Logfile of HijackThis v1.99.1
Scan saved at 5:11:27 AM, on 6/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wkssvc.exe
C:\WINDOWS\System32\msconfig32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\woekd.exe
C:\windows\temp\1.exe
C:\windows\system32\ASCap.exe
C:\windows\system32\CO.exe
C:\WINDOWS\syshost.exe
C:\WINDOWS\System32\KYSVCXD.EXE
C:\WINDOWS\seeve.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\msxct.exe
C:\WINDOWS\piqubt.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\program files\180searchassistant\salm.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\WINDOWS\System32\paqclip.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\ntsubsys.exe
C:\WINDOWS\sys32.exe
C:\WINDOWS\system32\ASCap.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Acp2M.exe
C:\Documents and Settings\Dan\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\DbnG4aEV.exe
C:\WINDOWS\System32\DbnG4aEV.exe
C:\WINDOWS\System32\OjqM9Y44.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O1 - Hosts: 83.102.165.14 bankofamerica.com
O1 - Hosts: 83.102.165.14 www.bankofamerica.com
O1 - Hosts: 65.109.102.103 wellsfargo.com
O1 - Hosts: 65.109.102.103 www.wellsfargo.com
O1 - Hosts: 83.102.207.5 paypal.com
O1 - Hosts: 83.102.207.5 www.paypal.com
O1 - Hosts: 83.102.207.7 www.lloydstsb.com
O1 - Hosts: 83.102.207.7 lloydstsb.com
O1 - Hosts: 83.102.207.7 www.lloydstsb.co.uk
O1 - Hosts: 83.102.207.7 lloydstsb.co.uk
O1 - Hosts: 83.102.207.10 www.bankone.com
O1 - Hosts: 83.102.207.10 bankone.com
O1 - Hosts: 83.102.207.10 hsbc.com
O1 - Hosts: 83.102.207.10 www.hsbc.com
O1 - Hosts: 83.102.207.10 hsbc.co.uk
O1 - Hosts: 83.102.207.10 www.hsbc.co.uk
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Lsass] C:\woekd.exe
O4 - HKLM\..\Run: [1] C:\windows\temp\1.exe
O4 - HKLM\..\Run: [ASCap.exe] c:\windows\system32\ASCap.exe
O4 - HKLM\..\Run: [CO] C:\windows\system32\CO.exe
O4 - HKLM\..\Run: [3M9QHH239@Z3FH] C:\WINDOWS\System32\Acp2M.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [syshost] C:\WINDOWS\syshost.exe
O4 - HKLM\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteukr32.exe
O4 - HKLM\..\Run: [vZjfrfaGh] C:\WINDOWS\piqubt.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [vÆõÚ)–²%)ßfÏNb½¾õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\piqubt.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\System32\ntsubsys.exe
O4 - HKLM\..\Run: [AutoLoader2F0J1PMRXYaa] "C:\WINDOWS\System32\pertmgr.exe"
O4 - HKLM\..\Run: [2srf35R] pertmgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qfgv] C:\WINDOWS\qfgv.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JB0pRRd9g] paqclip.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homes...ive/HS_live.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC68077E-F628-4138-A37E-5C837B04E4C5}: NameServer = 64.136.28.120 64.136.20.120
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\msconfig32.exe