Logfile of HijackThis v1.99.1
Scan saved at 9:19:49 AM, on 05/31/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\UW6C0.EXE
C:\Program Files\Timbuktu Pro\tb2logon.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINNT\system\hrnw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\OFFICE2K\PFiles\MSOffice\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://iqexpress.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://iqexpress.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ACS Desktop Solutions, Inc.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.180.173.39 www.google.ae www.google.am www.google.as www.google.at www.google.az www.google.be www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu www.google.co.il www.google.co.in www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec www.google.com.fj www.google.com.gi www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn www.google.de www.google.dj www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr www.google.gg www.google.gl www.google.gm www.google.hn www.google.ie www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.mn www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu www.google.mw www.google.nl www.google.no www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt www.google.ro www.google.ru www.google.rw www.google.se www.google.sh www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm www.google.td www.google.tm www.google.tt www.google.uz www.google.vg google.ae
O1 - Hosts: 66.180.173.39 google.am google.as google.at google.az google.be google.bi google.ca
O1 - Hosts: 66.180.173.39 google.cd google.cg google.ch google.ci google.cl google.co.cr google.co.hu
O1 - Hosts: 66.180.173.39 google.co.il google.co.in google.co.je google.co.jp google.co.ke google.co.kr google.co.ls
O1 - Hosts: 66.180.173.39 google.co.nz google.co.th google.co.ug google.co.uk google.co.ve google.com google.com.ag
O1 - Hosts: 66.180.173.39 google.com.ar google.com.au google.com.br google.com.co google.com.cu google.com.do google.com.ec
O1 - Hosts: 66.180.173.39 google.com.fj google.com.gi google.com.gr google.com.gt google.com.hk google.com.ly google.com.mt
O1 - Hosts: 66.180.173.39 google.com.mx google.com.my google.com.na google.com.nf google.com.ni google.com.np google.com.pa
O1 - Hosts: 66.180.173.39 google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.sa google.com.sg
O1 - Hosts: 66.180.173.39 google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn
O1 - Hosts: 66.180.173.39 google.de google.dj google.dk google.es google.fi google.fm google.fr
O1 - Hosts: 66.180.173.39 google.gg google.gl google.gm google.hn google.ie google.it google.kz
O1 - Hosts: 66.180.173.39 google.li google.lt google.lu google.lv google.mn google.ms google.mu
O1 - Hosts: 66.180.173.39 google.mw google.nl google.no google.off.ai google.pl google.pn google.pt
O1 - Hosts: 66.180.173.39 google.ro google.ru google.rw google.se google.sh google.sk google.sm
O1 - Hosts: 66.180.173.39 google.td google.tm google.tt google.uz google.vg search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 66.180.173.39 br.search.yahoo.com ca.search.yahoo.com cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 66.180.173.39 fr.search.yahoo.com de.search.yahoo.com it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at search.sympatico.msn.ca
O1 - Hosts: 66.180.173.39 search.msn.co.za search.ninemsn.com.au search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 66.180.173.39 search.msn.fr search.msn.de search.msn.it search.msn.nl search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 66.180.173.39 search.msn.se search.msn.ch search.msn.co.in search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 66.180.173.39 beta.search.sympatico.msn.ca beta.search.msn.co.za beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 66.180.173.39 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 66.180.173.39 beta.search.msn.se beta.search.msn.ch beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com alexa.com
O1 - Hosts: 66.180.173.39 www.google.ae www.google.am www.google.as www.google.at www.google.az www.google.be www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu www.google.co.il www.google.co.in www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec www.google.com.fj www.google.com.gi www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn www.google.de www.google.dj www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr www.google.gg www.google.gl www.google.gm www.google.hn www.google.ie www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.mn www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu www.google.mw www.google.nl www.google.no www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt www.google.ro www.google.ru www.google.rw www.google.se www.google.sh www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm www.google.td www.google.tm www.google.tt www.google.uz www.google.vg google.ae
O1 - Hosts: 66.180.173.39 google.am google.as google.at google.az google.be google.bi google.ca
O1 - Hosts: 66.180.173.39 google.cd google.cg google.ch google.ci google.cl google.co.cr google.co.hu
O1 - Hosts: 66.180.173.39 google.co.il google.co.in google.co.je google.co.jp google.co.ke google.co.kr google.co.ls
O1 - Hosts: 66.180.173.39 google.co.nz google.co.th google.co.ug google.co.uk google.co.ve google.com google.com.ag
O1 - Hosts: 66.180.173.39 google.com.ar google.com.au google.com.br google.com.co google.com.cu google.com.do google.com.ec
O1 - Hosts: 66.180.173.39 google.com.fj google.com.gi google.com.gr google.com.gt google.com.hk google.com.ly google.com.mt
O1 - Hosts: 66.180.173.39 google.com.mx google.com.my google.com.na google.com.nf google.com.ni google.com.np google.com.pa
O1 - Hosts: 66.180.173.39 google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.sa google.com.sg
O1 - Hosts: 66.180.173.39 google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn
O1 - Hosts: 66.180.173.39 google.de google.dj google.dk google.es google.fi google.fm google.fr
O1 - Hosts: 66.180.173.39 google.gg google.gl google.gm google.hn google.ie google.it google.kz
O1 - Hosts: 66.180.173.39 google.li google.lt google.lu google.lv google.mn google.ms google.mu
O1 - Hosts: 66.180.173.39 google.mw google.nl google.no google.off.ai google.pl google.pn google.pt
O1 - Hosts: 66.180.173.39 google.ro google.ru google.rw google.se google.sh google.sk google.sm
O1 - Hosts: 66.180.173.39 google.td google.tm google.tt google.uz google.vg search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 66.180.173.39 br.search.yahoo.com ca.search.yahoo.com cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 66.180.173.39 fr.search.yahoo.com de.search.yahoo.com it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at search.sympatico.msn.ca
O1 - Hosts: 66.180.173.39 search.msn.co.za search.ninemsn.com.au search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 66.180.173.39 search.msn.fr search.msn.de search.msn.it search.msn.nl search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 66.180.173.39 search.msn.se search.msn.ch search.msn.co.in search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 66.180.173.39 beta.search.sympatico.msn.ca beta.search.msn.co.za beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 66.180.173.39 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 66.180.173.39 beta.search.msn.se beta.search.msn.ch beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com alexa.com
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINNT\system32\rsyncmon.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINNT\system32\nsf26C2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\tb2logon.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RSync] C:\WINNT\system32\netsync.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: ACS Custom Settings.LNK = C:\BUILD\SETTINGS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\System32\shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://iqexpress.com
O15 - Trusted Zone:
http://*.iqexpress.comO15 - Trusted Zone:
http://*.iqexpress.com (HKLM)
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 -
http://64.79.164.25:...va/cfs40320.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{712D5ED8-2F92-40F7-9CE2-55B827D4F2CD}: Domain = house.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{712D5ED8-2F92-40F7-9CE2-55B827D4F2CD}: NameServer = 137.18.128.33,143.231.249.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = house.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = house.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = house.gov
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe