Hi peoples,

I am having a great deal of trouble getting rid of popups that have recently plagued my computer.

After running SpyBot S&D scan I get the Smitfraud-C.toolbar888, as well as various others. Even though I select remove it comes up each time I run a scan. I just can't seem to get rid of the damn thing!

Now I'm even getting a red exclemation mark showing up in the bottom right corner of the screen warning me that my computer may be at risk and telling me that I should download various spyware scanners.

I have run Hyjackthis and Smitfraud Fix. The results of which I have posted below. Can anyone give me some advise? I'm stumped!

Hijackthis Results

Logfile of HijackThis v1.99.1
Scan saved at 07:42:29, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Chris\Desktop\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B126C0E-626A-470C-9EB0-D9C4FFE68DB9} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: (no name) - {493FD13F-390F-4873-B946-A4DCC6A9A2BC} - C:\WINDOWS\system32\tuvwurp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nfaigggg.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\fmsdidcc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5C272E-8D47-4425-BBAC-B67F8096C015}: NameServer = 85.255.116.146,85.255.112.196
O18 - Protocol: mcataloguer - {FECF9894-CCCF-4DE3-B994-AEE32E70B341} - C:\Program Files\MCataloguer\MCatProt.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\system32\sstqq.dll
O20 - Winlogon Notify: tuvwurp - C:\WINDOWS\SYSTEM32\tuvwurp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



[B]Smitfraudfix Results

SmitFraudFix v2.186

Scan done at 7:28:33.71, 24/05/2007
Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Chris\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csfpu.exe"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetLink (TM) Gigabit Ethernet - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{274A67B9-FC0C-4356-8D51-1215926AD915}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EB5C272E-8D47-4425-BBAC-B67F8096C015}: NameServer=85.255.116.146,85.255.112.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{274A67B9-FC0C-4356-8D51-1215926AD915}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EB5C272E-8D47-4425-BBAC-B67F8096C015}: NameServer=85.255.116.146,85.255.112.196
HKLM\SYSTEM\CS2\Services\Tcpip\..\{274A67B9-FC0C-4356-8D51-1215926AD915}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EB5C272E-8D47-4425-BBAC-B67F8096C015}: NameServer=85.255.116.146,85.255.112.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{274A67B9-FC0C-4356-8D51-1215926AD915}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EB5C272E-8D47-4425-BBAC-B67F8096C015}: NameServer=85.255.116.146,85.255.112.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

I have completed two consecutive Spybot S&D scans. This is the report from the second scan before trying to remove for a second time:

Smitfraud-C.Toolbar888:

Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Chris)
(Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer: Chris) (Cookie, nothing done) Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Chris) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-05-20 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-04-18 advcheck.dll (1.5.1.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-05-16 Includes\Cookies.sbi (*) 2006-12-08 Includes\Dialer.sbi (*) 2007-05-16 Includes\DialerC.sbi (*) 2007-04-04 Includes\Hijackers.sbi (*) 2007-05-16 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-05-16 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-05-16 Includes\Malware.sbi (*) 2007-05-16 Includes\MalwareC.sbi (*) 2007-03-21 Includes\PUPS.sbi (*) 2007-05-16 Includes\PUPSC.sbi (*) 2007-05-16 Includes\Revision.sbi (*) 2006-12-08 Includes\Security.sbi (*) 2007-05-16 Includes\SecurityC.sbi (*) 2007-05-16 Includes\Spybots.sbi (*) 2007-05-16 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2007-05-16 Includes\Trojans.sbi (*) 2007-05-16 Includes\TrojansC.sbi (*)

Does anyone know a way to get rid of this? It's killing me!

Hello,

Seems to be a real nasty one.
This is a real good programme against Smitfraud and Virtumonde called VundoFix:
http://www.atribune.org/content/view/24/2/

* Double-click *VundoFix.exe* to run it.
* Put a check next to *Run VundoFix as a task.*
* You will receive a message saying vundofix will close and re-open
in a minute or less. Click *OK*
* When VundoFix re-opens, click the *Scan for Vundo* button.
* Once it's done scanning, click the *Remove Vundo* button.
* You will receive a prompt asking if you want to remove the files,
click *YES*
* Once you click yes, your desktop will go blank as it starts
removing Vundo.
* When completed, it will prompt that it will shutdown your
computer, click *OK*.
* Turn your computer back on.


Further ComboFix might help.
Download combofix.exe from one of the links below:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then double click combofix.exe & follow the prompts.

This links might also help:
http://forum.hijackthis.de/showpost.php?p=57500&postcount=33 <http://forum.hijackthis.de/showpost.php?p=57500&postcount=33>
http://www.hijackthis-forum.de/showthread.php?t=12222

Best regards
Sandra
Team Spybot

Thankyou sooo much Sandra! You guys are the best!!

I ran both Vundofix and ComboFix. Vundofix didn't seem to stop all of the problems but Combofix may have solved it. I will wait and see what happens with it today and will post the results tonight.

Here's the log from Combofix:

"Chris" - 2007-05-25 8:06:07 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Chris\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winmmt32.dll
C:\WINDOWS\SYSTEM32\ijllm.bak1
C:\WINDOWS\SYSTEM32\ijllm.bak2
C:\WINDOWS\SYSTEM32\ijllm.ini
C:\WINDOWS\system32\ddcywwv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\retadpu1000272.exe"
"C:\Temp\17O7"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-25 08:07 40,183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-05-25 08:06 93,696 --a------ C:\WINDOWS\SYSTEM32\drvrih.dll
2007-05-24 08:29 <DIR> d-------- C:\Program Files\SpywareRemover
2007-05-24 07:28 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-05-24 07:28 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-05-24 07:28 4,352 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-05-24 07:28 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-05-21 22:26 <DIR> d-------- C:\Program Files\AsfTools 3.1
2007-05-21 20:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-20 22:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-20 15:10 <DIR> d-------- C:\VundoFix Backups
2007-05-20 14:27 20,576 --------- C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys
2007-05-20 14:27 109,568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-05-20 14:27 108,544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-05-20 14:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-20 14:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-20 09:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-18 23:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\SBO
2007-05-18 22:35 <DIR> d-------- C:\DOCUME~1\Chris\Shared
2007-05-18 22:35 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
2007-05-18 22:34 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
2007-05-17 12:59 <DIR> d-------- C:\Program Files\The Rosetta Stone
2007-05-13 17:18 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-05-13 17:18 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2007-05-13 17:18 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-05-10 10:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 22:53 1,430,048 --a------ C:\WINDOWS\SYSTEM32\AutoPartNt.exe
2007-05-09 22:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagate
2007-05-09 22:35 392,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys
2007-05-09 22:35 32,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys
2007-05-09 22:35 120,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys
2007-05-09 22:33 <DIR> d-------- C:\Program Files\Seagate
2007-05-09 22:33 <DIR> d-------- C:\Program Files\Common Files\Seagate
2007-05-02 01:35 146,432 ---hs---- C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-05-01 22:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-01 22:13 <DIR> d-------- C:\Program Files\MCataloguer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 22:15:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-20 12:48:44 -------- d-----w C:\Program Files\QuickTime
2007-05-19 05:35:37 73 ----a-w C:\WINDOWS\system32\ssprs.dll
2007-05-19 05:35:36 205 ----a-w C:\WINDOWS\system32\lsprst7.dll
2007-05-14 17:34:47 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-14 17:10:51 -------- d-----w C:\Program Files\Symantec
2007-05-14 17:10:50 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-14 17:10:50 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-11 01:32:33 -------- d-----w C:\Program Files\Picasa2
2007-04-27 11:11:00 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-04-23 12:26:36 -------- d-----w C:\DOCUME~1\Chris\APPLIC~1\AdobeUM
2007-04-21 06:25:56 -------- d-----w C:\DOCUME~1\Chris\APPLIC~1\Apple Computer
2007-04-19 11:30:10 14,368 ----a-w C:\WINDOWS\system32\relog_ap.dll
2007-04-19 10:07:20 17,440 ----a-w C:\WINDOWS\system32\acrotls.dll
2007-04-19 08:49:14 210,464 ----a-w C:\WINDOWS\system32\snapapi.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-14 21:21:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-14 21:20:36 -------- d-----w C:\Program Files\ASUS
2007-04-10 11:28:59 -------- d-----w C:\Program Files\Kerkythea Rendering System
2007-04-10 11:11:13 -------- d-----w C:\Program Files\Security Task Manager
2007-03-28 08:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 08:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 08:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 08:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 08:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 08:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 08:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 08:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{493FD13F-390F-4873-B946-A4DCC6A9A2BC}=C:\WINDOWS\system32\tuvwurp.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{7D985744-8CA3-4AB8-9511-A7EEAB2D9C4A}=C:\WINDOWS\system32\sstqq.dll []
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-23 01:29]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-19 22:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-09-15 05:38]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 09:45]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 09:41]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [2005-03-10 15:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29]
"SManager"="smanager.7.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-01-15 10:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-02 22:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{493FD13F-390F-4873-B946-A4DCC6A9A2BC}"="C:\WINDOWS\system32\tuvwurp.dll" []
"{A00ED310-6EE3-4764-883D-F0B833AEC645}"="C:\WINDOWS\system32\ddcywwv.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csfpu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywwv]
ddcywwv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4894b344-bb8f-11d9-a2d7-806d6172696f}]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9454ab10-45a8-11da-af35-000d617a829a}]
Auto\command- H:\sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be794bf0-8187-11db-b922-0016e6523031}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* -COMHOST

Contents of the 'Scheduled Tasks' folder
2007-05-20 12:47:20 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-18 12:26:10 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Chris.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 08:17:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-25 8:18:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 08:18

--- E O F ---

Yep, problem definately fixed. No more pop ups!

THANKYOOOOOU!!!!!!!!

Hi griffo

Please post next a fresh HijackThis log, there's still baddies left :)

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.