Hello. I keep getting these annoying popups saying that I have virus' and they need to be removed. I'm guessing it is some sort of trojan... Not much more I can identify by sorry..

I have attached my HJT log.

Oh, and I have tried a few common things in order to get rid of this ****.

Hi and welcome.
Please make sure you have carried out all the instructions posted here

All the steps are done. The log looks a lot shorter, which is good I think.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:59 PM, on 6/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 4554 bytes

Run both these programs.

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.37 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

================================================== ===================================


Ok.We need to download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
Double-click on ComboFix.exe & follow the prompts.
If it will not run rename Combofix to xxx.exe and run that.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and a new HJT log in your next reply.

Done all that...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:34 AM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EP.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 4782 bytes


ComboFix 09-05-31.06 - Scicluna 06/02/2009 10:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1513 [GMT 10:00]
Running from: c:\documents and settings\Scicluna\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Scicluna\Application Data\inst.exe
c:\windows\system32\microday08.dll
c:\windows\system32\MTX0CI.dll
c:\windows\system32\mypath0079.dll
c:\windows\system32\Pncrt.dll
----- BITS: Possible infected sites -----
hxxp://bestimghost.info
.
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.
2009-06-01 12:14 . 2009-06-01 12:14 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Malwarebytes
2009-06-01 12:14 . 2009-05-26 03:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 12:14 . 2009-06-01 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 12:14 . 2009-06-01 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 12:14 . 2009-05-26 03:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 04:24 . 2009-06-01 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 04:24 . 2009-06-01 04:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 04:05 . 2009-06-01 04:05 -------- d-----w- c:\program files\CCleaner
2009-06-01 03:47 . 2009-06-01 03:47 -------- d-----w- c:\program files\Trend Micro
2009-06-01 01:21 . 2009-06-01 01:25 -------- d-----w- c:\documents and settings\Scicluna\Application Data\X-Chat 2
2009-05-29 08:54 . 2009-05-29 08:54 -------- d-----w- c:\program files\Microsoft
2009-05-29 08:53 . 2009-05-29 08:53 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-29 08:53 . 2009-05-29 08:54 -------- d-----w- c:\program files\Windows Live
2009-05-29 08:42 . 2009-05-29 08:42 -------- d-----w- c:\documents and settings\Scicluna\Contacts
2009-05-29 08:41 . 2009-05-29 08:54 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-29 08:35 . 2009-05-29 08:35 -------- d-----w- c:\documents and settings\Scicluna\Application Data\MSNInstaller
2009-05-28 22:49 . 2009-05-28 22:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-22 06:44 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-05-22 06:44 . 2009-05-22 06:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 11:02 . 2009-05-19 11:02 -------- d-----w- c:\documents and settings\Scicluna\Local Settings\Application Data\Tracker_Checker_2
2009-05-19 11:01 . 2009-05-19 11:01 -------- d-----w- c:\program files\Tracker Checker 2
2009-05-16 00:59 . 2009-05-16 00:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-13 05:55 . 2009-05-13 06:37 -------- d--h--w- c:\program files\Zero G Registry
2009-05-13 05:54 . 2009-05-13 05:54 -------- d--h--w- c:\documents and settings\Scicluna\InstallAnywhere
2009-05-09 00:16 . 2009-05-09 00:19 -------- d-----w- c:\program files\C-D CaseMaker
2009-05-08 10:01 . 2009-05-08 10:14 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Nero
2009-05-08 10:01 . 2009-05-08 10:01 -------- d-----w- c:\program files\Common Files\Nero
2009-05-08 10:01 . 2008-11-13 16:46 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-05-08 10:01 . 2008-11-13 16:33 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-05-08 09:32 . 2009-05-08 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-08 09:32 . 2009-05-08 10:01 -------- d-----w- c:\program files\Nero
2009-05-06 05:46 . 2009-05-06 05:46 -------- d-----w- c:\program files\Stardock
2009-05-06 05:46 . 2008-04-26 06:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-05-05 07:14 . 2009-05-06 05:49 -------- d-----w- c:\program files\4t Tray Minimizer
2009-05-04 09:12 . 2009-05-04 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-05-04 07:52 . 2009-05-18 01:05 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Vso
2009-05-04 07:52 . 2009-05-04 07:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-04 07:52 . 2009-05-04 07:52 47360 ----a-w- c:\documents and settings\Scicluna\Application Data\pcouffin.sys
2009-05-04 07:52 . 2007-03-18 11:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-04 07:52 . 2006-09-29 03:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-04 07:52 . 2006-09-29 03:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-04 07:52 . 2006-09-29 03:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-04 07:52 . 2006-05-20 07:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-04 07:52 . 2006-05-11 10:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-04 07:52 . 2002-12-09 17:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-04 07:51 . 2009-05-04 07:52 -------- d-----w- c:\program files\VSO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-01 06:13 . 2009-05-01 22:53 -------- d-----w- c:\documents and settings\Scicluna\Application Data\uTorrent
2009-05-18 09:12 . 2009-04-11 02:37 337197168 ----a-w- c:\documents and settings\Scicluna\Application Data\ijjigame\U_SFInstaller.exe
2009-05-16 04:16 . 2009-04-06 13:44 45672 ----a-w- c:\documents and settings\Scicluna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 01:52 . 2009-04-08 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 06:52 . 2009-04-07 08:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-07 06:35 . 2009-05-02 00:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-01 22:53 . 2009-05-01 22:53 -------- d-----w- c:\program files\uTorrent
2009-05-01 08:44 . 2008-09-05 01:32 594664 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PLauncher.exe
2009-04-28 05:56 . 2009-04-07 08:53 34 ----a-w- c:\documents and settings\Scicluna\jagex_runescape_preferences.dat
2009-04-26 08:17 . 2009-04-09 03:52 -------- d-----w- c:\program files\abgx360
2009-04-25 04:36 . 2009-04-25 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-20 07:08 . 2009-04-20 07:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-14 12:35 . 2009-04-14 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-04-14 12:34 . 2009-04-14 12:25 -------- d-----w- c:\program files\epson
2009-04-13 02:24 . 2009-04-12 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-04-13 02:24 . 2009-04-12 12:44 -------- d-----w- c:\program files\NOS
2009-04-12 12:48 . 2009-04-12 12:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-12 12:48 . 2009-04-12 12:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-11 02:45 . 2009-04-11 02:45 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-04-11 02:43 . 2009-04-11 02:37 -------- d--h--w- c:\documents and settings\Scicluna\Application Data\ijjigame
2009-04-11 02:30 . 2009-04-11 02:30 52105 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\uninst.exe
2009-04-11 02:30 . 2009-04-11 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-04-11 02:21 . 2009-04-11 02:21 -------- d-----w- c:\program files\Sun
2009-04-11 02:20 . 2009-04-07 08:52 -------- d-----w- c:\program files\Java
2009-04-11 02:19 . 2009-04-11 02:05 76658072 ----a-w- c:\documents and settings\Scicluna\jdk-6u13-windows-i586-p.exe
2009-04-10 00:40 . 2009-04-10 00:40 -------- d-----w- c:\program files\JetBrains
2009-04-09 13:24 . 2009-04-09 13:23 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Notepad++
2009-04-09 13:23 . 2009-04-09 13:23 -------- d-----w- c:\program files\Notepad++
2009-04-09 09:23 . 2009-04-09 09:23 -------- d-----w- c:\documents and settings\Scicluna\Application Data\ImgBurn
2009-04-09 09:04 . 2009-04-09 09:03 -------- d-----w- c:\program files\ImgBurn
2009-04-08 13:32 . 2009-04-08 13:32 -------- d-----w- c:\program files\Accurate Shutdown
2009-04-08 12:08 . 2009-04-08 12:08 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Apple Computer
2009-04-08 09:27 . 2009-04-08 09:27 -------- d-----w- c:\program files\QuickTime
2009-04-08 09:27 . 2009-04-08 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:26 . 2009-04-08 09:26 -------- d-----w- c:\program files\Apple Software Update
2009-04-08 09:26 . 2009-04-08 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-08 02:30 . 2009-04-08 02:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-08 02:25 . 2009-04-08 02:25 -------- d-----w- c:\program files\Realtek AC97
2009-04-08 02:10 . 2009-04-08 02:03 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-08 02:09 . 2009-04-08 02:09 -------- d-----w- c:\program files\MSXML 6.0
2009-04-08 02:09 . 2009-04-08 01:59 -------- d-----w- c:\program files\Microsoft.NET
2009-04-08 02:05 . 2009-04-08 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-08 02:03 . 2009-04-08 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-08 02:03 . 2009-04-08 02:03 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dl l
2009-04-08 02:03 . 2009-04-08 02:03 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-04-08 02:02 . 2009-04-08 01:59 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-04-08 02:00 . 2009-04-08 01:59 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-04-08 01:58 . 2009-04-08 01:58 -------- d-----w- c:\program files\Microsoft SDKs
2009-04-08 01:58 . 2009-04-08 01:58 63904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 01:57 . 2009-04-08 01:57 -------- d-----w- c:\program files\MSBuild
2009-04-08 01:57 . 2009-04-08 01:57 -------- d-----w- c:\program files\Reference Assemblies
2009-04-08 00:55 . 2009-04-08 00:55 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Axialis
2009-04-08 00:55 . 2009-04-08 00:55 -------- d-----w- c:\program files\Axialis
2009-04-08 00:36 . 2009-04-06 05:34 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-07 12:52 . 2009-04-07 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Embarcadero
2009-04-07 12:52 . 2009-04-07 12:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\{65B1AA84-C1DF-4A2E-A28C-E242BD7DE4B3}
2009-04-07 08:52 . 2009-04-07 08:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-07 08:52 . 2009-04-07 08:52 152576 ----a-w- c:\documents and settings\Scicluna\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-07 08:37 . 2009-04-07 08:37 -------- d-----w- c:\program files\Rapidown
2009-04-07 08:15 . 2009-04-06 23:55 -------- d-----w- c:\program files\McAfee
2009-04-07 01:14 . 2009-04-07 01:14 -------- d-----w- c:\documents and settings\Scicluna\Application Data\Subversion
2009-04-07 01:10 . 2009-04-07 01:10 -------- d-----w- c:\program files\Subversion
2009-04-06 23:55 . 2009-04-06 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-06 23:55 . 2009-04-06 23:55 -------- d-----w- c:\program files\Common Files\McAfee
2009-04-06 23:55 . 2009-04-06 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-04-06 13:49 . 2009-04-06 13:49 0 ----a-w- c:\windows\nsreg.dat
2009-04-06 13:46 . 2009-04-06 13:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-06 05:35 . 2009-04-06 05:35 -------- d-----w- c:\program files\microsoft frontpage
2009-04-06 05:32 . 2009-04-06 05:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-07 07:03 . 2009-03-07 07:03 742770 ----a-w- c:\windows\system32\abgx360.exe
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"ats"="c:\windows\system32\asd\loadqm.exe" [2005-08-26 659456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"EPSON Stylus CX4100 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIAEP.EXE" [2005-03-08 98304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-02-23 77824]
c:\documents and settings\Scicluna\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2009-5-5 1091584]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/7/2009 9:55 AM 210216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 10:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 10:28 AM 369688]
.
Contents of the 'Scheduled Tasks' folder
2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TrackerChecker2 - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Scicluna\Application Data\Mozilla\Firefox\Profiles\rknwc20t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ats = c:\windows\system32\asd\loadqm.exe noshow??????????? &???1??????????6?
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2009-06-02 10:13
ComboFix-quarantined-files.txt 2009-06-02 00:13
Pre-Run: 303,502,557,184 bytes free
Post-Run: 303,504,367,616 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
217 --- E O F --- 2009-05-15 07:30

That looks like its fixed now.Have the popups gone.?

Have "HijackThis" fix the following item/s in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
===================================
This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems:
http://www.pchelpforum.com/new-hijac...ing-sites.html
http://www.pchelpforum.com/new-hijac...-infected.html
http://www.pchelpforum.com/progress-...afterwork.html

Yeah I suppose it's stopped now. What software do you require to keep me safe. I don't mind spending the $ so hit me up. Give me a list of 5 different programs if need be...

And when I download something what program should I use to scan it before installing?