Logfile of HijackThis v1.99.1 Scan saved at 09:52:28, on 2005-06-13 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program\hjt\HijackThis.exe c:\xxxxx.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\inet20057\winlogon.exe C:\WINDOWS\mm.exe C:\WINDOWS\System32\intronsad.exe C:\WINDOWS\winsocks5.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\sssdfgbsdfghbnj.exe C:\DOCUME~1\Roger\LOKALA~1\Temp\i8.tmp C:\DOCUME~1\Roger\LOKALA~1\Temp\SskUpdater3.exe C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe c:\windows\system32\ngirgk.exe C:\DOCUME~1\Roger\LOKALA~1\Temp\180sainstaller.exe C:\WINDOWS\System32\dwwin.exe C:\Program\180searchassistant\sac.exe C:\Program\BullsEye Network\bin\bargains.exe C:\WINDOWS\System32\msxct.exe C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe C:\WINDOWS\System32\s2hcq4m0.exe C:\WINDOWS\System32\l5fhmk2h.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F3 - REG:win.ini: run=C:\WINDOWS\inet20057\winlogon.exe O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20057\3.00.05.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O2 - BHO: (no name) - {F50052C8-0040-07D8-D900-6CC69803230A} - C:\Program\UPD\lnkdfvtlwi.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn64.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [ysypuuf] c:\windows\system32\ngirgk.exe r O4 - HKLM\..\Run: [BullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [msxct] msxct.exe O4 - HKLM\..\Run: [sac] c:\program\180searchassistant\sac.exe O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" O4 - HKLM\..\Run: [s2hcq4m0] C:\WINDOWS\System32\s2hcq4m0.exe O4 - HKLM\..\Run: [PSGuard] C:\Program\PSGuard\PSGuard.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\winlogon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe