Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Hijack this log(tv media and mysearc)

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.0
Scan saved at 2:53:34 PM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\bpc_search\bpcv2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\Will\My Documents\help\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: (no name) - {22024006-2428-6626-8802-062880024864} - C:\WINDOWS\kkogkkk.dll
O2 - BHO: (no name) - {52EE5410-2174-D34A-D618-0894ADEBE062} - C:\WINDOWS\system32\cageqjvc\pnaxfont.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5653DD5E-6D83-C7E9-D99A-8D68A17F8932} - C:\WINDOWS\system32\elosgmgv\cwqendmd.dll
O2 - BHO: (no name) - {741506CD-AF20-9EDC-E1EB-09AD84D397EA} - C:\WINDOWS\system32\lipcqakw\nokoblkf.dll
O2 - BHO: (no name) - {8BAD09E0-C22C-98F1-785B-9D5B232C679D} - C:\WINDOWS\system32\jsq.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsrA5.dll
O2 - BHO: (no name) - {A374AA33-642B-4FC0-5FAA-71D36BCD4F62} - C:\WINDOWS\system32\jxclpgbx\cbbllkvt.dll
O2 - BHO: (no name) - {E0B8E6FB-675A-3682-7FFC-60BDC4508BC9} - C:\WINDOWS\system32\xbboficq\autqpdkr.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [jwqlsxhr] C:\WINDOWS\System32\cusp\jwqlsxhr.exe
O4 - HKLM\..\Run: [sgkh] C:\WINDOWS\System32\elxv\sgkh.exe
O4 - HKLM\..\Run: [evqxlfe] C:\WINDOWS\System32\qargng\evqxlfe.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Mary\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [doftllrl] C:\WINDOWS\System32\hcqanadi\doftllrl.exe
O4 - HKLM\..\Run: [xqmf] C:\WINDOWS\System32\vxbhbxs\xqmf.exe
O4 - HKLM\..\Run: [sxmjhkj] C:\WINDOWS\System32\oeghwxhx\sxmjhkj.exe
O4 - HKLM\..\Run: [fjoy] C:\WINDOWS\System32\qtapux\fjoy.exe
O4 - HKLM\..\Run: [rpwv] C:\WINDOWS\System32\gikbix\rpwv.exe
O4 - HKLM\..\Run: [jgeyuqlk] C:\WINDOWS\System32\ykxwdru\jgeyuqlk.exe
O4 - HKLM\..\Run: [uabfsatf] C:\WINDOWS\System32\txwdc\uabfsatf.exe
O4 - HKLM\..\Run: [xwfnqaym] C:\WINDOWS\System32\cbijv\xwfnqaym.exe
O4 - HKLM\..\Run: [olblscc] C:\WINDOWS\System32\ttukgw\olblscc.exe
O4 - HKLM\..\Run: [wpbkym] C:\WINDOWS\System32\nxjin\wpbkym.exe
O4 - HKLM\..\Run: [xplwf] C:\WINDOWS\System32\xeobovj\xplwf.exe
O4 - HKLM\..\Run: [sgcm] C:\WINDOWS\System32\dvssg\sgcm.exe
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [wbatktc] C:\WINDOWS\System32\xxomewy\wbatktc.exe
O4 - HKLM\..\Run: [qgktst] C:\WINDOWS\System32\uhfy\qgktst.exe
O4 - HKLM\..\Run: [vpsxauih] C:\WINDOWS\System32\ewdjf\vpsxauih.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [jithjhji] C:\WINDOWS\System32\swjiuh\jithjhji.exe
O4 - HKLM\..\Run: [vfhh] C:\WINDOWS\System32\jehg\vfhh.exe
O4 - HKLM\..\Run: [bwnt] C:\WINDOWS\system32\iuvwlfon\bwnt.exe
O4 - HKLM\..\Run: [adqpjjs] C:\WINDOWS\system32\cjhrxjjm\adqpjjs.exe
O4 - HKLM\..\Run: [jgesiqd] C:\WINDOWS\system32\mthaglth\jgesiqd.exe
O4 - HKLM\..\Run: [cieyho] C:\WINDOWS\system32\rcbjypj\cieyho.exe
O4 - HKLM\..\Run: [fnwmvi] C:\WINDOWS\system32\csiyapk\fnwmvi.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [yxqrbtgs] C:\WINDOWS\system32\oqcdhgq\yxqrbtgs.exe
O4 - HKLM\..\Run: [sgaj] C:\WINDOWS\system32\hrvatqy\sgaj.exe
O4 - HKLM\..\Run: [kehg] C:\WINDOWS\system32\mcoyps\kehg.exe
O4 - HKLM\..\Run: [ouqgivev] C:\WINDOWS\system32\vdxnht\ouqgivev.exe
O4 - HKLM\..\Run: [nlhmw] C:\WINDOWS\system32\wpua\nlhmw.exe
O4 - HKLM\..\Run: [xsuesle] C:\WINDOWS\system32\wcqk\xsuesle.exe
O4 - HKLM\..\Run: [axhmv] C:\WINDOWS\system32\wohms\axhmv.exe
O4 - HKLM\..\Run: [mjefevc] C:\WINDOWS\system32\itenbsw\mjefevc.exe
O4 - HKLM\..\Run: [yodisaue] C:\WINDOWS\system32\qkvxv\yodisaue.exe
O4 - HKLM\..\Run: [yiua] C:\WINDOWS\system32\lcnqkona\yiua.exe
O4 - HKLM\..\Run: [odlyhn] C:\WINDOWS\system32\wnmpd\odlyhn.exe
O4 - HKLM\..\Run: [ygdk] C:\WINDOWS\system32\pmaf\ygdk.exe
O4 - HKLM\..\Run: [htrknen] C:\WINDOWS\system32\dercw\htrknen.exe
O4 - HKLM\..\Run: [aktgfsf] C:\WINDOWS\system32\nhnrqu\aktgfsf.exe
O4 - HKLM\..\Run: [uctbyfb] C:\WINDOWS\system32\daotfx\uctbyfb.exe
O4 - HKLM\..\Run: [sxso] C:\WINDOWS\system32\kstmi\sxso.exe
O4 - HKLM\..\Run: [vvqld] C:\WINDOWS\system32\mxgtpmn\vvqld.exe
O4 - HKLM\..\Run: [hfgjkx] C:\WINDOWS\system32\glytdgoe\hfgjkx.exe
O4 - HKLM\..\Run: [wcxwcc] C:\WINDOWS\system32\sllomyf\wcxwcc.exe
O4 - HKLM\..\Run: [ewhx] C:\WINDOWS\system32\qsolkoax\ewhx.exe
O4 - HKLM\..\Run: [ixxhqqjs] C:\WINDOWS\system32\tslrqpem\ixxhqqjs.exe
O4 - HKLM\..\Run: [kbkw] C:\WINDOWS\system32\giooj\kbkw.exe
O4 - HKLM\..\Run: [gfwicohm] C:\WINDOWS\system32\lqdueqor\gfwicohm.exe
O4 - HKLM\..\Run: [sdabyinn] C:\WINDOWS\system32\fukuxfs\sdabyinn.exe
O4 - HKLM\..\Run: [xdtd] C:\WINDOWS\system32\feaehge\xdtd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\dealhelper.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Mary\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\wyyge.exe] C:\WINDOWS\wyyge.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
O4 - HKLM\..\Run: [ccnbk] C:\WINDOWS\system32\hcgsk\ccnbk.exe
O4 - HKLM\..\Run: [cnyom] C:\WINDOWS\system32\msxgew\cnyom.exe
O4 - HKLM\..\Run: [wjbhak] C:\WINDOWS\system32\dmkux\wjbhak.exe
O4 - HKLM\..\Run: [gpjayfnn] C:\WINDOWS\system32\wnyqfp\gpjayfnn.exe
O4 - HKLM\..\Run: [axlrupw] C:\WINDOWS\system32\vvfa\axlrupw.exe
O4 - HKLM\..\Run: [vxkh] C:\WINDOWS\system32\pnafm\vxkh.exe
O4 - HKLM\..\Run: [hvexhvv] C:\WINDOWS\system32\gcho\hvexhvv.exe
O4 - HKLM\..\Run: [scag] C:\WINDOWS\system32\luxbc\scag.exe
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKLM\..\Run: [jjexwv] C:\WINDOWS\system32\rmwrebq\jjexwv.exe
O4 - HKLM\..\Run: [ohwxfr] C:\WINDOWS\system32\cdfssu\ohwxfr.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [osnS37g] wdires.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewhxqsolkoax - Unknown - C:\WINDOWS\system32\qsolkoax\ewhx.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odlyhnwnmpd - Unknown - C:\WINDOWS\system32\wnmpd\odlyhn.exe
O23 - Service: ohwxfrcdfssu - Unknown - C:\WINDOWS\system32\cdfssu\ohwxfr.exe
O23 - Service: Softex OmniPass Service - Unknown - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: sdabyinnfukuxfs - Unknown - C:\WINDOWS\system32\fukuxfs\sdabyinn.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sxsokstmi - Unknown - C:\WINDOWS\system32\kstmi\sxso.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wcxwccsllomyf - Unknown - C:\WINDOWS\system32\sllomyf\wcxwcc.exe
O23 - Service: wpbkymnxjin - Unknown - C:\WINDOWS\System32\nxjin\wpbkym.exe
  • 0




    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello and welcome to GTG

Please accept my apologies for the late reply.

If you’re still looking to resolve this issue, please run through the steps outlined in this Topic

If that doesn’t cure your problem, please post back a fresh HijackThis log when done. Also please note that you are using an out of daye version of HJT. Please upgrade it.

If, however, you have resolved this issue please let us know.

Thank you for your co-operation and once again apologies for the late reply.

As there has been no reply from the original poster this topic is now closed,
Should you have any further problems please create a new Topic,

Thanks "

Edited by Crustyoldbloke, 19 May 2005 - 03:19 AM.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP