Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:25 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Trend Micro\HijackThis\good program.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.x/24
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINNT\system32\tuvuttr.dll
O2 - BHO: (no name) - {3C8C899C-437C-3FDD-2974-39B67F38F2C2} - C:\WINNT\System32\jbkmsyep.dll (file missing)
O2 - BHO: (no name) - {3D7DE6B8-603E-40A1-BB8F-585584718B00} - C:\WINNT\System32\cbxur.dll (file missing)
O2 - BHO: (no name) - {4CF20C99-375F-4423-A6D0-DC702C5D6E96} - C:\WINNT\System32\vtutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CE228ECA-E9DE-4D4F-BFC6-06449D1862D1} - (no file)
O2 - BHO: (no name) - {DB570C0A-4881-4222-953F-FA1597452335} - C:\Program Files\Windows Media Player\hoqeri83122.dll (file missing)
O2 - BHO: (no name) - {E76CAA55-332F-41C6-B0CC-D03CF5078A03} - (no file)
O2 - BHO: (no name) - {EFB96FBB-095A-422B-968B-68DBACC2B0CE} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{AF-FF-FF-F8-ZN}] c:\winnt\system32\mndsregp.exe SKY009
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Heather\Desktop\vundofix.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Ewta] "C:\PROGRA~1\MCROSO~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Affntiog] "C:\Program Files\Common Files\??pPatch\w?crtupd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZCxdm238MGUS
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Yahoo! Literati -
http://download2.games.yahoo.com/games/ ... /tt5_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -
https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: cbxur - C:\WINNT\System32\cbxur.dll (file missing)
O20 - Winlogon Notify: tuvuttr - C:\WINNT\SYSTEM32\tuvuttr.dll
O20 - Winlogon Notify: vtutu - C:\WINNT\System32\vtutu.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxct_device - - C:\WINNT\System32\lxctcoms.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\prolyzuqo.html
--
End of file - 8598 bytes
VundoFix V6.5.7
Checking Java version...
Sun Java not detected
Scan started at 5:30:22 PM 8/20/2007
Listing files found while scanning....
C:\WINNT\System32\cbxur.dll
C:\WINNT\System32\friptskw.dll
C:\WINNT\System32\ruxbc.bak1
C:\WINNT\System32\ruxbc.bak2
C:\WINNT\System32\ruxbc.ini
C:\WINNT\System32\ruxbc.ini2
C:\WINNT\System32\ruxbc.tmp
C:\WINNT\system32\tuvuttr.dll
C:\WINNT\System32\vtutu.dll
C:\WINNT\System32\wkstpirf.ini
C:\WINNT\System32\xsjbuprx.dll
Beginning removal...
Attempting to delete C:\WINNT\System32\ruxbc.bak1
C:\WINNT\System32\ruxbc.bak1 Has been deleted!
Attempting to delete C:\WINNT\System32\ruxbc.bak2
C:\WINNT\System32\ruxbc.bak2 Has been deleted!
Attempting to delete C:\WINNT\System32\ruxbc.ini
C:\WINNT\System32\ruxbc.ini Has been deleted!
Attempting to delete C:\WINNT\System32\ruxbc.ini2
C:\WINNT\System32\ruxbc.ini2 Has been deleted!
Attempting to delete C:\WINNT\System32\ruxbc.tmp
C:\WINNT\System32\ruxbc.tmp Has been deleted!
Attempting to delete C:\WINNT\system32\tuvuttr.dll
C:\WINNT\system32\tuvuttr.dll Could not be deleted.
Attempting to delete C:\WINNT\System32\vtutu.dll
C:\WINNT\System32\vtutu.dll Could not be deleted.
Attempting to delete C:\WINNT\System32\wkstpirf.ini
C:\WINNT\System32\wkstpirf.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.7
Checking Java version...
Sun Java not detected
Scan started at 5:36:51 PM 8/20/2007
Listing files found while scanning....
C:\WINNT\System32\cbxur.dll
C:\WINNT\system32\tuvuttr.dll
C:\WINNT\System32\ututv.bak1
C:\WINNT\System32\ututv.bak2
C:\WINNT\System32\ututv.ini
C:\WINNT\System32\ututv.ini2
C:\WINNT\System32\ututv.tmp
C:\WINNT\System32\vtutu.dll
Beginning removal...
Attempting to delete C:\WINNT\system32\tuvuttr.dll
C:\WINNT\system32\tuvuttr.dll Could not be deleted.
Attempting to delete C:\WINNT\System32\ututv.bak1
C:\WINNT\System32\ututv.bak1 Has been deleted!
Attempting to delete C:\WINNT\System32\ututv.bak2
C:\WINNT\System32\ututv.bak2 Has been deleted!
Attempting to delete C:\WINNT\System32\ututv.ini
C:\WINNT\System32\ututv.ini Has been deleted!
Attempting to delete C:\WINNT\System32\ututv.ini2
C:\WINNT\System32\ututv.ini2 Has been deleted!
Attempting to delete C:\WINNT\System32\ututv.tmp
C:\WINNT\System32\ututv.tmp Has been deleted!
Attempting to delete C:\WINNT\System32\vtutu.dll
C:\WINNT\System32\vtutu.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...