Hey Necro,

Let's see what we can do to get you back up and gaming.

Please make sure that you stay in Safe Mode for the entire fix.

To boot into Safe Mode, continually tap the F8 key during bootup until either a beep sounds, or a menu pops up. Use you arrow keys to navigate to Safe Mode, and hit Enter.

First run CCleaner as per the instructions you followed previously. Then empty your Norton Protected Recycling Bin.

Next run UnhackMe, save the log. Do not fix anything with Unhackme until we see the log.

Next run Spy Sweeper, click on Options, Sweep Options, make sure that all of your harddrives are selected. Under What to Sweep, make sure all options are checked. Click on Sweep, Start. Let it fix everything that it finds. Save the log after the fix (lower left corner).

You have a couple of bad services running, follow these instructions next,

To Stop and Disable a bad Added Service;

Click Start,Run and type in: services.msc
Click OK
In the Services window find: Msdn Update 32
Select/highlight, right click the entry, and choose: Properties
On the General tab, under Service Status, click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Repeat with System Messenger Service

Open HJT and click Config, Misc Tools, ?delete an NT service?
Copy and past: msdnupdate32 Click OK.

Repeat with WINSMSC

Now run HijackThis, and fix the following if still there, delete the items in Bold afterward;

Next run CCleaner again, reboot into normal mode. Run HJT again and post the new log along with the logs from Unhackme and Spy Sweeper.

Looking forward to your reply,

TTFN

LGW

so these unknown owner services are just fake programs that are actually malware posing as microsoft programs? (you still be able to use windows update when the critical fixes come along)

edit**
*should CC cleaner be run in full mode? i kinda wanna keep my bookmarks and addresses. but if its needed in killing this phantom popup, so be it, lol*
sorry guys, i was confusing CC cleaner for disc clean up, i apologize, disregard that comment.

i think im going to try all this anyway, as it sounds like it might be the key where all the other programs have failed.

hi again everybody, ive ran that series of fixes in safe mode ladygreenwitch had prepared for me

i couldnt get rid of a 'navbar navhelper' that spy sweeper had found because i didnt subscribe and pay money for it, if simply downloaded the wrong version or if there is another program i can use to get rid of the only thing spy sweeper found, the said navbar, let me know. im still waiting to see if the phantom popup shows up again, but i havent seen it since doing those fixes, so hopefully, heres looking up

the msdnupdate32 and smsc arent showing up the the latest scan of hijack this, so we at least got those things dead (it would make since a small nameless popup with just a windows symbol for markings would be a errant windows service.

here are the log files you asked for, hopefully they were taken at the correct times, HJT after reboot, other logs after running fixes in safe mode, if you need brand new fresh logs, let me know.

ahh ****, popup just displayed itself again, i guess its back to the drawing board. perhaps that navbar navhelper is the problem, but i kinda have my doubts.

i think ill perpare a screen capture in photoshop of the popup so you guys can see for yourself.

Attached Files

	unhackme.log (1.8 KB, 2 views)
	hijackthis.log (9.5 KB, 2 views)
	Spy Sweeper Session Log.txt (1.2 KB, 3 views)

Nero,

The version of Spy Sweeper I sent you to is a fully functioning 30 day free trial. You do not need to pay anything. Did the program actually tell you it would only remove the infection if you paid for the product?

If so, you inadvertantly downloaded the wrong version. Try downloading and installing CounterSpy from my signature, while I go over your files. Run a full system scan, and post the log back here.

In the meantime I'll see where we are at.

TTFN

LGW

Hey Necro,

Did you absolutely do the fixes listed in HJT? The Microsoft Storage Bin entries are back as is the missing search hook. Were you able to locate the file, msbin.exe? Very irritating . Once you have run the Counterspy program, try deleting the files listed in the previous HJT instructions, let's see if we can't get them to stay gone.

Good news is that Unhackme found no rootkit.

I look forward to your next post.

TTFN

LGW

oh ****, the printer cut off the bolded msbin.exe you made, im sorry, ill go back and do that after counterspy finishes and i get you its log file

sorry,

also what is the mobsync.exe syncronization manager, would giving this the axe cure anything? or is that just for time synching your PC clock?