Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:26:44, on 03.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\USB Disk Win98 Driver\Res.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\\ \HijackThis.exe
D:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre1.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,,SKEYS /I
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Turnabout Helper - {87FF76F0-BCA9-40DC-B1E5-254062EEE8F4} - D:\Program Files\Reify Software\Turnabout\turnabout.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Reify Toolbar - {B99F805C-F0B1-48EA-8C8B-753BFCBED912} - D:\Program Files\Reify Software\Turnabout\turnabout.dll
O3 - Toolbar: VKontakte Bar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - D:\Program Files\VKontakte IE Toolbar\VKontakte.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [MAgent] D:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [USB Storage Toolbox] D:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampToQIP] "D:\Documents and Settings\\ \454\WinampToQIPSA.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [is-HQI9A] "D:\Documents and Settings\All Users\ \Kaspersky Lab Tool\is-HQI9A\is-HQI9A.exe"
O4 - HKLM\..\Run: [is-LG2BB] "D:\Documents and Settings\All Users\ \Kaspersky Lab Tool\is-LG2BB\is-LG2BB.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [QIP2005] D:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Download Master] D:\Program Files\Download Master\dmaster.exe -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &  Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item:   Easy-WebPrint - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item:      Easy-WebPrint - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item:     - res://D:\Program Files\Rambler Assistant\ramblertoolbarU0.dll/search.htm
O8 - Extra context menu item:    - res://D:\Program Files\Rambler Assistant\ramblertoolbarU0.dll/planet.htm
O8 - Extra context menu item:      - res://D:\Program Files\Rambler Assistant\ramblertoolbarU0.dll/dic.htm
O8 - Extra context menu item:  Easy-WebPrint - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item:   Easy-WebPrint - res://D:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - D:\Program Files\Reify Software\Turnabout\turnabout.dll
O9 - Extra 'Tools' menuitem: &Turnabout Options... - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - D:\Program Files\Reify Software\Turnabout\turnabout.dll
O9 - Extra button: C - - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Mail.Ru  - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe (file missing)
O9 - Extra 'Tools' menuitem: Mail.Ru  - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - D:\Program Files\Mail.Ru\Agent\magent.exe (file missing)
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: data - {038664DA-5BA5-47FC-88D9-15ADE940ED55} - D:\Program Files\Reify Software\Turnabout\turnabout.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service:   (Eventlog) -   - D:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - D:\WINDOWS\system32\imapi.exe
O23 - Service: is-HQI9A - Kaspersky Lab - D:\Documents and Settings\All Users\ \Kaspersky Lab Tool\is-HQI9A\is-HQI9A.exe
O23 - Service: is-LG2BB - Kaspersky Lab - D:\Documents and Settings\All Users\ \Kaspersky Lab Tool\is-LG2BB\is-LG2BB.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) -   - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) -   - D:\WINDOWS\system32\services.exe
O23 - Service:        (RDSessMgr) -   - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: - (SCardSvr) -   - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service:     (SysmonLog) -   - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
O23 - Service:    (VSS) -   - D:\WINDOWS\System32\vssvc.exe
O23 - Service:   WMI (WmiApSrv) -   - D:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://cs30.vkontakte.ru/u360879/a_5cde739.jpg

--
End of file - 13338 bytes
