Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Constant Pop-Ups: Smitfraud-C.CoreService
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-05-2008, 10:16 AM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Constant Pop-Ups: Smitfraud-C.CoreService
I have constant pop-ups in Windows Internet Explorer--even when I am using FireFox the Explorer windows still pop-up.

I have done the 5 step process on this website which was a big help, and I have also run Norton, AdAware, and Spybot on my computer, but there is something on my computer that none of this will get rid of and it seems to be something in my registry.

Any help would be greatly appreciated. Thank you!!

Here is the information from Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Run by Jessica Holbrook on 2008-01-05 12:11:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-01-05 17:12:02 UTC - RP102 - Deckard's System Scanner Restore Point
101: 2008-01-05 06:01:22 UTC - RP101 - Last known good configuration
100: 2008-01-05 06:01:18 UTC - RP100 - Installed Ad-Aware 2007
99: 2008-01-05 06:01:18 UTC - RP99 - Removed Windows Defender
98: 2008-01-05 06:01:18 UTC - RP98 - Last known good configuration


-- First Restore Point --
1: 2008-01-05 06:01:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jessica Holbrook.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:32 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jessica Holbrook\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jessica Holbrook.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtst.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\jkkihih.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B90B223-1B13-49DA-A544-017DDA5530C5} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: jkkihih - C:\WINDOWS\SYSTEM32\jkkihih.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11426 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080104-230709-845 O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 core - c:\windows\system32\drivers\core.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 BCOREUSB (BCOREUSB.Sys CSR test driver) - c:\windows\system32\drivers\bcoreusb.sys <Not Verified; CSR; Bluetooth USB Dongle Device Driver>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-01 23:11:58 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job


-- Files created between 2007-12-05 and 2008-01-05 -----------------------------

2008-01-05 11:25:52 0 d-------- C:\ie-spyad_zo
2008-01-05 11:02:47 0 d-------- C:\Program Files\SpywareBlaster
2008-01-05 11:01:19 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-05 11:00:50 8576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-05 10:08:03 338944 --a------ C:\WINDOWS\system32\awtst.exe
2008-01-05 00:07:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40:07 8576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-04 23:24:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 22:56:23 0 d-------- C:\Program Files\Trend Micro
2008-01-04 20:32:10 0 d-------- C:\Program Files\Lavasoft
2008-01-04 20:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 11:39:04 407330 --ahs---- C:\WINDOWS\system32\tstwa.ini2
2008-01-03 11:38:57 335360 --a------ C:\WINDOWS\system32\awtst.dll
2008-01-02 13:30:23 40960 --a------ C:\WINDOWS\system32\tuvstus.dll
2008-01-01 22:54:14 0 d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54:13 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:50:56 0 d-------- C:\Program Files\Symantec
2008-01-01 22:50:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:17:19 9651 --ahs---- C:\WINDOWS\system32\fhhkj.ini2
2008-01-01 22:15:50 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-01 22:15:36 0 d-------- C:\Program Files\Temporary
2008-01-01 22:15:36 0 d-------- C:\Program Files\kernel
2008-01-01 22:15:08 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2008-01-01 22:13:06 134 --a------ C:\n.bat
2008-01-01 22:12:43 0 d--hs---- C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
2008-01-01 22:12:41 6771 --a------ C:\x.dat
2008-01-01 22:12:36 80640 -----n--- C:\WINDOWS\system32\drivers\core.sys
2008-01-01 22:12:34 3631 --a------ C:\z.dat
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\z1
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\mr9
2008-01-01 22:12:33 0 d-------- C:\WINDOWS\system32\aj2
2008-01-01 22:12:26 0 d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 22:12:25 0 d-------- C:\Temp
2008-01-01 22:12:22 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-01 22:12:22 47360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-01 22:12:22 81920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12:21 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12:12 0 d-------- C:\Program Files\CloneDVD
2008-01-01 22:12:12 0 d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12:08 40960 --a------ C:\WINDOWS\system32\jkkihih.dll
2008-01-01 22:10:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58:46 0 d-------- C:\Program Files\LimeWire
2008-01-01 21:53:43 0 d-------- C:\Program Files\DVD Decrypter


-- Find3M Report ---------------------------------------------------------------

2008-01-05 11:00:13 0 d-------- C:\Program Files\Google
2008-01-05 11:00:12 0 d-------- C:\Program Files\Clipmarks
2008-01-04 20:26:42 0 d-------- C:\Program Files\Common Files
2008-01-04 19:58:25 0 d-------- C:\Program Files\Windows Defender
2008-01-03 22:43:38 0 d-------- C:\Program Files\Messenger
2008-01-03 11:39:15 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-01-03 11:39:13 0 d-------- C:\Program Files\Microsoft Works
2008-01-02 13:34:02 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2008-01-01 22:16:19 0 d-------- C:\Program Files\Windows NT
2008-01-01 22:15:14 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-01 22:13:06 34 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.log
2008-01-01 22:12:22 1144 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.inf
2008-01-01 22:12:22 7176 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.cat
2007-12-03 14:18:39 0 d-------- C:\Program Files\CONEXANT
2007-12-03 13:41:20 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-27 14:36:07 374 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 14:32:59 555 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 14:32:59 18432 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 14:48:35 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 14:46:39 0 d-------- C:\Program Files\ieSpell
2007-11-24 21:56:41 29832 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 14:24:21 675579 --a------ C:\WINDOWS\PROGRAM.exe
2007-11-21 1226 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-21 09:51:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-21 09:51:13 0 d-------- C:\Program Files\Canon
2007-11-21 09:48:18 0 d-------- C:\Program Files\Common Files\Canon
2007-11-18 16:52:50 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Adobe
2007-11-18 16:51:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-17 22:19:35 0 d-------- C:\Program Files\SigmaTel
2007-11-17 08:23:24 0 d-------- C:\Program Files\MSXML 6.0
2007-11-16 18:23:41 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Macromedia
2007-11-16 18:18:36 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2007-11-16 18:18:15 0 d-------- C:\Program Files\FaxTools
2007-11-16 13:35:38 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-16 13:28:12 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2007-11-16 09:48:42 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-15 20:32:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-15 20:32:52 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla
2007-11-15 20:26:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-15 20:26:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-15 20:26:02 0 d-------- C:\Program Files\SystemRequirementsLab
2007-11-15 20:19:48 356352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2007-11-15 20:18:17 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-15 20:02:46 0 d-------- C:\Program Files\BlueTooth
2007-11-15 19:55:06 0 d-------- C:\Program Files\Toshiba
2007-11-15 19:36:18 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:24:54 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Google
2007-11-15 14:34:49 0 d-------- C:\Program Files\Java
2007-11-15 14:01:26 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Sun
2007-11-15 14:01:15 0 d-------- C:\Program Files\Common Files\Java
2007-11-15 13:57:52 0 d-------- C:\Program Files\Dell
2007-11-15 13:42:57 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-15 13:00:48 0 d-------- C:\Program Files\Intel
2007-11-15 12:58:49 0 d-------- C:\Program Files\Broadcom
2007-11-15 12:55:00 565 --a------ C:\WINDOWS\checkip.dat
2007-11-15 12:28:31 0 d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Identities
2007-11-15 12:21:01 0 d-------- C:\Program Files\microsoft frontpage
2007-11-15 12:20:38 0 -rahs---- C:\MSDOS.SYS
2007-11-15 12:20:38 0 -rahs---- C:\IO.SYS
2007-11-15 12:20:38 0 --a------ C:\CONFIG.SYS
2007-11-15 12:20:38 0 --a------ C:\AUTOEXEC.BAT
2007-11-15 12:19:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-15 12:18:22 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-15 12:18:11 0 d-------- C:\Program Files\Movie Maker
2007-11-15 12:17:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-15 12:16:49 0 d-------- C:\Program Files\Online Services
2007-11-15 07:01:24 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-15 07:01:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-15 07:00:55 62 --ahs---- C:\Documents and Settings\Jessica Holbrook\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}]
01/01/2008 10:12 PM 40960 --a------ C:\WINDOWS\system32\jkkihih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B90B223-1B13-49DA-A544-017DDA5530C5}]
01/03/2008 11:39 AM 335360 --a------ C:\WINDOWS\system32\awtst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/01/2008 10:59 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 07:00 AM C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" []
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" []
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" []
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/25/2007 12:07 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 11:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"kernel"="C:\Program Files\kernel\kernel.exe" []

C:\Documents and Settings\Jessica Holbrook\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [11/18/2005 5:46:00 PM]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [4/26/2004 5:13:54 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 654 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}"= C:\WINDOWS\system32\jkkihih.dll [01/01/2008 10:12 PM 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkihih]
jkkihih.dll 01/01/2008 10:12 PM 40960 C:\WINDOWS\system32\jkkihih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-01-05 12:15:33 ------------


Spybot cannot get rid of it and lists it as:

Smitfraud-C.CoreService
Data: C:\WINDOWS\system32\drivers\core.cache.dsk
Systemfile: C:\WINDOWS\system32\drivers\core.sys
Settings: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core
Settings: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core
Attached Files
File Type: txt extra.txt (16.2 KB, 1 views)
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-07-2008, 01:57 AM   #2 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


EEK! My screen is spinning!
I posted a post about pop-ups on Saturday with my log after I finished the 5 step process listed on the forum. Click here to see that post.

But, just a few minutes ago everything on my screen started flying by 100 miles an hour and wouldn't stop. Everything on my screen was moving horizontally from left to right and would not stop until I turned off my computer. Has anyone ever seen this before?

Please help!
Last edited by jonniegirl77; 01-07-2008 at 01:59 AM.
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 03:24 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Re: My screen is spinning!
I just ran a new log in case something has changed since the last one. Any thoughts?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:53 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3329] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6933] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8871] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4281] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4710] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3331] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5592] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2658] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11030 bytes
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 08:32 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,971
OS: WinXP and Vista


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Hello jonniegirl77 and welcome to TSF,

Please do not begin a new thread--keep everything together in one thread when concerning the same computer system.

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you at C:\ComboFix.txt. I'll need to see that in your next reply, along with a new HijackThis log.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

**If your screen won't stay still long enough for you to double click ComboFix.exe, boot into Safe Mode to run it.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

6) Double click ComboFix.exe to run it. I'll need to see the log it produces in order to continue cleaning the system.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 08:45 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Thank you for your help, Reid!

I ran ComboFix and somehow closed the text window while trying to save it. Ooops. So, I ran it again--I hope that is alright. I haven't had a pop-up since writing this and my screen looks normal, so hopefully the ComboFix did something good.

Here is the ComboFix.txt from the second run & the new HijackThis log:

ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 11:35:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.659 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys
2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys
2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS
2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO
2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec
2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-01 22:15 . 2008-01-03 11:39 <DIR> d-------- C:\Program Files\kernel
2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-01 22:13 . 2008-01-01 22:13 134 --a------ C:\n.bat
2008-01-01 22:12 . 2008-01-01 23:03 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-01 22:12 . 2008-01-01 23:06 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 22:12 . 2008-01-05 00:05 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-01 22:12 . 2008-01-02 14:01 <DIR> d--hs---- C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Temp\cEeer12
2008-01-01 22:12 . 2008-01-07 11:22 <DIR> d-------- C:\Temp
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD
2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys
2008-01-01 22:12 . 2008-01-02 14:05 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:00 --------- d-----w C:\Program Files\Google
2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks
2008-01-05 00:58 --------- d-----w C:\Program Files\Windows Defender
2008-01-03 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-03 16:39 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT
2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell
2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 14:51 --------- d-----w C:\Program Files\Canon
2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon
2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools
2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002
2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth
2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba
2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-11-15 18:57 --------- d-----w C:\Program Files\Dell
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-15 18:00 --------- d-----w C:\Program Files\Intel
2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom
2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
Code:
<pre>
----a-w            39,792 2008-01-02 03:49:15  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            28,738 2008-01-02 03:49:08  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w            68,856 2008-01-02 03:49:21  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           974,848 2008-01-02 03:48:56  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           823,296 2008-01-02 03:48:54  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w            61,440 2008-01-02 03:49:27  C:\Program Files\kernel\kernel .exe
----a-w            57,344 2008-01-02 03:49:12  C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w         1,694,208 2008-01-02 03:49:27  C:\Program Files\Messenger\msmsgs .exe
----a-w            24,576 2008-01-02 03:49:07  C:\Program Files\Microsoft Works\wkfud .exe
----a-w           331,830 2008-01-02 03:49:05  C:\Program Files\Microsoft Works\WksSb .exe
----a-w           866,584 2008-01-02 03:49:18  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            15,360 2008-01-05 16:58:12  C:\WINDOWS\system32\ctfmon .exe
----a-w           159,744 2008-01-02 03:48:58  C:\WINDOWS\system32\hkcmd .exe
----a-w           131,072 2008-01-02 03:49:01  C:\WINDOWS\system32\igfxpers .exe
----a-w           135,168 2008-01-02 03:48:55  C:\WINDOWS\system32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [ ]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [ ]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 1854]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 11:36:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 11:36:45
ComboFix-quarantined-files.txt 2008-01-07 16:36:36
ComboFix2.txt 2008-01-07 16:27:22
.
2008-01-04 12:45:26 --- E O F ---



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:38 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9966 bytes
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 08:52 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Hi jonniegirl77 -

I just happened to be reading this thread. I know Ried will want to see the original ComboFix log.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\Qoobox\ComboFix2.txt

A notepad file will open. Post the contents of that file in a reply for Ried's review. Thanks.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 08:59 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Thank you, Tetonbob!

Here's the C:\Qoobox\ComboFix2.txt:

ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 11:20:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\ETNADiag.exe
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxwphvtb.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\systeminfo3.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\z1
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 11:20 . 2008-01-07 11:20 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys
2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys
2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS
2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO
2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec
2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-01 22:15 . 2008-01-03 11:39 <DIR> d-------- C:\Program Files\kernel
2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-01 22:13 . 2008-01-01 22:13 134 --a------ C:\n.bat
2008-01-01 22:12 . 2008-01-01 23:03 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-01 22:12 . 2008-01-01 23:06 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 22:12 . 2008-01-05 00:05 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-01 22:12 . 2008-01-02 14:01 <DIR> d--hs---- C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Temp\cEeer12
2008-01-01 22:12 . 2008-01-07 11:22 <DIR> d-------- C:\Temp
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD
2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys
2008-01-01 22:12 . 2008-01-02 14:05 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:00 --------- d-----w C:\Program Files\Google
2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks
2008-01-05 00:58 --------- d-----w C:\Program Files\Windows Defender
2008-01-03 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-03 16:39 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT
2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell
2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 14:51 --------- d-----w C:\Program Files\Canon
2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon
2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools
2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002
2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth
2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba
2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-11-15 18:57 --------- d-----w C:\Program Files\Dell
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-15 18:00 --------- d-----w C:\Program Files\Intel
2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom
2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
Code:
<pre>
----a-w            39,792 2008-01-02 03:49:15  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            28,738 2008-01-02 03:49:08  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w            68,856 2008-01-02 03:49:21  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           974,848 2008-01-02 03:48:56  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           823,296 2008-01-02 03:48:54  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w            61,440 2008-01-02 03:49:27  C:\Program Files\kernel\kernel .exe
----a-w            57,344 2008-01-02 03:49:12  C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w         1,694,208 2008-01-02 03:49:27  C:\Program Files\Messenger\msmsgs .exe
----a-w            24,576 2008-01-02 03:49:07  C:\Program Files\Microsoft Works\wkfud .exe
----a-w           331,830 2008-01-02 03:49:05  C:\Program Files\Microsoft Works\WksSb .exe
----a-w           866,584 2008-01-02 03:49:18  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            15,360 2008-01-05 16:58:12  C:\WINDOWS\system32\ctfmon .exe
----a-w           159,744 2008-01-02 03:48:58  C:\WINDOWS\system32\hkcmd .exe
----a-w           131,072 2008-01-02 03:49:01  C:\WINDOWS\system32\igfxpers .exe
----a-w           135,168 2008-01-02 03:48:55  C:\WINDOWS\system32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [ ]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [ ]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 1854]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 11:25:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 11:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 16:27:19
.
2008-01-04 12:45:26 --- E O F ---
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 12:37 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,971
OS: WinXP and Vista


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Thank you tetonbob.

Hello jonniegirl77,

This round will be considerably more time consuming for you as we have quite a bit to do. Just take it a step at a time.


*Important*

One or more of the infections onboard is a backdoor trojan.

Your account login and passwords for sites have been severely compromised. The x.dat and z.dat folders (now deleted by ComboFix) were the work of the attacker, and those folders collected the account login and passwords of sites you frequent.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords to your accounts from that clean machine. It would also be wise to contact those same financial institutions to apprise them of your situation.

Do NOT change passwords or do any transactions from this computer until we've finished cleaning it.

***************************************************

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in their entirety, and in the sequence listed below.

***************************************************

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/208939-constant-pop-ups-smitfraud-c-coreservice-post1252449.html#post1252449

Collect::
C:\WINDOWS\mrofinu1000106.exe.tmp

RenV::
----a-w            39,792 2008-01-02 03:49:15  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            28,738 2008-01-02 03:49:08  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w            68,856 2008-01-02 03:49:21  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           974,848 2008-01-02 03:48:56  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           823,296 2008-01-02 03:48:54  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w            61,440 2008-01-02 03:49:27  C:\Program Files\kernel\kernel .exe
----a-w            57,344 2008-01-02 03:49:12  C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w         1,694,208 2008-01-02 03:49:27  C:\Program Files\Messenger\msmsgs .exe
----a-w            24,576 2008-01-02 03:49:07  C:\Program Files\Microsoft Works\wkfud .exe
----a-w           331,830 2008-01-02 03:49:05  C:\Program Files\Microsoft Works\WksSb .exe
----a-w           866,584 2008-01-02 03:49:18  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            15,360 2008-01-05 16:58:12  C:\WINDOWS\system32\ctfmon .exe
----a-w           159,744 2008-01-02 03:48:58  C:\WINDOWS\system32\hkcmd .exe
----a-w           131,072 2008-01-02 03:49:01  C:\WINDOWS\system32\igfxpers .exe
----a-w           135,168 2008-01-02 03:48:55  C:\WINDOWS\system32\igfxtray .exe

File::
C:\n.bat

Folder::
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\aj2
C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
C:\Temp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kernel"=-
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
---------------------------------------------------------------------

While you're connected to the internet...

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix) Do not run it yet.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
C:\SDFix\Report.txt
Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 01-07-2008 at 12:42 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 03:11 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Okay, Ried:

Hopefully, I did everything below right! Let me know if there is anything I missed.

Thank you again for your help! I really, really appreciate it.

C:\ComboFix.txt:

ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 15:55:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica Holbrook\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\mr9

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys
2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys
2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS
2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO
2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec
2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40 . 2008-01-07 15:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-01 22:15 . 2008-01-07 15:55 <DIR> d-------- C:\Program Files\kernel
2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD
2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys
2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 20:55 --------- d-----w C:\Program Files\Windows Defender
2008-01-07 20:55 --------- d-----w C:\Program Files\Microsoft Works
2008-01-07 20:55 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-05 16:00 --------- d-----w C:\Program Files\Google
2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks
2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT
2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell
2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 14:51 --------- d-----w C:\Program Files\Canon
2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon
2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools
2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002
2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth
2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba
2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-11-15 18:57 --------- d-----w C:\Program Files\Dell
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-15 18:00 --------- d-----w C:\Program Files\Intel
2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom
2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 22:49 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-05 11:58 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-01 22:49 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-01-01 22:48 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-01-01 22:48 974848]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-01 22:48 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-01 22:48 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-01 22:49 131072]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2008-01-01 22:49 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2008-01-01 22:49 331830]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2008-01-01 22:49 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 22:49 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 1854]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 15:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 15:57:08
ComboFix-quarantined-files.txt 2008-01-07 20:56:59
ComboFix2.txt 2008-01-07 16:36:46
ComboFix3.txt 2008-01-07 16:27:22
.
2008-01-04 12:45:26 --- E O F ---



C:\SDFix\Report.txt:


SDFix: Version 1.124

Run by Jessica Holbrook on Mon 01/07/2008 at 04:24 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDfix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\WINDOW~1\PROHDY~1.HTM - Deleted
C:\PROGRA~1\WINDOW~1\LAXURI - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 16:28:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414905e1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016414905e1]

scanning hidden registry entries ...

scanning hidden files ...

C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-01-07-0a5b.kc 272596 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 3 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0013.tmp"
Sat 29 Dec 2007 36,352 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0412.tmp"
Fri 28 Dec 2007 34,816 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0633.tmp"
Sat 29 Dec 2007 40,448 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL0890.tmp"
Sat 29 Dec 2007 41,472 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1976.tmp"
Sat 29 Dec 2007 35,840 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL1989.tmp"
Sat 29 Dec 2007 36,864 ...H. --- "C:\Documents and Settings\Jessica Holbrook\My Documents\My BRF Files\~WRL2329.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Mon 19 Nov 2007 33,792 ...H. --- "C:\Documents and Settings\Jessica Holbrook\Application Data\Microsoft\Word\~WRL0004.tmp"

Finished!



Kaspersky results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 07, 2008 6:01:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/01/2008
Kaspersky Anti-Virus database records: 503926
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47200
Number of viruses found: 22
Number of infected objects: 117
Number of suspicious objects: 0
Duration of the scan process: 00:47:45

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMP10F.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPEF.tmp Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF7.tmp EmbeddedEXE: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPF9.tmp EmbeddedEXE: infected - 1 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\Deckard\System Scanner\backup\DOCUME~1\JESSIC~1\LOCALS~1\Temp\TMPFB.tmp EmbeddedEXE: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{F5C020C5-23B7-4D4D-9277-D90606A1F2B6}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0809D4F2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\95A23A0B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\history.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\key3.db Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip/mrofinu1000106.exe.tmp Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\Jessica Holbrook\Desktop\[4]-Submit_2008-01-07@15.55.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Jessica Holbrook\Incomplete\Preview-T-3045692-01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Application Data\Mozilla\Firefox\Profiles\83igkbad.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temp\~DFEE64.tmp Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar/Acrobat32.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe/data.rar Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip/resume.pdf.exe Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume/resume.pdf.zip Infected: Email-Worm.Win32.Agent.ax skipped
C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst Mail MS Mail: infected - 8 skipped
C:\Documents and Settings\Jessica Holbrook\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jessica Holbrook\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\kernel\kernel.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
C:\QooBox\Quarantine\catchme2008-01-07_112529.87.zip ZIP: infected - 1 skipped
C:\SDFix\backups\backups.zip/backups/prohdyge.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026408.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026409.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP100\A0026410.exe Infected: Trojan.Win32.Pakes.bvs skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0026440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP101\A0027456.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027703.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027708.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP104\A0027741.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027818.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP105\A0027844.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP107\change.log Object is locked skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004528.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP55\A0004529.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007541.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007544.exe Infected: Trojan-Spy.Win32.Agent.aan skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP61\A0007545.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025538.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025539.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025542.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025558.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP93\A0025559.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025566.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025567.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025568.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025569.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025574.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025575.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025576.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025578.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025579.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025580.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025594.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025595.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025596.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025597.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025598.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025599.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025600.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025601.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025602.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025603.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025604.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025605.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025606.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025607.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025608.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025609.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025619.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025627.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025640.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025657.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025662.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025663.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025678.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025689.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP94\A0025690.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025836.exe Infected: Trojan-Downloader.Win32.Agent.dzm skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025837.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025838.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025839.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025841.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025843.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025905.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025909.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025910.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP95\A0025911.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8110A595-0EFE-4A52-9031-3A73A962DD94}\RP99\A0026175.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EB08022F-D1AC-40AE-AFC2-BE6FF3FDA10A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET6D60.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:53 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10645 bytes



Update on system behavior:

Since I have been back on the internet, I haven't had anything unusual happen--no pop-ups, no scrolling screen, or anything else.
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2008, 07:01 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,971
OS: WinXP and Vista


Re: Constant Pop-Ups: Smitfraud-C.CoreService
You did just fine, nice work.

Just a few loose ends to take care of. Once again, please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Uninstall your old version of Java via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs), as it's no longer needed and continues to pose a security risk:

Java 2 Runtime Environment, SE v1.4.2_03


--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folder

C:\Program Files\kernel
C:\Documents and Settings\Jessica Holbrook\Incomplete\ Preview-T-2559308-Rare Recording.wma
C:\Documents and Settings\Jessica Holbrook\Incomplete\ Preview-T-3045692-01 Track 1.wma

*Note--if those 2 files are all that are in that Incomplete folder, just go ahead and delete the entire folder.

--------------------------------------------------------------------

These e-mails are infected, please delete them:

C:\Documents and Settings\Jessica Holbrook\My Documents\Outlook Archives\Sent\archive.pst
/Archive Folders/Inbox/24 Oct 2007 04:09 from David Green:Resume
/Archive Folders/Inbox/07 Nov 2007 13:02 from peter brown:Resume

--------------------------------------------------------------------

I see a new folder--Enigma Software Group. What program did you install this morning?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-08-2008, 08:00 AM   #11 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Smile Re: Constant Pop-Ups: Smitfraud-C.CoreService
Hey, Reid!

Thank you so much for your help!

I completed the above steps--except I went ahead and deleted the entire archive inbox folder because I do not need it anymore anyway.

The Enigma Software Group is for some anti-spyware program, but I deleted it just in case, because I already have other anti-spyware programs and after running a quick search about it on this forum, someone said this:
Spyhunter
This program was listed before in the rogue antispyware list because of their bad practices to sell their product and later on, after they changed their ways, spyhunter was de-listed. I suggest however that you uninstall it because we may never know what hidden agenda they may have right now. They've done it before and nothing can stop them from doing it again. There are other better antispyware programs out there that you can download and use.
...so I deleted it.

I did not know if you needed a new HijackThis log, but I ran one just in case:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:06 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Clipmarks - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196192444765
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10569 bytes



...and again...thank you! thank you! thank you!

Jessica
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-08-2008, 09:28 AM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,971
OS: WinXP and Vista


Re: Constant Pop-Ups: Smitfraud-C.CoreService
You're welcome, jonniegirl777.

Quote:
The Enigma Software Group is for some anti-spyware program, but I deleted it just in case, because I already have other anti-spyware programs and after running a quick search about it on this forum, someone said this:

Spyhunter
This program was listed before in the rogue antispyware list because of their bad practices to sell their product and later on, after they changed their ways, spyhunter was de-listed. I suggest however that you uninstall it because we may never know what hidden agenda they may have right now. They've done it before and nothing can stop them from doing it again. There are other better antispyware programs out there that you can download and use.
...so I deleted it.
Excellent! Good job researching--that's exactly correct.

Go ahead and delete this folder as well, if you haven't already:

C:\Program Files\Enigma Software Group

-----------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-08-2008, 11:31 AM   #13 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Done! I followed all the directions above. Thanks again for your help! =) Everything is working perfectly, so this thread should definitely be considered resolved.
jonniegirl77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-08-2008, 09:10 PM   #14 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,971
OS: WinXP and Vista


Re: Constant Pop-Ups: Smitfraud-C.CoreService
Glad to hear it, and you're quite welcome.

Take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:57 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84