Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:04 AM, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\AshEvtSvc.exe
E:\Program Files\AskBarDis\bar\bin\AskService.exe
E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\dhcp\svchost.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\sopidkc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\drivers\svchost.exe
E:\WINDOWS\system32\tpszxyd.sys
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\TEMP\BNE4.tmp
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\TEMP\BNE5.tmp
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\dncyool64.sys
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://put.ghura.pl/Extreme/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\drivers\svchost.exe
O2 - BHO: MS extension - {d3e70f65-9d73-47ee-9e5f-2d7d1023d570} - ibmserv32.dll (file missing)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\.DEFAULT\..\Run: [ttool] E:\WINDOWS\9129837.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] E:\WINDOWS\TEMP\mxsig6a.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs] E:\WINDOWS\TEMP\mxsig6a.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] E:\WINDOWS\TEMP\1315704812.exe (User 'Default user')
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://download.windowsupdate.comO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Unknown owner - E:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: ASKService - Unknown owner - E:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - E:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: crd - Unknown owner - E:\DOCUME~1\METROI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - E:\WINDOWS\dhcp\svchost.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ce01fac1c7a4) (gupdate1c9ce01fac1c7a4) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Removable Storage NtmsSvcDhcpSrv (NtmsSvcDhcpSrv) - Unknown owner - E:\WINDOWS\system32\A2.tmp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - E:\WINDOWS\system32\sopidkc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\
--
End of file - 6365 bytes