Help!

**shauna78** · 2007-08-06, 02:32

Hi

I am new to the forums and before I wasted anyone's time I have tried to fix the problem by reading other threads, but I' am still getting pop ups.. They have reduced in frequency but I have obviously not solved the problem. Also I am unable to install any updates for windows and some of my programmes wont launch as it is saying they are not installed. (Itunes and registry mechanic for instance)

I have downloaded Highjackthis and combofix and ATF cleaner I think it is. I have also recently installed AVG. S&D also keeps finding windows virus override I deleted it the first time but left it the last time I ran a search - I am unsure if this was the correct thing to do?

The other strange thing that is happening is my cookie settings keep defaulting back to "accept all" even when I change this back to medium?

Thank you in advance for any assistance you can offer me

logs to follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:12, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\highjackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2264DEBB-85DF-4754-97C2-3DDB97C81E6F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 3853 bytes

ComboFix 07-08-04.3 - "Shauna Holleran" 2007-08-06 0:28:52.1 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Jacko\APPLIC~1\FunWebProducts
C:\DOCUME~1\Jacko\APPLIC~1\FunWebProducts\Data\Jacko\avatar.dat
C:\DOCUME~1\SHAUNA~1.SHO\MYDOCU~1.\fnts~1
C:\DOCUME~1\SHAUNA~1.SHO\MYDOCU~1.\sstem~1
C:\WINDOWS\system32\akmxmtmg.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byxuvuu.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\dvctdmyq.exe
C:\WINDOWS\system32\eeyiamos.exe
C:\WINDOWS\system32\ehkbcudl.exe
C:\WINDOWS\system32\etnpmmin.exe
C:\WINDOWS\system32\etwykkcj.exe
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gsmosjeu.exe
C:\WINDOWS\system32\gyjhpnom.exe
C:\WINDOWS\system32\jskatapa.exe
C:\WINDOWS\system32\ljjkkhe.dll
C:\WINDOWS\system32\lowpdeqx.exe
C:\WINDOWS\system32\nfbhvbwm.exe
C:\WINDOWS\system32\nfpnlivn.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\nwcdtufx.exe
C:\WINDOWS\system32\olsbqdvc.exe
C:\WINDOWS\system32\pruxhcsa.exe
C:\WINDOWS\system32\qtibhusv.dll
C:\WINDOWS\system32\rflbvrjj.exe
C:\WINDOWS\system32\rlludflb.exe
C:\WINDOWS\system32\roegcnps.exe
C:\WINDOWS\system32\rrqlecei.exe
C:\WINDOWS\system32\rygtclbn.exe
C:\WINDOWS\system32\tpmxsdoi.exe
C:\WINDOWS\system32\vmlmxgfj.exe
C:\WINDOWS\system32\vvhtpxma.exe
C:\WINDOWS\system32\wctbrgke.exe
C:\WINDOWS\system32\xmlggivx.exe
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))

2007-08-06 00:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 22:45 <DIR> d-------- C:\DOCUME~1\Jacko.SHO\Contacts
2007-08-05 12:11 125,504 --a------ C:\WINDOWS\system32\mckughuu.dll
2007-08-04 22:46 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-04 22:36 <DIR> d-------- C:\VundoFix Backups
2007-08-04 14:49 1,310,720 --ah----- C:\DOCUME~1\Guest.SHO\NTUSER.DAT
2007-08-04 14:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-04 14:07 <DIR> d-------- C:\{000039B2-0000-0000-ECE0-75F3478B6F0C}
2007-08-04 12:11 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\Contacts
2007-08-04 12:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-04 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-08-04 11:18 <DIR> d-------- C:\DOCUME~1\Jacko.SHO\APPLIC~1\Google
2007-08-04 11:17 1,572,864 --ah----- C:\DOCUME~1\Jacko.SHO\NTUSER.DAT
2007-08-04 03:47 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-08-04 03:24 <DIR> d--hs---- C:\WINDOWS\CSC
2007-08-04 03:01 <DIR> d--hs---- C:\DOCUME~1\SHAUNA~1.SHO\UserData
2007-08-04 02:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 02:07 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\APPLIC~1\Google
2007-08-03 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-08-03 23:31 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Google
2007-08-03 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
2007-08-03 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
2007-08-03 23:24 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\Contacts
2007-08-03 22:53 <DIR> d--hs---- C:\WINDOWS\U2hhdW5hIEhvbGxlcmFu
2007-08-03 22:50 <DIR> d-------- C:\Program Files\BitComet
2007-08-03 22:49 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-03 22:49 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\BitTorrent
2007-08-03 21:58 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Help
2007-08-03 20:16 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-03 20:13 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-03 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-08-03 20:07 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Apple Computer
2007-08-03 20:00 <DIR> d-------- C:\WINDOWS\Thomson.0008
2007-08-03 19:53 3,407,872 --ah----- C:\DOCUME~1\SHAUNA~1.SHO\NTUSER.DAT
2007-08-03 18:05 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\APPLIC~1\Yahoo!
2007-08-03 18:03 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-03 18:03 1,835,008 --ah----- C:\DOCUME~1\JACQUI~1.SHO\NTUSER.DAT
2007-08-03 18:03 1,146,880 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-08-03 18:02 1,146,880 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-08-03 18:00 9,728 --a--c--- C:\WINDOWS\system32\dllcache\rwnh.dll
2007-08-03 18:00 9,728 --a--c--- C:\WINDOWS\system32\dllcache\query.exe
2007-08-03 18:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-08-03 18:00 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll
2007-08-03 18:00 8,704 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe
2007-08-03 18:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2007-08-03 18:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2007-08-03 18:00 76,800 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-08-03 18:00 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll
2007-08-03 18:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\w3ext.dll
2007-08-03 18:00 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-08-03 18:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\pwsdata.dll
2007-08-03 18:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2007-08-03 18:00 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-08-03 18:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll
2007-08-03 18:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2007-08-03 18:00 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2007-08-03 18:00 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2007-08-03 18:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-08-03 18:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smimsgif.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2007-08-03 18:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-03 18:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\svcext51.dll
2007-08-03 18:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2007-08-03 18:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-08-03 18:00 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-08-03 18:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2007-08-03 18:00 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2007-08-03 18:00 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe
2007-08-03 18:00 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll
2007-08-03 18:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-03 18:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2007-08-03 18:00 4,608 --a--c--- C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2007-08-03 18:00 4,096 --a--c--- C:\WINDOWS\system32\dllcache\rpcref.dll
2007-08-03 18:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\sm9aw.dll
2007-08-03 18:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2007-08-03 18:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-08-03 18:00 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-08-03 18:00 358,400 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll
2007-08-03 18:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\sma3w.dll
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\pagecnt.dll
2007-08-03 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-03 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\tools.dll
2007-08-03 18:00 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm87w.dll
2007-08-03 18:00 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm81w.dll
2007-08-03 18:00 29,184 --a--c--- C:\WINDOWS\system32\dllcache\sm8cw.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm92w.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm90w.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8dw.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8aw.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm89w.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2007-08-03 18:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2007-08-03 18:00 25,088 --a--c--- C:\WINDOWS\system32\dllcache\sm59w.dll
2007-08-03 18:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 23:30 --------- d-------- C:\Program Files\Google
2007-08-03 23:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-03 22:51 359040 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-03 22:51 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 17:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-03 17:55 --------- d-------- C:\Program Files\Messenger
2007-07-24 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 20:30 --------- d-------- C:\Program Files\Avanquest update
2007-07-10 20:28 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-07-08 21:41 --------- d-------- C:\Program Files\iTunes
2007-07-02 20:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-06-20 17:30 --------- d-------- C:\Program Files\IVT Corporation
2007-06-12 15:45 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-08 11:41 --------- d-------- C:\Program Files\Apple Software Update
2007-05-25 18:40 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-25 17:54 0 -rahs---- C:\MSDOS.SYS
2007-05-25 17:54 0 -rahs---- C:\IO.SYS
2007-05-25 17:54 0 --a------ C:\CONFIG.SYS
2007-05-25 17:54 0 --a------ C:\AUTOEXEC.BAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2264DEBB-85DF-4754-97C2-3DDB97C81E6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 20:23]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-03 23:30:06]

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 usbsermpt;Motorola USB Modem Driver for MPT;C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 VM30xx86;Vimicro USB PC Camera (ZC0301);C:\WINDOWS\system32\Drivers\vm30xx86.sys

Contents of the 'Scheduled Tasks' folder
2007-07-27 10:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 01:12:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 1:13:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 01:13

--- E O F ---

**Blade81** · 2007-08-06, 22:21

Hi

Please post a fresh hjt log taken in normal mode

**shauna78** · 2007-08-08, 00:08

Hi Blade81

I have only just seen your message so apologies for the delay in replying..

HJT log attached below; (thank you again)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:53, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\highjackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2264DEBB-85DF-4754-97C2-3DDB97C81E6F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-343818398-688789844-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jacqui Holleran')
O4 - HKUS\S-1-5-21-343818398-688789844-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jacko')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 4842 bytes

**Blade81** · 2007-08-08, 18:26

Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\mckughuu.dll

Folder::
C:\VundoFix Backups
C:\WINDOWS\U2hhdW5hIEhvbGxlcmFu

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2264DEBB-85DF-4754-97C2-3DDB97C81E6F}]

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.

PS. Is your Windows Live OneCare product working?

**shauna78** · 2007-08-08, 22:49

Hi

Windows Live OneCare product is not working - It was when all the problems started so I deleted it! I still can't download any windows updates though is this the reason why?! Thank you again!

HJT this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:21, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\highjackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-343818398-688789844-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jacqui Holleran')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 4635 bytes

Combofix log

ComboFix 07-08-04.3 - "Shauna Holleran" 2007-08-08 21:42:42.2 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Shauna Holleran.SHO\Desktop\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\VundoFix Backups
C:\VundoFix Backups\ddcyx.dll.bad
C:\VundoFix Backups\feudwtje.dll.bad
C:\VundoFix Backups\prqss.bak1.bad
C:\VundoFix Backups\prqss.ini.bad
C:\VundoFix Backups\ssqrp.dll.bad
C:\VundoFix Backups\xycdd.bak1.bad
C:\VundoFix Backups\xycdd.bak2.bad
C:\VundoFix Backups\xycdd.ini.bad
C:\VundoFix Backups\xycdd.ini2.bad
C:\VundoFix Backups\xycdd.tmp.bad
C:\WINDOWS\system32\mckughuu.dll
C:\WINDOWS\U2hhdW5hIEhvbGxlcmFu

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-08 08:44 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-06 00:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 22:45 <DIR> d-------- C:\DOCUME~1\Jacko.SHO\Contacts
2007-08-04 22:46 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-04 14:49 1,310,720 --ah----- C:\DOCUME~1\Guest.SHO\NTUSER.DAT
2007-08-04 14:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-04 14:07 <DIR> d-------- C:\{000039B2-0000-0000-ECE0-75F3478B6F0C}
2007-08-04 12:11 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\Contacts
2007-08-04 12:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-04 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-08-04 11:18 <DIR> d-------- C:\DOCUME~1\Jacko.SHO\APPLIC~1\Google
2007-08-04 11:17 1,835,008 --ah----- C:\DOCUME~1\Jacko.SHO\NTUSER.DAT
2007-08-04 03:47 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-08-04 03:24 <DIR> d--hs---- C:\WINDOWS\CSC
2007-08-04 03:01 <DIR> d--hs---- C:\DOCUME~1\SHAUNA~1.SHO\UserData
2007-08-04 02:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 02:07 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\APPLIC~1\Google
2007-08-03 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-08-03 23:31 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Google
2007-08-03 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
2007-08-03 23:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
2007-08-03 23:24 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\Contacts
2007-08-03 22:50 <DIR> d-------- C:\Program Files\BitComet
2007-08-03 22:49 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-03 22:49 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\BitTorrent
2007-08-03 21:58 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Help
2007-08-03 20:16 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-03 20:13 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-03 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-08-03 20:07 <DIR> d-------- C:\DOCUME~1\SHAUNA~1.SHO\APPLIC~1\Apple Computer
2007-08-03 20:00 <DIR> d-------- C:\WINDOWS\Thomson.0008
2007-08-03 19:53 3,670,016 --ah----- C:\DOCUME~1\SHAUNA~1.SHO\NTUSER.DAT
2007-08-03 18:05 <DIR> d-------- C:\DOCUME~1\JACQUI~1.SHO\APPLIC~1\Yahoo!
2007-08-03 18:03 2,097,152 --ah----- C:\DOCUME~1\JACQUI~1.SHO\NTUSER.DAT
2007-08-03 18:03 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-03 18:03 1,146,880 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-08-03 18:02 1,146,880 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-08-03 18:00 9,728 --a--c--- C:\WINDOWS\system32\dllcache\rwnh.dll
2007-08-03 18:00 9,728 --a--c--- C:\WINDOWS\system32\dllcache\query.exe
2007-08-03 18:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll
2007-08-03 18:00 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll
2007-08-03 18:00 8,704 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe
2007-08-03 18:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2007-08-03 18:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2007-08-03 18:00 76,800 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll
2007-08-03 18:00 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll
2007-08-03 18:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\w3ext.dll
2007-08-03 18:00 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-08-03 18:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\pwsdata.dll
2007-08-03 18:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2007-08-03 18:00 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-08-03 18:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll
2007-08-03 18:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2007-08-03 18:00 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2007-08-03 18:00 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2007-08-03 18:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll
2007-08-03 18:00 53,248 --a--c--- C:\WINDOWS\system32\dllcache\nextlink.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smimsgif.dll
2007-08-03 18:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2007-08-03 18:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-03 18:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\svcext51.dll
2007-08-03 18:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2007-08-03 18:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-08-03 18:00 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-08-03 18:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2007-08-03 18:00 44,544 --a--c--- C:\WINDOWS\system32\dllcache\nsepm.dll
2007-08-03 18:00 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe
2007-08-03 18:00 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll
2007-08-03 18:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-03 18:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2007-08-03 18:00 4,608 --a--c--- C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2007-08-03 18:00 4,096 --a--c--- C:\WINDOWS\system32\dllcache\rpcref.dll
2007-08-03 18:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\sm9aw.dll
2007-08-03 18:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2007-08-03 18:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-08-03 18:00 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-08-03 18:00 358,400 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll
2007-08-03 18:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\sma3w.dll
2007-08-03 18:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\pagecnt.dll
2007-08-03 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-03 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\tools.dll
2007-08-03 18:00 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm87w.dll
2007-08-03 18:00 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm81w.dll
2007-08-03 18:00 29,184 --a--c--- C:\WINDOWS\system32\dllcache\sm8cw.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm92w.dll
2007-08-03 18:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm90w.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8dw.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8aw.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm89w.dll
2007-08-03 18:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2007-08-03 18:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2007-08-03 18:00 25,088 --a--c--- C:\WINDOWS\system32\dllcache\sm59w.dll
2007-08-03 18:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2007-08-03 18:00 236,544 --a--c--- C:\WINDOWS\system32\dllcache\smi2smir.exe
2007-08-03 18:00 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 23:30 --------- d-------- C:\Program Files\Google
2007-08-03 23:23 --------- d-------- C:\Program Files\MSN Messenger
2007-08-03 22:51 359040 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-03 22:51 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 17:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-03 17:55 --------- d-------- C:\Program Files\Messenger
2007-07-24 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 20:30 --------- d-------- C:\Program Files\Avanquest update
2007-07-10 20:28 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-07-08 21:41 --------- d-------- C:\Program Files\iTunes
2007-07-02 20:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-06-20 17:30 --------- d-------- C:\Program Files\IVT Corporation
2007-06-12 15:45 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-08 11:41 --------- d-------- C:\Program Files\Apple Software Update
2007-05-25 18:40 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-25 17:54 0 -rahs---- C:\MSDOS.SYS
2007-05-25 17:54 0 -rahs---- C:\IO.SYS
2007-05-25 17:54 0 --a------ C:\CONFIG.SYS
2007-05-25 17:54 0 --a------ C:\AUTOEXEC.BAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 20:23]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-03 23:30:06]

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
R3 VM30xx86;Vimicro USB PC Camera (ZC0301);C:\WINDOWS\system32\Drivers\vm30xx86.sys
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 usbsermpt;Motorola USB Modem Driver for MPT;C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

Contents of the 'Scheduled Tasks' folder
2007-07-27 10:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 21:44:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 21:45:42
C:\ComboFix-quarantined-files.txt ... 2007-08-08 21:45
C:\ComboFix2.txt ... 2007-08-06 01:13

--- E O F ---

**Blade81** · 2007-08-09, 18:37

Does it give any error when you try to download updates?

We just cleaned some parts of Vundo which is most likely popup causer.

Better run AVG too since you have it installed. You meantioned also having ATF cleaner so I assume you still got it installed.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Don't select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the
Save Scan Report
button before you did hit the
Apply all Actions
button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot.

Post
-AVG Anti-Spyware log
-a fresh HJT log.

**shauna78** · 2007-08-09, 19:15

Hi Blade

AVG found nothing and fingers crossed but I haven't had any pop ups today!!

When I click on some programmes (itunes and reg mechanic) it either tells me they are not installed or it tells me that they encountered a problem and they need to close.

When I click to install the windows updates it says that some files could not be installed then the following show:

Security Update for Windows XP (KB928843)
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB933566)
Security Update for Windows XP (KB890859)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB930916)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB888302)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB918118)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB932168)
Security Update for Microsoft .NET Framework, Version 2.0 (KB928365)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB919007)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB891781)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB925902)
Security Update for Windows Media Player Plug-in (KB911564)
Update for Windows XP (KB910437)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Microsoft .NET Framework, Version 2.0 (KB922770)
Security Update for Windows Messenger (KB887472)
Update for Windows XP (KB931836)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB873339)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB924270)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB924667)
Security Update for Microsoft .NET Framework, Version 2.0 (KB917283)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB911927)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB885836)
Security Update for Windows XP (KB885835)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB899587)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:07:55 8/9/2007

+ Scan result:

Nothing found.

::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:55, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\highjackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 4977 bytes

**Blade81** · 2007-08-09, 21:55

Hi

Looks clean. I believe you could try asking help to that update problem at PCPitstop. They might be able to help you

**shauna78** · 2007-08-09, 22:11

Thanks Blade for all your help you are a star and a super one at that!

No pop ups all day - it is bliss.. I can't thank you enough

**Blade81** · 2007-08-09, 22:51

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thread: Help!

Thread Tools

Display

Help!

Posting Permissions