Hi I have popup of sites Setthetrend, or
http://adscampaign.net/clients/SO-creative.html when I open a new internet page. My internet is slow and closes randomly.
Norton antivirus doesn't find anything. however the popup are here. We ceaned the temp folder, ran Spyboot...still there:sad:.
Here is my last hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:37, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\net.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HijackThis\hjtscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B48E680-F1AC-4F46-9B7D-5E67C21DA79B} - C:\WINDOWS\system32\mllmn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\lludxmkt.dll
O2 - BHO: (no name) - {9B11799D-DFB6-4153-8944-B5E711354E53} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\erqljcgd.dll",sitypnow
O4 - HKLM\..\Run: [2859b5c6] rundll32.exe "C:\WINDOWS\system32\cmrogqro.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\rvtpdomd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.bgscorporateteams
O15 - Trusted Zone: http://corpitweb.lionbridge.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpnet.liox.org
O17 - HKLM\Software\..\Telephony: DomainName = corpnet.liox.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corpnet.liox.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corpnet.liox.org
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rvtpdomd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9212 bytes


I also use Karpersky online: here is thier log:
KASPERSKY ONLINE SCANNER REPORT
Monday, October 29, 2007 5:17:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/10/2007
Kaspersky Anti-Virus database records: 448417


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\ekoffi\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 15653
Number of viruses found 2
Number of infected objects 33
Number of suspicious objects 0
Duration of the scan process 00:17:10

Infected Object Name Virus Name Last Action
C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\bqjyavsq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\sodifbqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\yfdmqbkw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

C:\WINDOWS\Temp\spnserv.dat Object is locked skipped

C:\WINDOWS\Temp\spserv.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\ceriierl.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\ExchangePerflog_8484fa31efe2831acfcccd43.dat Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\fjbgsten.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\gbdmmvjr.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\hffcejym.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\hkgjsisx.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\hqmkmcga.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\htbtyhhq.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\hubsdvmc.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\kggjfqlv.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\kwfmojuc.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\merqmnmw.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\mxqnebfv.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\qhrbsdan.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\qudepceu.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\qumhyxqw.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\sfmbrapt.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\slynihgd.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\tejggred.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\tjmpgwuh.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\tmkgxmco.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\usowncvf.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\vettsqxn.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\vixlrdwg.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\vosedxfd.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\vyfiedsd.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\wjrhwqso.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\wmhndngf.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\wrhdgspr.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\yqliuwje.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\ytcybycq.exe Infected: Trojan.Win32.Agent.bck skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DF24B4.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DF2AA5.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DF509A.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DF9380.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DFE809.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~DFEC98.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~WRF0001.tmp Object is locked skipped

C:\DOCUME~1\ekoffi\LOCALS~1\Temp\~WRS0002.tmp Object is locked skipped

Scan process completed.


Can somebody help him. These popups are terrible!!!!!:mad:
Thanks
Sunnyday

Hi sunnyday94

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links and save it to Desktop:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.