Go to
C:\QooBox and delete the entire
QooBox folder and empty the recycle bin afterwards.
----------
Open Hijackthis and select
Do a system scan only.
Place a check mark next to the following entries: (if there)
- O4 - HKLM\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" *
- O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
- O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
- O4 - HKLM\..\Run: [78d2b5e2] rundll32.exe "C:\WINDOWS\System32\pfhvlxjr.dll",b
- O4 - HKLM\..\Run: [BM7be1867e] Rundll32.exe "C:\WINDOWS\System32\spbuqqxi.dll",s
- O4 - HKCU\..\Run: [System Services] aivbbzlgg.exe
- O4 - HKCU\..\RunServices: [System Services] aivbbzlgg.exe
- O4 - HKUS\S-1-5-18\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" * (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" * (User 'Default user')
- O4 - Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
- O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
- O23 - Service: Windows Network Management and Security Layer (NMSL) - Unknown owner - C:\WINDOWS\system32\nmsl.exe (file missing)Important: Close all windows except for Hijackthis and then click
Fix checked.
Exit Hijackthis.
----------
Download
OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\nts.exe
C:\WINDOWS\System32\pfhvlxjr.dll
C:\WINDOWS\System32\spbuqqxi.dll
aivbbzlgg.exe
aivbbzlgg.exe
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\nmsl.exe
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
- Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting
ALL of them and
pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close
OTMoveIt2Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes. In this case, after the reboot, open Notepad (
Start>All Programs>Accessories>Notepad), click
File>Open, in the File Name box enter
*.log and press the
Enter key, navigate to the
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present.
Copy and then paste the contents of that document in your next post.
----------
Run ATF Cleaner and then restart the computer.
----------
Next post
OTMoveIt log
NEW Hijackthis logLet me know how things are now.