deja vu log [Archive] - Safer-Networking Forums

View Full Version : deja vu log

redsky

2006-11-29, 14:12

i got this error after the trojan with the virusbusters malware infected my machine..

i followed the steps needed to clean this out of my system tray etc.

now it seem to be gone, but everytime i open firefox i get a runtime error saying:
this application has requested the runtime to terminate it in an unusual way..

also i seem to encounter a problem with internet explorer everytime i just right click on the start button in the bar(on other right clicks it seem to happen too sometimes)

iv ran hitman pro, norton, adware, used smitfraudfix and also reinstalled firefox,
but it didnt fix these last two problem

now someone plz help me with analysing this hijackfile under it there is also a smitfraudfix rapport.

go for it:

Logfile of HijackThis v1.99.1
Scan saved at 1:41:40 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wgp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\DesktopKeeper\DesktopKeeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\KeyNote\keynote.exe
C:\Program Files\FreePOPs\freepopsd.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Switch Off\swoff.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\SatSrv.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HPUSER~1\LOCALS~1\Temp\Rar$EX00.515\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Handy Password - {B2DE56E2-907A-4080-AE06-5C2A7BD4364E} - C:\Program Files\Handy Password\HandyPasswordToolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Alarm Pro] D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [Screen shot Utility] D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe
O4 - HKLM\..\Run: [FreeRAM XP Pro] D:\Program Files\FreeRam XP Pro\FreeRAM XP Pro.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [BROWSE POKE VIEW BORE] "C:\Documents and Settings\All Users\Application Data\Dvd team browse poke\FIVEFUNK.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [User Test] "C:\DOCUME~1\HPUSER~1\APPLIC~1\FLAWDEAD\Obj Once Bows.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe"
O4 - HKCU\..\Run: [DesktopKeeper] "C:\Program Files\DesktopKeeper\DesktopKeeper.exe"
O4 - HKCU\..\Run: [HandyPassword] C:\ProgramFiles\HandyPassword\HandyPassword.exe /Tray
O4 - HKCU\..\Run: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -boot
O4 - Startup: Freepopsd.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Startup: jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Switch Off.lnk = C:\Program Files\Switch Off\swoff.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: KeyNote.lnk = C:\Program Files\KeyNote\keynote.exe
O8 - Extra context menu item: Autosubmit - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_autologin.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_fill.html
O8 - Extra context menu item: Fill with - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_fillwith.html
O8 - Extra context menu item: Lock - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_lock.html
O8 - Extra context menu item: Save - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_save.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O15 - Trusted Zone: http://www.winamp.com
O15 - Trusted Zone: *.winamp.com
O15 - Trusted Zone: http://*.www.w
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D1C992-B7D0-4892-BBAA-943F04923F98}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9864696E-AE98-49A6-BA4C-013938C71A6B}: NameServer = 195.130.131.5,192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpamPal for Windows - SpamPal.org - C:\Program Files\SpamPal\spampal.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

rapport:

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HPUSER~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://antwrp.gsfc.nasa.gov/apod/ap061107.html"
"SubscribedURL"="http://antwrp.gsfc.nasa.gov/apod/ap061107.html"
"FriendlyName"="APOD: 2006 November 7 - Janus: Potato Shaped Moon of Saturn"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

thanks

redsky

2006-12-03, 15:42

iv posted 4 days ago, i had a runtime error and a click error after a few trojans attacked my machine..

i think i solved these two problems,
but can someone please just look at my hijacklog and the rapport and
comment on it so i can be sure that i solved it correctly..

these is the (new) log and rapport

Logfile of HijackThis v1.99.1
Scan saved at 3:16:18 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\SatSrv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wgp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DesktopKeeper\DesktopKeeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\KeyNote\keynote.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\FreePOPs\freepopsd.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Switch Off\swoff.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\hh.exe
C:\Program Files\Steganos Security Suite 2006\SSS2006.exe
C:\Program Files\Steganos Security Suite 2006\SSS2006.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ael\ael.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HPUSER~1\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {B2DE56E2-907A-4080-AE06-5C2A7BD4364E} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BROWSE POKE VIEW BORE] "C:\Documents and Settings\All Users\Application Data\Dvd team browse poke\FIVEFUNK.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [User Test] "C:\DOCUME~1\HPUSER~1\APPLIC~1\FLAWDEAD\Obj Once Bows.exe"
O4 - HKCU\..\Run: [DesktopKeeper] "C:\Program Files\DesktopKeeper\DesktopKeeper.exe"
O4 - HKCU\..\Run: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Freepopsd.lnk = C:\Program Files\FreePOPs\freepopsd.exe
O4 - Startup: jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Switch Off.lnk = C:\Program Files\Switch Off\swoff.exe
O4 - Global Startup: Akala EXE Lock.lnk = C:\Program Files\ael\ael.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: KeyNote.lnk = C:\Program Files\KeyNote\keynote.exe
O4 - Global Startup: Mozilla Firefox (Safe Mode).lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Autosubmit - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_autologin.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_fill.html
O8 - Extra context menu item: Fill with - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_fillwith.html
O8 - Extra context menu item: Lock - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_lock.html
O8 - Extra context menu item: Save - res://C:\Program Files\Handy Password\HandyPasswordToolbar.dll/menu_save.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\hp user\application data\spampal\spampal\spampallsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D1C992-B7D0-4892-BBAA-943F04923F98}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9864696E-AE98-49A6-BA4C-013938C71A6B}: NameServer = 195.130.131.5,192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\SatSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpamPal for Windows - SpamPal.org - C:\Program Files\SpamPal\spampal.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

SmitFraudFix v2.125

Scan done at 15:32:12.20, Sun 12/03/2006
Run from C:\Documents and Settings\HP User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

thanks

pskelley

2006-12-06, 22:29

Hello and welcome to the forum, sorry for the wait, logs are many and volunteers are few. If you still need help and are not receiving it at another forum, please do this.
I apologize, looks like this one was missed. tashi put this link at the top of the page where you first posted;
http://forums.spybot.info/showthread.php?t=1137
If you have waited FOUR days for advice post here.

If your problems have not been resolved, please post a new HJT log and I will respond with instructions as soon as possible after that.
Describe the problems you are having, mention any error message "word for word"

Thanks

tashi

2006-12-12, 04:27

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.