"Fatal error in IE has occured at 0028:c0011e36 in VXD VMM (01)+00010e36
Error caused by Trojan-Spy.HTML.Smitfraud.c"
When I click on IE I get the hour glass to wait, but nothing happens. HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:19:56 PM, on 5/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Comcast\Security Manager\app\Prism.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINNT\System32\3x5ern3ih6thd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\systemdll.exe
C:\wp.exe
C:\Program Files\Weatherscope\Weatherscope.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINNT\system32\ntvdm.exe
C:\PROGRA~1\ULTIMA~1\uzip.exe
C:\DOCUME~1\LIK~1.6RR\LOCALS~1\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com...=31130123321003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com...=31130123321003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com...=31130123321003
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com...=31130123321003
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com...=31130123321003
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.MyJoi.net/MyJoi.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com...=31130123321003
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINNT\System32\AUserInit.exe
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\7UY5EU~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Security Manager Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Tsshk] C:\Program Files\Rbdkmk\Qupuqlb.exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\System32\3x5ern3ih6thd.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [systemdll] C:\WINNT\systemdll.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} - http://www.downloadalot.com (file missing)
O9 - Extra 'Tools' menuitem: Free Software Downloads - {C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} - http://www.downloadalot.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {1FF5C246-BD5A-4F8D-8976-0F4DF6D6CBC1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1FF5C246-BD5A-4F8D-8976-0F4DF6D6CBC1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {21347AFC-B91D-4E16-8D8B-D6661C783A14} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {21347AFC-B91D-4E16-8D8B-D6661C783A14} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5A92371F-7841-414A-8E14-F7DF2919210B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5A92371F-7841-414A-8E14-F7DF2919210B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D1703C2-2C9C-433D-B8F2-DE7D13D832BE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D1703C2-2C9C-433D-B8F2-DE7D13D832BE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B6C17B4B-6D80-4B56-A660-3161B5EC9615} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6C17B4B-6D80-4B56-A660-3161B5EC9615} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2AC59A7-4851-47B0-98A3-0F9E6A00D0E2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2AC59A7-4851-47B0-98A3-0F9E6A00D0E2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ECDDA003-D37C-470A-AEBA-F883CBF72B46} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ECDDA003-D37C-470A-AEBA-F883CBF72B46} - (no file) (HKCU)
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O16 - DPF: {11111111-2222-3333-4444-555555555555} - https://www.taxsimpl...rix/federal.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_5_0.cab
O20 - AppInit_DLLs: 8hhshm1oz6yuvull.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe