11 replies to this topic

[bullyboy]

hi guys , i have tryed everything! i download spybot whitch found nothing , superantispy still nothing. malwarebytes nothing , what can it be , i keep getting loads of popups and they are such a pain , i have done a hijack log. i think the mane thing is something called http:// 67_201_36_16/nolink dot html





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:40, on 30/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe




here is some of the pop ups i get suvcomparison(DOT)com, boxerhund(dot)com, seal.9612(dot)org etc etc, please please help guys , many thanks another 1 is http:_//_67(dot)201.36.16/nolink(dot)html

Edited by Doug, 30 October 2009 - 06:41 PM.
to disable possibly bad live links

[bullyboy]

any help?

[LDTate]

We look for post with 0 replies, so when you posted to your own log, we assumed you were being helped.


DO NOT use any TOOLS such as Combofix, MBAM, SmitfraudFix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.



Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Note: Combofix will run without the Recovery Console installed.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

[bullyboy]

hi and thanks for your help , heres my reports


ComboFix 09-10-30.01 - Administrator 01/11/2009 14:27.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1711 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-30 16:53 . 2009-10-30 16:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-30 16:52 . 2009-10-30 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-30 16:06 . 2009-10-30 16:06 -------- d-----w- c:\program files\Trend Micro
2009-10-30 15:45 . 2009-11-01 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 15:45 . 2009-10-30 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-29 23:49 . 2009-10-29 23:49 -------- d-----w- c:\program files\CCleaner
2009-10-29 23:22 . 2009-10-29 23:22 -------- d-----w- c:\program files\Free Window Registry Repair
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-29 16:23 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 16:23 . 2009-10-29 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 16:23 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 23:30 . 2009-10-28 23:29 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 15:41 . 2009-10-28 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2009-10-28 15:39 . 2009-10-28 15:39 -------- d-----w- c:\program files\Paragon Software
2009-10-27 12:16 . 2009-10-27 12:16 4248848 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-10-27 12:15 . 2009-10-27 12:15 248592 ----a-w- c:\windows\system32\prgiso.dll
2009-10-25 17:05 . 2009-10-29 23:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-22 14:45 . 2009-10-22 14:45 10 ----a-w- c:\windows\iosys32b.dat
2009-10-18 17:34 . 2009-10-18 17:34 -------- d-----w- c:\program files\directx
2009-10-18 17:30 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-18 17:30 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-18 17:14 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-18 17:03 . 2009-10-18 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-15 22:18 . 2009-10-15 22:18 10 ----a-w- c:\windows\winitwkg.dat
2009-10-15 02:24 . 2009-10-15 02:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 21:12 . 2009-04-22 10:53 40712 ----a-w- c:\windows\system32\eetransx.exe
2009-10-12 21:12 . 2008-04-29 12:16 143360 ----a-w- c:\windows\system32\EEGenFn1.dll
2009-10-12 21:12 . 1998-04-23 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-10-11 12:46 . 2009-10-11 12:46 -------- d-----w- c:\program files\PartyGaming
2009-10-03 15:18 . 2009-10-03 15:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-02 16:01 . 2009-10-11 19:50 -------- d-----w- c:\documents and settings\Administrator\PARTYPokerDir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 02:49 . 2009-09-07 17:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 17:46 . 2009-09-30 10:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-29 12:31 . 2009-08-06 08:50 38 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-10-29 12:31 . 2009-09-05 19:55 63 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-10-29 11:49 . 2009-09-30 10:48 -------- d-----w- c:\program files\Norton Internet Security
2009-10-26 23:49 . 2009-08-05 19:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-18 17:10 . 2009-08-05 18:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-03 18:19 . 2009-09-07 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-03 18:18 . 2009-09-30 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-30 11:23 . 2009-09-30 11:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-30 11:05 . 2009-09-30 10:46 -------- d-----w- c:\program files\Symantec
2009-09-30 11:04 . 2009-09-30 11:04 -------- d-----w- c:\program files\SymNetDrv
2009-09-30 11:01 . 2009-09-30 10:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-09-21 22:28 . 2009-09-21 18:01 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 18:28 . 2009-09-21 18:28 691420 ----a-w- c:\windows\system32\Client.exe
2009-09-21 18:04 . 2009-09-21 18:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\program files\iTunes
2009-09-21 18:02 . 2009-09-21 18:02 -------- d-----w- c:\program files\iPod
2009-09-21 18:02 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\program files\QuickTime
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\program files\Apple Software Update
2009-09-21 18:01 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-21 13:20 . 2009-08-11 13:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-19 01:20 . 2009-08-05 19:18 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 18:59 . 2009-09-17 18:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-09-15 21:13 . 2009-09-15 21:12 -------- d-----w- c:\program files\Windows Live
2009-09-15 21:12 . 2009-09-15 21:12 -------- d-----w- c:\program files\Microsoft
2009-09-15 21:09 . 2009-09-15 21:09 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 12:48 . 2009-08-30 20:48 -------- d-----w- c:\program files\Common Files\Real
2009-09-14 12:48 . 2009-09-14 12:48 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-14 12:47 . 2006-11-17 13:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-14 12:47 . 2009-09-14 12:47 -------- d-----w- c:\program files\Real
2009-09-12 17:53 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\pkClient
2009-09-12 17:40 . 2009-09-12 17:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\godzHell
2009-09-12 13:29 . 2009-09-12 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Passware
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:06 . 2009-09-10 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\sctemp
2009-09-10 21:05 . 2009-08-05 18:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 22:16 . 2009-09-07 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenebril
2009-09-08 14:21 . 2009-09-07 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-07 21:11 . 2009-09-07 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-07 19:24 . 2009-09-07 19:24 -------- d-----w- c:\program files\MSBuild
2009-09-07 19:24 . 2009-09-07 19:24 -------- d-----w- c:\program files\Reference Assemblies
2009-09-07 19:23 . 2009-09-07 19:23 -------- d-----w- c:\program files\MSXML 6.0
2009-09-07 17:47 . 2009-08-05 18:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 17:39 . 2009-08-20 13:04 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-09-07 13:18 . 2009-09-07 13:18 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-07 13:01 . 2009-09-07 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 12:55 . 2009-09-07 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 02:03 . 2009-08-17 02:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-08-16 23:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-08-05 18:22 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2008-05-16 13:01 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2008-05-16 13:01 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2008-05-16 13:01 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57 . 2008-05-16 13:01 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2008-05-16 13:01 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2008-05-16 13:01 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2008-05-16 13:01 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-11 11:35 . 2009-08-05 18:22 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-06 18:24 . 2009-08-04 17:17 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2009-08-04 17:17 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2009-08-04 17:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2009-08-04 17:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2009-08-04 17:17 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-09-15 23:28 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2009-09-15 23:28 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2009-08-04 17:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 18:36 . 2009-08-05 18:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 18:28 . 2009-08-05 18:28 0 ----a-w- c:\windows\nsreg.dat
2009-08-05 18:14 . 2009-08-05 18:14 319488 ----a-w- c:\windows\HideWin.exe
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:17 . 2009-08-04 17:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-04 13:58 . 2004-08-04 12:00 2136064 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2015744 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-05 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-09-30 100056]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 15:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-12-01 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-12 74480]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 13:20]

2009-10-30 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-31 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = <local>
IE: &Search
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8e4xmoj9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 14:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-2052111302-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,58,48,db,e7,e6,dc,4c,b6,86,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,58,48,db,e7,e6,dc,4c,b6,86,be,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-01 14:31
ComboFix-quarantined-files.txt 2009-11-01 14:31

Pre-Run: 481,969,410,048 bytes free
Post-Run: 481,944,879,104 bytes free

- - End Of File - - 884FF1CE0A727EECE9031BC3738DCD09





hijackthis log is.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:29, on 01/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[LDTate]

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  • 
  
  
  To be on the safe side, I would also change all my passwords.
  
  
  Here's my usual all clean post
  
  Log looks good
  
  
  
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly.
  Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:

[bullyboy]

ok , i have done everything you told me to do , what is best to use is it norton firewall or my windows firewall?

[LDTate]

ok , i have done everything you told me to do , what is best to use is it norton firewall or my windows firewall?

I would use Nortons.

[bullyboy]

ok so is my pc fixed now?

[LDTate]

Looks good to me. Any issues?

[bullyboy]

all seems good now , no pop ups atall! , cheers for your help my friend, u guys are geniuses, many thanks,

[LDTate]

Great job You're more then welcome. Glad we were able to help Peace be with you

[LDTate]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.