Alright, I think I had some sort of infected ad while browsing. It was loading some strange IP address and then froze Mozilla. A little while after browsing again, I received a drivecleaner ad, which prompted me to their site and stuff.. Kind of like errorsafe or something. I decided to immediately post here because I have used this site before.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:18 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brian\Desktop\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 71.142.34.9 update.nprotect.com
O1 - Hosts: 71.142.34.9 update.nprotect.net
O1 - Hosts: 71.142.34.9 guard.gunbound.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175205727578
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe (file missing)


Thanks, I'm pretty sure I'm infected. I only got the pop-up once about 10 minutes ago, but I don't really want to take any chances (I made a terrible mistake in not finding my viruses quickly enough in the past)

Hello Brian Kim :)

Ok let's do some research...

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Hello, thanks for posting. :laugh:

Here's the scan you wanted:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-07 23:12:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 829A5118 ZwAlertResumeThread
SSDT 829A51F8 ZwAlertThread
SSDT 829A5BD8 ZwAllocateVirtualMemory
SSDT 829D9A08 ZwConnectPort
SSDT \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 829A4E68 ZwCreateMutant
SSDT 829A5E08 ZwCreateThread
SSDT \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 829A5A08 ZwFreeVirtualMemory
SSDT 829A4F48 ZwImpersonateAnonymousToken
SSDT 829A4008 ZwImpersonateThread
SSDT 829AE548 ZwMapViewOfSection
SSDT 829A4D88 ZwOpenEvent
SSDT 829A7058 ZwOpenProcessToken
SSDT 829A56C0 ZwOpenThreadToken
SSDT 829B7C40 ZwResumeThread
SSDT 829A55E0 ZwSetContextThread
SSDT 829A57A0 ZwSetInformationProcess
SSDT 829A5500 ZwSetInformationThread
SSDT \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 829A4CA8 ZwSuspendProcess
SSDT 829A5340 ZwSuspendThread
SSDT 829ACE70 ZwTerminateProcess
SSDT 829A5420 ZwTerminateThread
SSDT 829A5880 ZwUnmapViewOfSection
SSDT 829A5AE8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\System32\DRIVERS\update.sys

---- EOF - GMER 1.0.12 ----

Thanks~!

Ok nothing bad there...

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Oh man, sorry for the HUGE delay. I was very busy the past few days.

Kaspersky Online Scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 11, 2007 8:12:48 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/05/2007
Kaspersky Anti-Virus database records: 297457
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 45466
Number of viruses found: 1
Number of infected objects: 0 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:20:47

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A3158748-2BF5-484D-864A-A4031517CF2D}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5AE96ACA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4F355DE5.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\MSHist012007051020070511\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\o479jago.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\o479jago.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\o479jago.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Brian\Local Settings\Application Data\Mozilla\Firefox\Profiles\o479jago.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\cert8.db Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\key3.db Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\parent.lock Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\history.dat Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\o479jago.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Brian\UserData\index.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP46\A0027576.exe Suspicious: Packed.Win32.CryptExe skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP49\change.log Object is locked skipped
D:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP49\change.log Object is locked skipped

Scan process completed.


Thanks

OK nothing bad there either...

Still getting those popups ?

Hmm, I'm not sure. It seems like only certain websites give me the pop-up while other sites don't. If there's nothing wrong with my computer, then I'm sorry.. I was just alarmed when I ran Spybot S&D and found some suspicious items that I couldn't remove. :lip:

Hello :)


Hmm, I'm not sure. It seems like only certain websites give me the pop-up while other sites don't.

Well this is normal. And the truth is that Internet Explorer's popup blocker isn't the best on available. So these kind of popups don't mean that you're infected.

You might want to try
Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

The Spybot findings...Could you post the log to here?

:bigthumb:

Funny thing is, I received these pop-ups while using Firefox. :fear:

Anyways, I tried scanning just now, and I didn't find anything but tracking cookies.

Which version of FireFox are you using ?

This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.