Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:43 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.c...p...0.2.65&q=He Say She Say {Lupe Fiasco}.Again {John Legend}&url=http://my.alot.com (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {3762958F-DF2E-4F7D-9E4E-5748B56DBA6A} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony...ct/VaioInfo.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108343189202
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CA52EFF-86C4-4C9F-BB35-799CD403FE32}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E713E9-FDEF-4D7A-8DB5-FC12A5AF3FA8}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.140 85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.140 85.255.112.93
O20 - AppInit_DLLs: 6741f5de
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6013 bytes
[01/27/2008, 15:44:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Maxine Cook\Desktop\VirtumundoBeGone.exe" )
[01/27/2008, 15:44:40] - Detected System Information:
[01/27/2008, 15:44:40] - Windows Version: 5.1.2600, Service Pack 2
[01/27/2008, 15:44:40] - Current Username: Maxine Cook (Admin)
[01/27/2008, 15:44:40] - Windows is in SAFE mode with Networking.
[01/27/2008, 15:44:40] - Searching for Browser Helper Objects:
[01/27/2008, 15:44:40] - BHO 1: {0A87E45F-537A-40B4-B812-E2544C21A09F} ()
[01/27/2008, 15:44:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 15:44:40] - No filename found. Continuing.
[01/27/2008, 15:44:40] - BHO 2: {3464DC6B-5B16-4C66-8ABF-40C12A167BC2} ()
[01/27/2008, 15:44:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 15:44:40] - Checking for HKLM\...\Winlogon\Notify\mljgh
[01/27/2008, 15:44:40] - Key not found: HKLM\...\Winlogon\Notify\mljgh, continuing.
[01/27/2008, 15:44:40] - BHO 3: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} (ALOT Toolbar)
[01/27/2008, 15:44:40] - Finished Searching Browser Helper Objects
[01/27/2008, 15:44:40] - Finishing up...
[01/27/2008, 15:44:40] - Nothing found! Exiting...
[01/27/2008, 15:49:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Maxine Cook\Desktop\VirtumundoBeGone.exe" )
[01/27/2008, 15:49:54] - Detected System Information:
[01/27/2008, 15:49:54] - Windows Version: 5.1.2600, Service Pack 2
[01/27/2008, 15:49:54] - Current Username: Maxine Cook (Admin)
[01/27/2008, 15:49:54] - Windows is in SAFE mode with Networking.
[01/27/2008, 15:49:54] - Searching for Browser Helper Objects:
[01/27/2008, 15:49:54] - BHO 1: {0A87E45F-537A-40B4-B812-E2544C21A09F} ()
[01/27/2008, 15:49:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 15:49:54] - No filename found. Continuing.
[01/27/2008, 15:49:54] - BHO 2: {3464DC6B-5B16-4C66-8ABF-40C12A167BC2} ()
[01/27/2008, 15:49:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 15:49:54] - Checking for HKLM\...\Winlogon\Notify\mljgh
[01/27/2008, 15:49:54] - Key not found: HKLM\...\Winlogon\Notify\mljgh, continuing.
[01/27/2008, 15:49:54] - BHO 3: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} (ALOT Toolbar)
[01/27/2008, 15:49:54] - Finished Searching Browser Helper Objects
[01/27/2008, 15:49:54] - Finishing up...
[01/27/2008, 15:49:54] - Nothing found! Exiting...