heres the latest hijackthis log, mobsync is removed, msbin.exe is also gone, counter spy is picking up nothing.

i havent seen the popup yet this restart, so finger's crossed i guess, knock on some oak.

i guess we play the waiting game now, see if stays absent and hopefully i can play Elder Scrolls: Oblivion (as well as other games) in full screen now without it minimizing and locking up every 10 minutes.

Attached Files

hijackthis.log (9.0 KB, 2 views)

ok everyone, thank you for your help thus far, i believe we are getting somewhere. however we still havent killed the popup, we have slowed it down quite a bit, i saw it show up 3 times last time as opposed to the several dozen in the past. i definatly think those useless misc. windows services are the cause. i cant seem to get mobsync.exe, the syncronization manager to be fully removed/disabled. i tried changing the 1s to 0s in regedit in safe mode, which didnt work, spy sweeper is picking up the synchro manager on start up, so it obviously thinks its a questionable entry now.

if anyone knows of any useless windows services that might pop-up or run in the background, let me know.

an important fact to note about this popup is:

1. it doesnt seem to show up in safe mode.
2. it doesnt appear to need an internet connection to activate or show up each time it appears.

so i definatly thinking were making headway, its occurances have definatly been slowed, perhaps its just multiple windows services firing that somehow create this worthless popup.

lets start by ridding my machine of mobsync.exe and go from there.

Is Spysweeper picking up Mobsync as an infected file , or is it just picking up the registry change you just made youreself?

And i think it could be two things , Winstall.exe might have more buddies on there , for that run Smitrem:

Download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Click Start>Run and type in: services.msc
Click OK
In the Services window find: Remote Packet Capture Protocol v.0 (experimental)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK



Fix this entry with hjt:


Run SmitRem:
Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.
Please attach this log to your next reply.

Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.


You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.




And i have my doubts if Counterspy can fully remove an Apropos infection , so lets check that out aswell:

Please download AproposFix.exe - but do NOT run it yet.
http://swandog46.geekstogo.com/aproposfix.exe


Boot in safemode (hit f8 when booting up) , once in Safe Mode double-click aproposfix.exe and unzip it to the desktop.
Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode.
When done please post the smitrem log, along with the entire contents of the log.txt file in the aproposfix folder.


And it looks like Zonealarm is still partitially running along with Sygate , have you (tried to) uninstall that?

hey guys, well that didnt work, still have it, ive tried deleting the microsoft .net service and java just as an experiement.

im really a loss for words as to what exactly this thing is, its not detected by anything and even all our registry fixes and service shutdowns still cant kill this damn thing,

however i definatly think its been slowed down, so we must be doing something right, cause its occurances arent nearly as common.

my thinking is that this has to be some errant windows service or background application.

heres two recent logs.

Attached Files

	hijackthis.log (7.8 KB, 1 views)
	log.txt (408 Bytes, 1 views)

Can you also post the smitrem log?

And windows services dont cause popups , only the windows messenger service but thats not running on youre pc.