d-------- D:\WINDOWS\SoftwareDistribution
2007-11-13 09:40:31 0 d---s---- D:\WINDOWS\system32\Microsoft
2007-11-13 09:40:31 0 d-------- D:\WINDOWS\Prefetch
2007-11-13 09:40:30 229376 --ah----- D:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-13 09:40:30 0 d--h----- D:\Documents and Settings\LocalService\Local Settings
2007-11-13 09:40:30 0 d--hs---- D:\Documents and Settings\LocalService\Cookies
2007-11-13 09:40:30 0 d-------- D:\Documents and Settings\LocalService\Application Data
2007-11-13 09:40:30 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-13 09:40:21 229376 --ah----- D:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-13 09:40:21 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
2007-11-13 09:40:21 0 d--hs---- D:\Documents and Settings\NetworkService\Cookies
2007-11-13 09:40:21 0 d-------- D:\Documents and Settings\NetworkService\Application Data
2007-11-13 09:40:21 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-13 09:35:05 0 d-------- D:\WINDOWS\system32\xircom
2007-11-13 09:35:05 0 d-------- D:\Program Files\microsoft frontpage
2007-11-13 09:34:51 229376 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
2007-11-13 09:33:34 0 d--hs---- D:\Documents and Settings\All Users\DRM
2007-11-13 09:33:24 0 dr------- D:\WINDOWS\Offline Web Pages
2007-11-13 09:33:23 0 d---s---- D:\WINDOWS\Downloaded Program Files
2007-11-13 09:33:13 0 d--h----- D:\Program Files\WindowsUpdate
2007-11-13 09:32:49 0 d-------- D:\WINDOWS\system32\DirectX
2007-11-13 09:31:56 0 d---s---- D:\WINDOWS\Tasks
2007-11-13 09:31:54 0 d-------- D:\Program Files\Common Files\MSSoap
2007-11-13 09:31:48 0 d-------- D:\WINDOWS\srchasst
2007-11-13 09:31:47 0 d-------- D:\WINDOWS\system32\Macromed
2007-11-13 09:31:34 0 d-------- D:\Program Files\Movie Maker
2007-11-13 09:31:19 0 d-------- D:\WINDOWS\system32\Restore
2007-11-13 09:30:27 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-11-13 09:30:12 0 d-------- D:\WINDOWS\Registration
2007-11-13 09:30:06 0 d-------- D:\Program Files\Online Services
2007-11-13 09:29:59 0 d-------- D:\Program Files\Messenger
2007-11-13 09:29:54 0 d-------- D:\Program Files\MSN Gaming Zone
2007-11-13 09:28:51 0 d-------- D:\Program Files\Windows NT
2007-11-13 09:28:46 0 d-------- D:\WINDOWS\system32\MsDtc
2007-11-13 09:28:43 0 d-------- D:\WINDOWS\system32\Com
2007-11-06 22:57:55 0 d-------- D:\torrents
2007-11-06 22:52:03 0 d-------- D:\incomp
2007-09-14 17:16:50 69632 --a------ D:\WINDOWS\system32\mrupvers.exe <Not Verified; ; mrupvers Module>
2007-09-12 19:35:53 0 d-------- D:\mus
2007-09-05 16:44:35 0 d-------- D:\Program Files\Guitar Pro 4
2007-07-27 11:01:53 0 d-------- D:\OST
2007-07-24 15:17:08 81920 --a------ D:\WINDOWS\system32\dns-sd.exe <Not Verified; Apple Inc.; Bonjour>
2007-07-24 15:17:08 61440 --a------ D:\WINDOWS\system32\dnssd.dll <Not Verified; Apple Inc.; Bonjour>
2007-07-22 08:39:55 0 d-------- D:\Program Files\Pool em up
2007-01-31 16:43:01 0 d-------- D:\Program Files\CC generals
2007-01-29 20:46:34 0 d-------- D:\Program Files\Electronic Arts
2006-12-21 18:43:05 0 d-------- D:\Software
2006-10-18 21:47:22 38400 -----n--- D:\WINDOWS\system32\wpdshextres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-09-18 08:57:48 2560 --a------ D:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2006-07-14 16:29:44 966656 --a------ D:\WINDOWS\UNNeroBackItUp.exe <Not Verified; Nero AG; Nero Installer>
2006-04-05 06:07:39 0 d-------- D:\NFS Most Wanted
2006-02-13 03:45:01 0 d-------- D:\Program Files\DAEMON Tools
2006-02-13 03:23:10 0 dr------- D:\Program Files
2006-01-23 10:50:54 102400 --a------ D:\WINDOWS\system32\mrtunnel.dll <Not Verified; ; mrtunnel Module>
2005-12-21 08:21:57 0 d-------- D:\burn
2005-10-13 08:49:46 0 d--hs---- D:\Recycled
2005-10-10 00:25:10 0 d-------- D:\acer
2005-10-09 11:12:35 0 dr-h----- D:\MSOCache
2005-10-09 10:46:16 0 d--hs---- D:\System Volume Information
2004-08-08 23:48:34 15478 ---hs---- D:\WINDOWS\system32\onjzalit.exe
2004-08-08 23:48:34 520 ---hs---- D:\WINDOWS\system32\gajzalit.sys
2004-08-08 23:48:32 1040 ---hs---- D:\WINDOWS\system32\ysjxbdwd.sys
2004-08-08 23:48:32 15709 ---hs---- D:\WINDOWS\system32\lojxadwd.exe
2004-08-08 23:48:28 15780 ---hs---- D:\WINDOWS\system32\lkssaplo.exe
2004-08-08 23:48:28 1560 ---hs---- D:\WINDOWS\system32\fassaplo.sys
2004-08-08 23:45:57 16308 ---hs---- D:\WINDOWS\system32\zaztamsn.exe
2004-08-08 23:45:57 3640 ---hs---- D:\WINDOWS\system32\xfztbmsn.sys
2004-08-08 23:44:11 15309 ---hs---- D:\WINDOWS\system32\dfqnabib.exe
2004-08-08 23:44:11 520 ---hs---- D:\WINDOWS\system32\aoqnabib.sys
2004-08-08 23:44:10 3120 ---hs---- D:\WINDOWS\system32\fzptbjpg.sys
2004-08-08 23:44:10 15204 ---hs---- D:\WINDOWS\system32\axptajpg.exe
2004-08-08 23:44:09 1040 ---hs---- D:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 23:44:09 15656 ---hs---- D:\WINDOWS\system32\lpmxajkl.exe
2004-08-08 23:43:21 16191 ---hs---- D:\WINDOWS\system32\lpsgajba.exe
2004-08-08 23:43:21 4680 ---hs---- D:\WINDOWS\system32\gpsgajba.sys
2004-08-08 23:43:02 535048 ---hs---- D:\WINDOWS\system32\oswxdttb.dll
2004-08-08 23:43:02 1560 ---hs---- D:\WINDOWS\system32\newxbttb.sys
2004-08-08 23:43:02 15713 ---hs---- D:\WINDOWS\system32\ghwxattb.exe
2004-08-08 23:43:01 512520 ---hs---- D:\WINDOWS\system32\zywmfime.dll
2004-08-08 23:43:01 5200 ---hs---- D:\WINDOWS\system32\fxwmbime.sys
2004-08-08 23:42:38 1040 ---hs---- D:\WINDOWS\system32\jashbbty.sys
2004-08-08 13:47:41 535048 ---hs---- D:\WINDOWS\system32\lijzclit.dll
2004-08-08 13:47:39 535048 ---hs---- D:\WINDOWS\system32\pjjxedwd.dll
2004-08-08 13:47:27 537608 ---hs---- D:\WINDOWS\system32\mpwdeapi.dll
2004-08-08 13:45:30 534536 ---hs---- D:\WINDOWS\system32\zxptejpg.dll
2004-08-08 13:28:28 16461 ---hs---- D:\WINDOWS\system32\azwmaime.exe
2004-08-08 13:28:17 14882 ---hs---- D:\WINDOWS\system32\etshabty.exe
2004-08-08 12:34:59 14915 ---hs---- D:\WINDOWS\system32\zxcsahlp.exe
2004-08-08 12:34:59 513544 ---hs---- D:\WINDOWS\system32\yxcschlp.dll
2004-08-08 12:34:59 2080 ---hs---- D:\WINDOWS\system32\xzcsbhlp.sys
2004-08-08 12:34:52 2600 ---hs---- D:\WINDOWS\system32\spwdbapi.sys
2004-08-08 12:34:52 16583 ---hs---- D:\WINDOWS\system32\siwdaapi.exe
2004-08-08 12:34:52 536584 ---hs---- D:\WINDOWS\system32\mpwddapi.dll
2004-08-08 12:33:43 14895 ---hs---- D:\WINDOWS\system32\zxfhajpg.exe
2004-08-08 12:33:43 513544 ---hs---- D:\WINDOWS\system32\yxfhcjpg.dll
2004-08-08 12:33:43 1040 ---hs---- D:\WINDOWS\system32\xzfhbjpg.sys
2004-08-08 12:33:36 15044 ---hs---- D:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 12:33:36 1560 ---hs---- D:\WINDOWS\system32\snfybbyt.sys
2004-08-08 12:33:36 513544 ---hs---- D:\WINDOWS\system32\ozfyebyt.dll
2004-08-08 12:32:48 1040 ---hs---- D:\WINDOWS\system32\smmhbsrv.sys
2004-08-08 12:32:48 17476 ---hs---- D:\WINDOWS\system32\ismhasrv.exe
2004-08-08 12:23:46 536072 ---hs---- D:\WINDOWS\system32\yzztimsn.dll
2004-08-08 11:03:19 1560 ---hs---- D:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 11:03:15 520 ---hs---- D:\WINDOWS\system32\bcsxachu.sys
2004-08-08 11:02:33 520 ---hs---- D:\WINDOWS\system32\fxcbbime.sys
2004-08-04 00:56:42 101888 --a------ D:\WINDOWS\system32\actxprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-07-26 16:16:10 471040 --a------ D:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-26 16:16:10 262144 --a------ D:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-26 16:16:10 1568768 --a------ D:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-09 08:43:56 364544 --a------ D:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2003-06-23 02:44:36 1415680 --a------ D:\WINDOWS\system32\wmv9vcm.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2002-08-21 05:13:12 189952 --a------ D:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-08-21 05:10:16 204800 --a------ D:\WINDOWS\system32\INKED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-01-08 23:40:59 0 d-------- D:\Documents and Settings\All Users\Application Data\ESET
2002-01-07 11:39:19 0 d-------- D:\Documents and Settings\Nafis\Application Data\WinRAR
2002-01-02 23:56:56 0 d-------- D:\Program Files\KSAFone
2002-01-02 23:43:11 24 --a------ D:\WINDOWS\system32\tiwxattb.sys
2002-01-02 01:12:47 0 d-------- D:\Documents and Settings\Nafis\Application Data\Malwarebytes
2002-01-02 01:12:43 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2002-01-02 01:12:41 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2002-01-02 01:12:09 0 d-------- D:\Program Files\Common Files\Download Manager
2002-01-02 00:23:25 0 d-------- D:\Program Files\Trend Micro
2002-01-01 00:47:27 0 d-------- D:\Program Files\Kaspersky Lab
2002-01-01 00:47:27 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2002-01-01 00:41:39 24 --a------ D:\WINDOWS\system32\ciwdaapi.sys
2002-01-01 00:07:58 2560 --a------ D:\WINDOWS\system32\drivers\mchInjDrv.sys
2002-01-01 00:04:42 0 d--hs---- D:\FOUND.005


-- Find3M Report ---------------------------------------------------------------

2007-11-13 10:21:10 62 --ahs---- D:\Documents and Settings\Nafis\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22596546-2036-9451-6058-658402589722}]
D:\WINDOWS\system32\opshbbty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B69874A-C58C-458D-69F0-698F874E41B2}]
D:\WINDOWS\system32\lassaplo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32023698-6984-8541-9654-698745012523}]
D:\WINDOWS\system32\skqncbib.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
08/08/2004 12:35 PM 513544 ---hs---- D:\WINDOWS\system32\yxcschlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37AC9076-C898-B098-D098-A18319080973}]
D:\WINDOWS\system32\nhmxcjkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C954872-1230-6541-9548-6541025884C3}]
08/08/2004 01:47 PM 535048 ---hs---- D:\WINDOWS\system32\lijzclit.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43512378-9874-5641-1025-985420368734}]
08/08/2004 11:43 PM 535048 ---hs---- D:\WINDOWS\system32\oswxdttb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45694105-5108-9405-3695-954187462154}]
08/08/2004 12:34 PM 536584 ---hs---- D:\WINDOWS\system32\mpwddapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FD45A54-9875-698F-E56E-65102358FDF4}]
D:\WINDOWS\system32\apsgdjba.dll

[HKEY_LO
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nafisnafis,

Your DSS logs got cutoff, please repost both DSS logs in your next reply. You will need to use more then 1 reply for them to fit.
  • 0

#7
nafisnafis

nafisnafis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello jimmy2012, thanks a lot for your help so far..... the other day my PC got stuck and i couldn't access my PC, not even in safe mode, so i formatted my computer. The virus should be gone right?
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nafisnafis,

Yes the virus will be gone, if you would like you can post a new HijackThis log and I will take a look at it if you want.
  • 0

#9
nafisnafis

nafisnafis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello jimmy2012,

Heres the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:53 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\acer\KnobService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CNYHKey.exe
C:\acer\KnobMonitor.exe
C:\ACER\MPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nafis Shahid\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [StopHS] stopHS.bat
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Knob Service (KNOBSERV) - Acer Inc. - c:\acer\KnobService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4421 bytes
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello nafisnafis,
You should print out the first step, because once you are in safe mode you may not be able to view this page.

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [StopHS] stopHS.bat

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

Boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Select your normal user account.

Please delete these files.(if present)
C:\WINDOWS\sser.exe
C:\WINDOWS\stopHS.bat

After you have done that please restart your computer(you will be out of safe mode now).

STEP 2
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP 3
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
~~~~~~~~~~
In your next reply please have these logs.
The MalwareBytes log
The Kaspersky log
A new HijackThis log
And please tell me if you are having any errors or other problems with your computer
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP