Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop ups tried everything can't shift them [CLOSED]


  • This topic is locked This topic is locked

#1
kwakman

kwakman

    New Member

  • Member
  • Pip
  • 3 posts
i am new to this please be patient i think i have a virus or spyware running norton anti virus avg spyware they found some viruses and removed them but can't detect these pop ups ran spybot ,adaware still the same please help here is my hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:11, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\epm\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: POPStopperIE.CToolbar - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: gebcccc - C:\WINDOWS\
O20 - Winlogon Notify: ngobzujj - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7438 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
kwakman

kwakman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is combofix log hjt log cheers
ComboFix 08-02-13.2 - ruth mcglynn 2008-02-13 17:51:44.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.156 [GMT 0:00]
Running from: C:\Documents and Settings\ruth mcglynn\My Documents\downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\atapii.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\atapii.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\japnwvaq.ini
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\kjjdapqq.ini
C:\WINDOWS\system32\msblcd32.dll
C:\WINDOWS\system32\ngobzujj.dllbox
C:\WINDOWS\system32\npumlqpc.ini
C:\WINDOWS\system32\nswtjlql.ini
C:\WINDOWS\system32\qbfdcfyo.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ATAPII
-------\atapii


((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 17:59 . 2008-02-13 17:59 268 --ah----- C:\sqmdata12.sqm
2008-02-13 17:59 . 2008-02-13 17:59 244 --ah----- C:\sqmnoopt12.sqm
2008-02-12 22:18 . 2008-02-12 22:18 268 --ah----- C:\sqmdata11.sqm
2008-02-12 22:18 . 2008-02-12 22:18 244 --ah----- C:\sqmnoopt11.sqm
2008-02-12 21:35 . 2008-02-12 21:35 268 --ah----- C:\sqmdata10.sqm
2008-02-12 21:35 . 2008-02-12 21:35 244 --ah----- C:\sqmnoopt10.sqm
2008-02-12 21:31 . 2008-02-12 21:32 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 20:21 . 2008-02-12 20:21 268 --ah----- C:\sqmdata09.sqm
2008-02-12 20:21 . 2008-02-12 20:21 244 --ah----- C:\sqmnoopt09.sqm
2008-02-12 19:19 . 2008-02-12 19:19 268 --ah----- C:\sqmdata08.sqm
2008-02-12 19:19 . 2008-02-12 19:19 244 --ah----- C:\sqmnoopt08.sqm
2008-02-12 18:46 . 2008-02-12 19:23 2,170 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-12 18:45 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-12 18:45 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-12 18:45 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-12 18:45 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-12 18:45 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-12 18:45 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-12 18:45 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-11 22:36 . 2008-02-11 22:36 268 --ah----- C:\sqmdata07.sqm
2008-02-11 22:36 . 2008-02-11 22:36 244 --ah----- C:\sqmnoopt07.sqm
2008-02-10 21:29 . 2008-02-10 21:29 172 --ah----- C:\sqmnoopt06.sqm
2008-02-10 21:29 . 2008-02-10 21:29 172 --ah----- C:\sqmdata06.sqm
2008-02-10 21:24 . 2008-02-10 21:24 268 --ah----- C:\sqmdata05.sqm
2008-02-10 21:24 . 2008-02-10 21:24 244 --ah----- C:\sqmnoopt05.sqm
2008-02-10 12:12 . 2008-02-10 12:12 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\Symantec
2008-02-10 09:49 . 2008-02-10 09:49 268 --ah----- C:\sqmdata04.sqm
2008-02-10 09:49 . 2008-02-10 09:49 244 --ah----- C:\sqmnoopt04.sqm
2008-02-08 13:29 . 2008-02-08 13:29 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\Template
2008-02-08 13:28 . 2008-02-08 22:06 158 --a------ C:\Documents and Settings\ruth mcglynn\Application Data\wklnhst.dat
2008-02-06 19:39 . 2008-02-06 19:41 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-06 19:39 . 2008-02-06 19:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-06 19:32 . 2008-02-06 19:32 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\Symantec
2008-02-06 19:24 . 2008-02-06 19:24 <DIR> d-------- C:\Program Files\Symantec
2008-02-06 19:24 . 2008-02-06 19:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-06 19:24 . 2008-02-06 19:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-06 19:24 . 2008-02-06 19:24 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-02-05 22:49 . 2008-02-05 22:49 <DIR> d-------- C:\Program Files\ScanSpyware v3.8
2008-02-05 22:18 . 2008-02-05 22:18 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\AdwareAlert
2008-02-05 22:04 . 2008-02-05 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-02-05 21:51 . 2008-02-05 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 21:26 . 2008-02-05 21:26 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 19:36 . 2008-02-04 19:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 19:36 . 2008-02-04 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-04 18:36 . 2008-02-04 18:36 <DIR> d-------- C:\Program Files\AF Uninstalls
2008-02-04 18:36 . 2008-02-04 18:36 1,077,344 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-02-04 18:36 . 2008-02-04 18:36 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-04 18:36 . 2008-02-04 18:36 165,680 --a------ C:\WINDOWS\system32\AUTMGR32.EXE
2008-02-04 18:36 . 2008-02-04 18:36 140,488 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-02-04 18:36 . 2008-02-04 18:36 140,288 --a------ C:\WINDOWS\system32\AUTPRX32.DLL
2008-02-04 18:36 . 2008-02-04 18:36 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-04 18:36 . 2008-02-04 18:36 61,440 --a------ C:\WINDOWS\system32\RACMGR32.EXE
2008-02-04 18:21 . 2008-02-04 18:21 <DIR> d-------- C:\Program Files\SmartPopupBlocker
2008-02-03 23:13 . 2008-02-03 23:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-03 23:13 . 2008-02-03 23:13 <DIR> d-------- C:\Program Files\Google
2008-02-03 23:13 . 2008-02-03 23:13 <DIR> d-------- C:\Downloads
2008-02-03 23:12 . 2008-02-03 23:12 <DIR> d-------- C:\Program Files\BitComet
2008-02-03 21:25 . 2008-02-03 21:25 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-02-03 21:25 . 2008-02-03 21:25 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\TuneUp Software
2008-02-03 21:25 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-03 21:24 . 2008-02-03 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-03 17:03 . 2008-02-03 17:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 17:03 . 2008-02-03 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 17:02 . 2008-02-03 17:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\U3
2008-02-03 14:02 . 2008-02-03 14:02 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\AVG7
2008-02-02 13:29 . 2008-02-02 13:29 <DIR> dr-h----- C:\$VAULT$.AVG
2008-02-02 13:17 . 2008-02-02 13:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-02 13:13 . 2008-02-02 13:14 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\AVG7
2008-02-02 13:13 . 2008-02-02 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-01 21:02 . 2008-02-01 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-01 19:46 . 2008-02-01 19:46 41,168,824 --a------ C:\WINDOWS\system32\avg75avwt_516a1225.exe
2008-02-01 17:10 . 2008-02-01 17:10 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\Nero
2008-02-01 17:10 . 2008-02-01 17:10 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\Grisoft
2008-01-31 22:27 . 2008-01-31 22:27 <DIR> d-------- C:\Program Files\Nero
2008-01-31 21:39 . 2008-01-31 21:39 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\Grisoft
2008-01-31 21:36 . 2008-01-31 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 21:36 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 19:46 . 2008-01-31 19:46 <DIR> d--hs---- C:\Recycled
2008-01-30 22:36 . 2008-01-30 22:36 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-30 22:14 . 2008-01-30 22:14 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\Nero
2008-01-30 22:08 . 2008-01-30 22:08 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-30 22:08 . 2008-01-30 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-29 19:55 . 2008-01-29 19:55 <DIR> d-------- C:\Program Files\uTorrent
2008-01-29 19:55 . 2008-01-29 19:55 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Application Data\uTorrent
2008-01-27 19:17 . 2008-01-27 19:17 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\CyberLink
2008-01-26 22:00 . 2008-01-26 22:00 <DIR> d-------- C:\Documents and Settings\katie mcglynn\Application Data\Template
2008-01-26 22:00 . 2008-01-27 17:57 186 --a------ C:\Documents and Settings\katie mcglynn\Application Data\wklnhst.dat
2008-01-25 10:35 . 2008-01-25 10:35 <DIR> d-------- C:\Documents and Settings\ruth mcglynn\Contacts
2008-01-25 08:03 . 2008-01-25 08:03 268 --ah----- C:\sqmdata03.sqm
2008-01-25 08:03 . 2008-01-25 08:03 244 --ah----- C:\sqmnoopt03.sqm
2008-01-23 18:00 . 2008-01-23 18:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-23 17:57 . 2008-01-23 17:57 244 --ah----- C:\sqmnoopt02.sqm
2008-01-23 17:57 . 2008-01-23 17:57 244 --ah----- C:\sqmnoopt00.sqm
2008-01-23 17:57 . 2008-01-23 17:57 232 --ah----- C:\sqmdata02.sqm
2008-01-23 17:57 . 2008-01-23 17:57 232 --ah----- C:\sqmdata00.sqm
2008-01-23 17:57 . 2008-01-23 17:57 172 --ah----- C:\sqmnoopt01.sqm
2008-01-23 17:57 . 2008-01-23 17:57 172 --ah----- C:\sqmdata01.sqm
2008-01-23 13:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 13:29 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 22:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-02-03 22:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-02-03 22:46 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 19:08 6,144 ----a-w C:\WINDOWS\system32\drivers\NTIDrvr.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:21 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 02:21 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 02:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:21 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:21 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 02:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:21 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 02:21 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 02:21 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:21 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 02:21 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 02:21 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 02:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 02:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 02:21 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 02:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 02:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 02:21 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 02:21 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 02:21 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:21 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18 212992]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11 2889728]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05 385024]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-31 21:42 6731312]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27 52848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcccc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ngobzujj]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Program Files\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 1410344 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Program Files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-06-06 11:52 69632 C:\Program Files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Program Files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Program Files\Launch Manager\PowerKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-04 11:11 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-04 11:12 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2005-07-25 13:34 81920 C:\Program Files\Launch Manager\Wbutton.exe

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 18:14:32 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-03 21:25:38 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-06 19:16:46 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-02-08 20:41:50 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - ruth mcglynn.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:13:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-02-13 18:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 18:17:00
.
2008-02-12 21:34:49 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:38, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\epm\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: POPStopperIE.CToolbar - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: gebcccc - C:\WINDOWS\
O20 - Winlogon Notify: ngobzujj - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7384 bytes
  • 0

#4
kwakman

kwakman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
been on ie7 since running combofix don't seem to be getting pop ups now can you still check logs for us and advise really appreciate your help cheers
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O20 - Winlogon Notify: gebcccc - C:\WINDOWS\
O20 - Winlogon Notify: ngobzujj - C:\WINDOWS\


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP