View Full Version : Smitfraud-C.CoreService
Smitfraudruinedme
2007-07-24, 06:38
This is laughable at this point, let me start out by sayin I'm a novice when it comes to computers. Smitfraud just will not go away, I need help
It will require some patience as I havent the foggiest idea where to start...Thanks in advance
Please help Smitfraud unruin me
Hello.
Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Copy and paste the logs requested into this topic, and a helper will assist you as soon as available. :)
Smitfraudruinedme
2007-07-25, 03:56
Logfile of HijackThis v1.99.1
Scan saved at 8:51:55 PM, on 7/24/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\wdblxkwA.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4F7IX4FJ\HijackThis[1].exe
C:\WINDOWS\NOTEDAD.EXE
C:\WINDOWS\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://isp.member.yahoo.com/regisp/y/rd?.target=vtruck6dl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1F268D33-2F7A-470E-B298-B860EA4910A0} - C:\WINDOWS\System32\jkkjg.dll (file missing)
O2 - BHO: (no name) - {3739D699-02BF-48C5-B74B-C951785831C1} - C:\Program Files\WindowsUpdate\hope83122.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\System32\dgspeyij.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\System32\xxyxvuu.dll
O2 - BHO: (no name) - {DD7C8836-3FEC-4E81-983E-D960D6BF0FD6} - C:\WINDOWS\System32\ssqpq.dll
O2 - BHO: (no name) - {FF35A0A1-CBD6-42C2-BABB-077E95170640} - C:\WINDOWS\System32\gebyx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdblxkwA] C:\WINDOWS\wdblxkwA.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [{DA-AC-C0-03-ZN}] C:\windows\system32\mrdsrego.exe SKY009
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\iyvwsybi.dll",forkonce
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185322204420
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185322188373
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\System32\ssqpq.dll
O20 - Winlogon Notify: xxyxvuu - C:\WINDOWS\SYSTEM32\xxyxvuu.dll
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
ndmmxiaomayi
2007-07-26, 05:33
Hi Smitfraudruinedme. :)
Welcome to Safer Networking Forums. My name is mayi and I will be helping you. As I am still in training, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
2007-07-26, 11:18
Hi Smitfraudruinedme,
Your computer has no service packs and this can leave you wide open to infections as it is not patched up.
Please download SP1a (http://www.microsoft.com/windowsxp/downloads/updates/sp1/express.mspx) and install it, restart your computer.
If you have problems installing it, please let me know and continue with the rest of the steps.
______________________________
Please also get an antivirus program installed on your computer. Without an antivirus program protecting your system in real-time, your computer could be infected while we are cleaning.
Please download and install ONE antivirus from one of the links below:
AVG Antivirus Free (http://free.grisoft.com/softw/70free/setup/avg75free_476a1048.exe)
AntiVir for Windows 2000 and Windows XP (http://www.free-av.com/down/windows/antivir_workstation_win7u_en_h.exe)
avast! 4 Home Edition (http://files.avast.com/iavs4pro/setupeng.exe)
Clamwin (http://prdownloads.sourceforge.net/clamwin/clamwin-0.90.2.1-setup.exe?download)
______________________________
Please download the latest stable version of HijackThis from here (http://downloads.malwareremoval.com/hijackthis_sfx.exe). Do Not run it directly via a browser. Save it to your desktop.
Double click to run it.
Click on the Unzip button. It will install HijackThis to C:\Program Files\HijackThis.
Go to C:\Program Files\HijackThis and right click on HijackThis.exe. Select Rename.
Type in dumb and press Enter.
Double click on dumb to run it.
Select Do a system scan and save a logfile. Please post this log in your next reply.Do not fix anything you see as not all entries are harmful to your PC. Do not close HijackThis yet.
Click on the Config... button at the bottom right hand corner.
At the top, click on the Misc Tools button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post back this list in your next reply.
In your next reply, please post:
A new HijackThis log
The Uninstall list
This topic has been archived.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you ndmmxiaomayi.