Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4220
  • Last Modified:

help with adware purityscan removal

Hi,
I have been trying to remove adware purityscan with no luck. norton detects it and claims it removes it but it reappears after removal, have run every antispyware tool i can think of. also getting winativirusgold popups, it had completely taken over ie, this is driving me crazy any help would be greatly appreciated. I ran hijack this here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:37 AM, on 8/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\Program Files\Trend\SProtect\EarthAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Timberline Software
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINNT\system32\stjyxpvo.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Brct] "C:\PROGRA~1\MBOLS~1\regsvr32.exe" -vt yazb
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170770333640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Domain
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Domain
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend ServerProtect Agent (EarthAgent) - Trend Micro Inc. - C:\Program Files\Trend\SProtect\EarthAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

I appreciate any assistance
0
Axlin
Asked:
Axlin
  • 5
  • 3
1 Solution
 
rpggamergirlCommented:
This will take care of it.

Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 
rpggamergirlCommented:
Before you do that, maybe you should use Vundofix first, you have vundo there as well. Although Combofix can also remove vundo, vundofix is the one specialized for vundo infection.

 Please download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
* Double-click VundoFix.exe to run it.
* Click the "Scan for Vundo" button.
* Once it's done scanning, click the "Remove Vundo" button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encounters a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

You might need to run it twice, please show us the log.
0
 
AxlinAuthor Commented:
I just ran the combofix exe, the system just went down for a reboot, I'll let you know what happens when it comes back up. Thanks for the lighting fast responses! oh, just saw your second post, should i run that afterwards, I ran the other one before i saw the second reply.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
AxlinAuthor Commented:
here is the combo.exe log
thanks again for the help!

ComboFix 07-07-30.2 - "darwin" 08/02/2007  9:46:51.1 [GMT -4:00] - NTFS
Microsoft Windows 2000 Professional  5.0.2195.4.1252.1.1033.18.True


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\ldvdtbij.dll
C:\WINNT\system32\lvsfcgyo.dll
C:\WINNT\SYSTEM32\wycdd.ini2
C:\WINNT\SYSTEM32\wycdd.tmp
C:\WINNT\SYSTEM32\wycdd.ini2
C:\WINNT\SYSTEM32\wycdd.tmp
C:\WINNT\system32\ddcyw.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\mbols~1
C:\Program Files\mbols~1\regsvr32.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\WINNT\b136.exe
C:\WINNT\system32\_000006_.tmp.dll
C:\WINNT\system32\_000008_.tmp.dll
C:\WINNT\system32\_000009_.tmp.dll
C:\WINNT\system32\_000010_.tmp.dll
C:\WINNT\system32\_000035_.tmp.dll
C:\WINNT\system32\wnsapiicomsv.exe
C:\WINNT\wr.txt


(((((((((((((((((((((((((   Files Created from 2007-07-02 to 2007-08-02  )))))))))))))))))))))))))))))))


2007-08-02 09:46      51,200      --a------      C:\WINNT\nircmd.exe
2007-08-02 08:47      <DIR>      d--------      C:\Program Files\Trend Micro
2007-08-01 16:24      <DIR>      d--------      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-01 15:07      <DIR>      d--------      C:\Program Files\Common Files\Wise Installation Wizard
2007-08-01 11:06      125,504      --a------      C:\WINNT\SYSTEM32\stjyxpvo.dll
2007-08-01 10:44      <DIR>      d--------      C:\Program Files\CCleaner
2007-08-01 10:26      <DIR>      d-a------      C:\WINNT\SYSTEM32\ie_de
2007-08-01 10:26      <DIR>      d--------      C:\WINNT\ServicePackFiles
2007-08-01 10:24      977,680      --a------      C:\WINNT\SYSTEM32\vfpodbc.dll
2007-08-01 10:24      97,040      --a------      C:\WINNT\SYSTEM32\rtm.dll
2007-08-01 10:24      95,024      --a------      C:\WINNT\SYSTEM32\sfc.dll
2007-08-01 10:24      92,432      --a------      C:\WINNT\SYSTEM32\xactsrv.dll
2007-08-01 10:24      90,384      --a------      C:\WINNT\SYSTEM32\trkwks.dll
2007-08-01 10:24      87,312      --a------      C:\WINNT\SYSTEM32\TASKMGR.EXE
2007-08-01 10:24      85,776      --a------      C:\WINNT\SYSTEM32\smlogsvc.exe
2007-08-01 10:24      83,888      --a------      C:\WINNT\SYSTEM32\vga.dll
2007-08-01 10:24      81,168      --a------      C:\WINNT\SYSTEM32\stobject.dll
2007-08-01 10:24      80,144      --a------      C:\WINNT\SYSTEM32\telnet.exe
2007-08-01 10:24      8,464      --a------      C:\WINNT\SYSTEM32\wshirda.dll
2007-08-01 10:24      79,120      --a------      C:\WINNT\SYSTEM32\winscard.dll
2007-08-01 10:24      77,584      --a------      C:\WINNT\SYSTEM32\scripto.dll
2007-08-01 10:24      77,072      --a------      C:\WINNT\SYSTEM32\rsvpsp.dll
2007-08-01 10:24      74,512      --a------      C:\WINNT\SYSTEM32\wmicore.dll
2007-08-01 10:24      73,488      --a------      C:\WINNT\regedit.exe
2007-08-01 10:24      7,440      --a------      C:\WINNT\SYSTEM32\svcpack.dll
2007-08-01 10:24      7,440      --a------      C:\WINNT\SYSTEM32\sensapi.dll
2007-08-01 10:24      69,904      --a------      C:\WINNT\SYSTEM32\ws2_32.dll
2007-08-01 10:24      69,392      --a------      C:\WINNT\SYSTEM32\shim.dll
2007-08-01 10:24      68,368      --a------      C:\WINNT\SYSTEM32\unimdmat.dll
2007-08-01 10:24      68,368      --a------      C:\WINNT\SYSTEM32\regsvc.exe
2007-08-01 10:24      65,601      --a------      C:\WINNT\SYSTEM32\servdeps.dll
2007-08-01 10:24      63,248      --a------      C:\WINNT\SYSTEM32\RASSCRPT.DLL
2007-08-01 10:24      62,736      --a------      C:\WINNT\SYSTEM32\sstext3d.scr
2007-08-01 10:24      61,712      --a------      C:\WINNT\SYSTEM32\stisvc.exe
2007-08-01 10:24      60,688      --a------      C:\WINNT\SYSTEM32\RASCHAP.DLL
2007-08-01 10:24      6,928      --a------      C:\WINNT\SYSTEM32\skdll.dll
2007-08-01 10:24      59,152      --a------      C:\WINNT\SYSTEM32\winfax.dll
2007-08-01 10:24      57,616      --a------      C:\WINNT\SYSTEM32\wlnotify.dll
2007-08-01 10:24      55,056      --a------      C:\WINNT\SYSTEM32\tlntsess.exe
2007-08-01 10:24      48,912      --a------      C:\WINNT\SYSTEM32\secur32.dll
2007-08-01 10:24      48,200      --a------      C:\WINNT\SYSTEM32\scrdx86.dll
2007-08-01 10:24      48,200      --a------      C:\WINNT\SYSTEM32\scrdenrl.dll
2007-08-01 10:24      47,888      --a------      C:\WINNT\SYSTEM32\ssbezier.scr
2007-08-01 10:24      45,840      --a------      C:\WINNT\SYSTEM32\skeys.exe
2007-08-01 10:24      44,816      --a------      C:\WINNT\SYSTEM32\rsm.exe
2007-08-01 10:24      42,768      --a------      C:\WINNT\SYSTEM32\webhits.dll
2007-08-01 10:24      419,600      --a------      C:\WINNT\SYSTEM32\ssmaze.scr
2007-08-01 10:24      41,744      --a------      C:\WINNT\SYSTEM32\tcpmon.dll
2007-08-01 10:24      41,744      --a------      C:\WINNT\SYSTEM32\sti.dll
2007-08-01 10:24      41,744      --a------      C:\WINNT\SYSTEM32\ssflwbox.scr
2007-08-01 10:24      40,720      --a------      C:\WINNT\SYSTEM32\RESUTILS.DLL
2007-08-01 10:24      4,368      --a------      C:\WINNT\SYSTEM32\winver.exe
2007-08-01 10:24      39,696      --a------      C:\WINNT\SYSTEM32\wsnmp32.dll
2007-08-01 10:24      39,184      --a------      C:\WINNT\SYSTEM32\winsta.dll
2007-08-01 10:24      38,672      --a------      C:\WINNT\SYSTEM32\ssmarque.scr
2007-08-01 10:24      38,160      --a------      C:\WINNT\SYSTEM32\sens.dll
2007-08-01 10:24      375,568      --a------      C:\WINNT\SYSTEM32\tapi3.dll
2007-08-01 10:24      36,624      --a------      C:\WINNT\SYSTEM32\ssmyst.scr
2007-08-01 10:24      36,624      --a------      C:\WINNT\SYSTEM32\RNR20.DLL
2007-08-01 10:24      36,112      --a------      C:\WINNT\SYSTEM32\regapi.dll
2007-08-01 10:24      35,600      --a------      C:\WINNT\SYSTEM32\storprop.dll
2007-08-01 10:24      33,552      --a------      C:\WINNT\SYSTEM32\shmgrate.exe
2007-08-01 10:24      33,040      --a------      C:\WINNT\SYSTEM32\ssstars.scr
2007-08-01 10:24      315,664      --a------      C:\WINNT\SYSTEM32\usp10.dll
2007-08-01 10:24      31,504      --a------      C:\WINNT\SYSTEM32\traffic.dll
2007-08-01 10:24      30,749      --a------      C:\WINNT\SYSTEM32\vbajet32.dll
2007-08-01 10:24      29,968      --a------      C:\WINNT\SYSTEM32\wpnpinst.exe
2007-08-01 10:24      285,456      --a------      C:\WINNT\SYSTEM32\smlogcfg.dll
2007-08-01 10:24      28,432      --a------      C:\WINNT\SYSTEM32\scrnsave.scr
2007-08-01 10:24      28,400      --a------      C:\WINNT\SYSTEM32\wupdinfo.dll
2007-08-01 10:24      270,608      --a------      C:\WINNT\winhlp32.exe
2007-08-01 10:24      26,384      --a------      C:\WINNT\SYSTEM32\utildll.dll
2007-08-01 10:24      25,360      --a------      C:\WINNT\SYSTEM32\rsfsaps.dll
2007-08-01 10:24      25,360      --a------      C:\WINNT\SYSTEM32\rapilib.dll
2007-08-01 10:24      246,544      --a------      C:\WINNT\SYSTEM32\strmdll.dll
2007-08-01 10:24      24,848      --a------      C:\WINNT\SYSTEM32\sqlwid.dll
2007-08-01 10:24      24,848      --a------      C:\WINNT\SYSTEM32\spdwnw2k.exe
2007-08-01 10:24      24,336      --a------      C:\WINNT\SYSTEM32\rpcns4.dll
2007-08-01 10:24      239,376      --a------      C:\WINNT\SYSTEM32\winsmon.dll
2007-08-01 10:24      22,800      --a------      C:\WINNT\SYSTEM32\utilman.exe
2007-08-01 10:24      22,800      --a------      C:\WINNT\SYSTEM32\routeext.dll
2007-08-01 10:24      214,288      --a------      C:\WINNT\SYSTEM32\snmpsnap.dll
2007-08-01 10:24      21,776      --a------      C:\WINNT\SYSTEM32\wsock32.dll
2007-08-01 10:24      21,776      --a------      C:\WINNT\SYSTEM32\spupdw2k.exe
2007-08-01 10:24      21,264      --a------      C:\WINNT\SYSTEM32\stimon.exe
2007-08-01 10:24      20,752      --a------      C:\WINNT\SYSTEM32\sclgntfy.dll
2007-08-01 10:24      198,928      --a------      C:\WINNT\SYSTEM32\rasppp.dll
2007-08-01 10:24      193,296      --a------      C:\WINNT\winrep.exe
2007-08-01 10:24      19,728      --a------      C:\WINNT\SYSTEM32\DRIVERS\usbehci.sys
2007-08-01 10:24      187,664      --a------      C:\WINNT\SYSTEM32\thumbvw.dll
2007-08-01 10:24      187,024      --a------      C:\WINNT\SYSTEM32\spcmdcon.sys
2007-08-01 10:24      186,128      --a------      C:\WINNT\SYSTEM32\tlntsvr.exe
2007-08-01 10:24      176,912      --a------      C:\WINNT\SYSTEM32\rsvp.exe
2007-08-01 10:24      173,328      --a------      C:\WINNT\SYSTEM32\tapisrv.dll
2007-08-01 10:24      17,680      --a------      C:\WINNT\SYSTEM32\tftp.exe
2007-08-01 10:24      17,680      --a------      C:\WINNT\SYSTEM32\SNMPAPI.DLL
2007-08-01 10:24      17,168      --a------      C:\WINNT\SYSTEM32\secedit.exe
2007-08-01 10:24      162,064      --a------      C:\WINNT\SYSTEM32\WLDAP32.DLL
2007-08-01 10:24      16,144      --a------      C:\WINNT\SYSTEM32\version.dll
2007-08-01 10:24      155,920      --a------      C:\WINNT\SYSTEM32\wavemsp.dll


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-02 09:51       ---------      d--------      C:\Program Files\Symantec AntiVirus
07-08-01 10:49       ---------      d--------      C:\Program Files\AutoCAD LT 2002
07-08-01 10:28       ---------      d-a------      C:\Program Files\Windows NT
07-06-11 13:39       ---------      d--------      C:\Program Files\Common Files\Mric
07-05-25 15:22       24000      --a------      C:\WINNT\system32\lmimirr.dll
07-05-25 15:22       10304      --a------      C:\WINNT\system32\lmimirr2.dll
03-01-22 18:08       271      --ah-----      C:\Program Files\DESKTOP.INI
03-01-22 18:08       21952      --ah-----      C:\Program Files\FOLDER.HTT


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05  C:\WINNT\SYSTEM32\mobsync.exe]
"nwiz"="nwiz.exe" [03-03-01 03:13  C:\WINNT\SYSTEM32\nwiz.exe]
"CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-12-17 21:14 ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 20:28 ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [03-06-26 19:50 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05-04-08 16:52 ]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [05-04-17 13:30 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05-02-16 23:11 ]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [07-04-17 14:03 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 21:09  C:\WINNT\SYSTEM32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-07-27 09:25 ]
"Brct"="C:\PROGRA~1\MBOLS~1\regsvr32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-07-26 09:10:21]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-12]
Pervasive.SQL Workgroup Engine.lnk - C:\Pvsw\Bin\w3dbsmgr.exe [2003-07-31 14:09:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxwu]
fccyxwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 03-06-19 15:05  139536 C:\WINNT\SYSTEM32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 02-02-15 11:51  24638 C:\WINNT\SYSTEM32\Pcanotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 Gernuwa;Gernuwa;C:\WINNT\system32\drivers\Gernuwa.sys
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys
R1 Cdr4_2K;Cdr4_2K;C:\WINNT\system32\drivers\Cdr4_2K.sys
R1 Cdralw2k;Cdralw2k;C:\WINNT\system32\drivers\Cdralw2k.sys
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe
R2 AsfAlrt;AsfAlrt;\??\C:\WINNT\System32\drivers\AsfAlrt.sys
R2 EarthAgent;Trend ServerProtect Agent;"C:\Program Files\Trend\SProtect\EarthAgent.exe"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINNT\system32\drivers\LMIRfsDriver.sys
R2 Sentinel;Sentinel;C:\WINNT\system32\Drivers\SENTINEL.SYS
R2 WMP54GXSVC;WMP54GXSVC;"C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe"
R3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\WINNT\system32\DRIVERS\WniHdd50.sys
R3 E1000;Intel(R) PRO/1000 Adapter Driver;C:\WINNT\system32\DRIVERS\e1000nt5.sys
R3 lmimirr;lmimirr;C:\WINNT\system32\DRIVERS\lmimirr.sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINNT\system32\Drivers\RootMdm.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
S3 bvrp_pci;bvrp_pci;C:\WINNT\system32\drivers\bvrp_pci.sys
S3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 PRISM_A02;WUSB54GV2 802.11g USB Driver;C:\WINNT\system32\DRIVERS\WUSBGXP.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-02 10:18:13 C:\WINNT\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 10:01:53
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-02 10:03:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-02 10:02

      --- E O F ---
0
 
AxlinAuthor Commented:
I just ran vudofix and it said it was not detected, did the combofix maybe remove this as well?
0
 
AxlinAuthor Commented:
here's a new hijackthis log after running combofix.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:09, on 2007-08-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\Program Files\Trend\SProtect\EarthAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Brct] "C:\PROGRA~1\MBOLS~1\regsvr32.exe" -vt yazb
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170770333640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Domain
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Domain
O20 - Winlogon Notify: fccyxwu - fccyxwu.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Trend ServerProtect Agent (EarthAgent) - Trend Micro Inc. - C:\Program Files\Trend\SProtect\EarthAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

0
 
rpggamergirlCommented:
Sorry I just got back, it was nearly midnight when I posted those replies.(South Australia)


>> just ran vudofix and it said it was not detected, did the combofix maybe remove this as well?<<

Sometimes Vundofix doesn't see the files, but combofix did find and deleted vundo files below:
C:\WINNT\system32\ldvdtbij.dll
C:\WINNT\system32\lvsfcgyo.dll
C:\WINNT\SYSTEM32\wycdd.ini2
C:\WINNT\SYSTEM32\wycdd.tmp
C:\WINNT\SYSTEM32\wycdd.ini2
C:\WINNT\SYSTEM32\wycdd.tmp
C:\WINNT\system32\ddcyw.dll


These ones below are the other files combofix deleted, including purityscan files, I hope there's nothing left, otherwise we have to run purityscan's own uninstaller from their website. I don't like using any uninstaller from these people who put these nasties in the first place.
C:\Program Files\mbols~1
C:\Program Files\mbols~1\regsvr32.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\WINNT\b136.exe
C:\WINNT\system32\_000006_.tmp.dll
C:\WINNT\system32\_000008_.tmp.dll
C:\WINNT\system32\_000009_.tmp.dll
C:\WINNT\system32\_000010_.tmp.dll
C:\WINNT\system32\_000035_.tmp.dll
C:\WINNT\system32\wnsapiicomsv.exe
C:\WINNT\wr.txt



Please fix these entries in Hijackthis:
O4 - HKCU\..\Run: [Brct] "C:\PROGRA~1\MBOLS~1\regsvr32.exe" -vt yazb
O20 - Winlogon Notify: fccyxwu - fccyxwu.dll (file missing)


C:\WINNT\SYSTEM32\stjyxpvo.dll <-- check out this file it's suspicious. I'm 99% sure it's bad but can't be too sure because it's around same time when you also installed legit programs. Rename it please or send it to jotti for a scan -->http://virusscan.jotti.org/


Do you still have the purityscan and winantivirusgold popup?
0
 
AxlinAuthor Commented:
it's funny you mention the entry that references regsvr32.exe. this was the file norton kept detecting as purityscan, it would claim it had cleaned it but it would detect it again after every reboot. I haven't been experienced the symtoms i was experiencing before since running combo.exe. I'll go ahead and fix those items with hijack this. again, thanks for your help. I hate spyware!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now