I have constant pop-ups in Windows Internet Explorer--even when I am using FireFox the Explorer windows still pop-up.
I have done the 5 step process on this website which was a big help, and I have also run Norton, AdAware, and Spybot on my computer, but there is something on my computer that none of this will get rid of and it seems to be something in my registry.
Any help would be greatly appreciated. Thank you!!
Here is the information from Deckard's System Scanner:
Deckard's System Scanner v20071014.68
Run by Jessica Holbrook on 2008-01-05 12:11:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
102: 2008-01-05 17:12:02 UTC - RP102 - Deckard's System Scanner Restore Point
101: 2008-01-05 06:01:22 UTC - RP101 - Last known good configuration
100: 2008-01-05 06:01:18 UTC - RP100 - Installed Ad-Aware 2007
99: 2008-01-05 06:01:18 UTC - RP99 - Removed Windows Defender
98: 2008-01-05 06:01:18 UTC - RP98 - Last known good configuration
-- First Restore Point --
1: 2008-01-05 06:01:13 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jessica Holbrook.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:32 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jessica Holbrook\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jessica Holbrook.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtst.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\jkkihih.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B90B223-1B13-49DA-A544-017DDA5530C5} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: jkkihih - C:\WINDOWS\SYSTEM32\jkkihih.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11426 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080104-230709-845 O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 core - c:\windows\system32\drivers\core.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 BCOREUSB (BCOREUSB.Sys CSR test driver) - c:\windows\system32\drivers\bcoreusb.sys <Not Verified; CSR; Bluetooth USB Dongle Device Driver>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-01-01 23:11:58 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job
-- Files created between 2007-12-05 and 2008-01-05 -----------------------------
2008-01-05 11:25:52 0 d-------- C:\ie-spyad_zo
2008-01-05 11:02:47 0 d-------- C:\Program Files\SpywareBlaster
2008-01-05 11:01:19 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-05 11:00:50 8576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-05 10:08:03 338944 --a------ C:\WINDOWS\system32\awtst.exe
2008-01-05 00:07:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40:07 8576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-04 23:24:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 22:56:23 0 d-------- C:\Program Files\Trend Micro
2008-01-04 20:32:10 0 d-------- C:\Program Files\Lavasoft
2008-01-04 20:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 11:39:04 407330 --ahs---- C:\WINDOWS\system32\tstwa.ini2
2008-01-03 11:38:57 335360 --a------ C:\WINDOWS\system32\awtst.dll
2008-01-02 13:30:23 40960 --a------ C:\WINDOWS\system32\tuvstus.dll
2008-01-01 22:54:14 0 d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54:13 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:50:56 0 d-------- C:\Program Files\Symantec
2008-01-01 22:50:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:17:19 9651 --ahs---- C:\WINDOWS\system32\fhhkj.ini2
2008-01-01 22:15:50 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-01 22:15:36 0 d-------- C:\Program Files\Temporary
2008-01-01 22:15:36 0 d-------- C:\Program Files\kernel
2008-01-01 22:15:08 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2008-01-01 22:13:06 134 --a------ C:\n.bat
2008-01-01 22:12:43 0 d--hs---- C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
2008-01-01 22:12:41 6771 --a------ C:\x.dat
2008-01-01 22:12:36 80640 -----n--- C:\WINDOWS\system32\drivers\core.sys
2008-01-01 22:12:34 3631 --a------ C:\z.dat
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\z1
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\mr9
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\aj2
2008-01-01 22:12:26 0 d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 22:12:25 0 d-------- C:\Temp
2008-01-01 22:12:22 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-01 22:12:22 47360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-01 22:12:22 81920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12:21 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12:12 0 d-------- C:\Program Files\CloneDVD
2008-01-01 22:12:12 0 d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12:08 40960 --a------ C:\WINDOWS\system32\jkkihih.dll
2008-01-01 22:10:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58:46 0 d-------- C:\Program Files\LimeWire
2008-01-01 21:53:43 0 d-------- C:\Program Files\DVD Decrypter
-- Find3M Report ---------------------------------------------------------------
2008-01-05 11:00:13 0 d-------- C:\Program Files\Google
2008-01-05 11:00:12 0 d-------- C:\Program Files\Clipmarks
2008-01-04 20:26:42 0 d-------- C:\Program Files\Common Files
2008-01-04 19:58:25 0 d-------- C:\Program Files\Windows Defender
2008-01-03 22:43:38 0 d-------- C:\Program Files\Messenger
2008-01-03 11:39:15 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-01-03 11:39:13 0 d-------- C:\Program Files\Microsoft Works
2008-01-02 13:34:02 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2008-01-01 22:16:19 0 d-------- C:\Program Files\Windows NT
2008-01-01 22:15:14 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-01 22:13:06 34 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.log
2008-01-01 22:12:22 1144 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.inf
2008-01-01 22:12:22 7176 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.cat
2007-12-03 14:18:39 0 d-------- C:\Program Files\CONEXANT
2007-12-03 13:41:20 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-27 14:36:07 374 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 14:32:59 555 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 14:32:59 18432 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 14:48:35 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 14:46:39 0 d-------- C:\Program Files\ieSpell
2007-11-24 21:56:41 29832 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 14:24:21 675579 --a------ C:\WINDOWS\PROGRAM.exe
2007-11-21 12
26 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-21 09:51:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-21 09:51:13 0 d-------- C:\Program Files\Canon
2007-11-21 09:48:18 0 d-------- C:\Program Files\Common Files\Canon
2007-11-18 16:52:50 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Adobe
2007-11-18 16:51:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-17 22:19:35 0 d-------- C:\Program Files\SigmaTel
2007-11-17 08:23:24 0 d-------- C:\Program Files\MSXML 6.0
2007-11-16 18:23:41 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Macromedia
2007-11-16 18:18:36 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2007-11-16 18:18:15 0 d-------- C:\Program Files\FaxTools
2007-11-16 13:35:38 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-16 13:28:12 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2007-11-16 09:48:42 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-15 20:32:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-15 20:32:52 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla
2007-11-15 20:26:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-15 20:26:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-15 20:26:02 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-15 20:19:48 356352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2007-11-15 20:18:17 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-15 20:02:46 0 d-------- C:\Program Files\BlueTooth
2007-11-15 19:55:06 0 d-------- C:\Program Files\Toshiba
2007-11-15 19:36:18 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:24:54 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Google
2007-11-15 14:34:49 0 d-------- C:\Program Files\Java
2007-11-15 14:01:26 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Sun
2007-11-15 14:01:15 0 d-------- C:\Program Files\Common Files\Java
2007-11-15 13:57:52 0 d-------- C:\Program Files\Dell
2007-11-15 13:42:57 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-15 13:00:48 0 d-------- C:\Program Files\Intel
2007-11-15 12:58:49 0 d-------- C:\Program Files\Broadcom
2007-11-15 12:55:00 565 --a------ C:\WINDOWS\checkip.dat
2007-11-15 12:28:31 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Identities
2007-11-15 12:21:01 0 d-------- C:\Program Files\microsoft frontpage
2007-11-15 12:20:38 0 -rahs---- C:\MSDOS.SYS
2007-11-15 12:20:38 0 -rahs---- C:\IO.SYS
2007-11-15 12:20:38 0 --a------ C:\CONFIG.SYS
2007-11-15 12:20:38 0 --a------ C:\AUTOEXEC.BAT
2007-11-15 12:19:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-15 12:18:22 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-15 12:18:11 0 d-------- C:\Program Files\Movie Maker
2007-11-15 12:17:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-15 12:16:49 0 d-------- C:\Program Files\Online Services
2007-11-15 07:01:24 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-15 07:01:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-15 07:00:55 62 --ahs---- C:\Documents and Settings\Jessica Holbrook\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}]
01/01/2008 10:12 PM 40960 --a------ C:\WINDOWS\system32\jkkihih.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B90B223-1B13-49DA-A544-017DDA5530C5}]
01/03/2008 11:39 AM 335360 --a------ C:\WINDOWS\system32\awtst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/01/2008 10:59 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" []
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" []
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" []
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/25/2007 12:07 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 11:53 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"kernel"="C:\Program Files\kernel\kernel.exe" []
C:\Documents and Settings\Jessica Holbrook\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [11/18/2005 5:46:00 PM]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [4/26/2004 5:13:54 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 6
54 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}"= C:\WINDOWS\system32\jkkihih.dll [01/01/2008 10:12 PM 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkihih]
jkkihih.dll 01/01/2008 10:12 PM 40960 C:\WINDOWS\system32\jkkihih.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2008-01-05 12:15:33 ------------
Spybot cannot get rid of it and lists it as:
Smitfraud-C.CoreService
Data: C:\WINDOWS\system32\drivers\core.cache.dsk
Systemfile: C:\WINDOWS\system32\drivers\core.sys
Settings: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core
Settings: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core