This topic is locked
Scan saved at 2:53:34 PM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\pmaf\ygdk.exe
C:\WINDOWS\System32\xeobovj\xplwf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\dercw\htrknen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\secure.exe
C:\WINDOWS\system32\qkvxv\yodisaue.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\wnyqfp\gpjayfnn.exe
C:\WINDOWS\system32\luxbc\scag.exe
C:\Program Files\bpc_search\bpcv2.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\vvfa\axlrupw.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\system32\wdires.exe
C:\WINDOWS\system32\wnmpd\odlyhn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\Will\My Documents\help\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: (no name) - {22024006-2428-6626-8802-062880024864} - C:\WINDOWS\kkogkkk.dll
O2 - BHO: (no name) - {52EE5410-2174-D34A-D618-0894ADEBE062} - C:\WINDOWS\system32\cageqjvc\pnaxfont.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5653DD5E-6D83-C7E9-D99A-8D68A17F8932} - C:\WINDOWS\system32\elosgmgv\cwqendmd.dll
O2 - BHO: (no name) - {741506CD-AF20-9EDC-E1EB-09AD84D397EA} - C:\WINDOWS\system32\lipcqakw\nokoblkf.dll
O2 - BHO: (no name) - {8BAD09E0-C22C-98F1-785B-9D5B232C679D} - C:\WINDOWS\system32\jsq.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsrA5.dll
O2 - BHO: (no name) - {A374AA33-642B-4FC0-5FAA-71D36BCD4F62} - C:\WINDOWS\system32\jxclpgbx\cbbllkvt.dll
O2 - BHO: (no name) - {E0B8E6FB-675A-3682-7FFC-60BDC4508BC9} - C:\WINDOWS\system32\xbboficq\autqpdkr.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [jwqlsxhr] C:\WINDOWS\System32\cusp\jwqlsxhr.exe
O4 - HKLM\..\Run: [sgkh] C:\WINDOWS\System32\elxv\sgkh.exe
O4 - HKLM\..\Run: [evqxlfe] C:\WINDOWS\System32\qargng\evqxlfe.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Mary\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [doftllrl] C:\WINDOWS\System32\hcqanadi\doftllrl.exe
O4 - HKLM\..\Run: [xqmf] C:\WINDOWS\System32\vxbhbxs\xqmf.exe
O4 - HKLM\..\Run: [sxmjhkj] C:\WINDOWS\System32\oeghwxhx\sxmjhkj.exe
O4 - HKLM\..\Run: [fjoy] C:\WINDOWS\System32\qtapux\fjoy.exe
O4 - HKLM\..\Run: [rpwv] C:\WINDOWS\System32\gikbix\rpwv.exe
O4 - HKLM\..\Run: [jgeyuqlk] C:\WINDOWS\System32\ykxwdru\jgeyuqlk.exe
O4 - HKLM\..\Run: [uabfsatf] C:\WINDOWS\System32\txwdc\uabfsatf.exe
O4 - HKLM\..\Run: [xwfnqaym] C:\WINDOWS\System32\cbijv\xwfnqaym.exe
O4 - HKLM\..\Run: [olblscc] C:\WINDOWS\System32\ttukgw\olblscc.exe
O4 - HKLM\..\Run: [wpbkym] C:\WINDOWS\System32\nxjin\wpbkym.exe
O4 - HKLM\..\Run: [xplwf] C:\WINDOWS\System32\xeobovj\xplwf.exe
O4 - HKLM\..\Run: [sgcm] C:\WINDOWS\System32\dvssg\sgcm.exe
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [wbatktc] C:\WINDOWS\System32\xxomewy\wbatktc.exe
O4 - HKLM\..\Run: [qgktst] C:\WINDOWS\System32\uhfy\qgktst.exe
O4 - HKLM\..\Run: [vpsxauih] C:\WINDOWS\System32\ewdjf\vpsxauih.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [jithjhji] C:\WINDOWS\System32\swjiuh\jithjhji.exe
O4 - HKLM\..\Run: [vfhh] C:\WINDOWS\System32\jehg\vfhh.exe
O4 - HKLM\..\Run: [bwnt] C:\WINDOWS\system32\iuvwlfon\bwnt.exe
O4 - HKLM\..\Run: [adqpjjs] C:\WINDOWS\system32\cjhrxjjm\adqpjjs.exe
O4 - HKLM\..\Run: [jgesiqd] C:\WINDOWS\system32\mthaglth\jgesiqd.exe
O4 - HKLM\..\Run: [cieyho] C:\WINDOWS\system32\rcbjypj\cieyho.exe
O4 - HKLM\..\Run: [fnwmvi] C:\WINDOWS\system32\csiyapk\fnwmvi.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [yxqrbtgs] C:\WINDOWS\system32\oqcdhgq\yxqrbtgs.exe
O4 - HKLM\..\Run: [sgaj] C:\WINDOWS\system32\hrvatqy\sgaj.exe
O4 - HKLM\..\Run: [kehg] C:\WINDOWS\system32\mcoyps\kehg.exe
O4 - HKLM\..\Run: [ouqgivev] C:\WINDOWS\system32\vdxnht\ouqgivev.exe
O4 - HKLM\..\Run: [nlhmw] C:\WINDOWS\system32\wpua\nlhmw.exe
O4 - HKLM\..\Run: [xsuesle] C:\WINDOWS\system32\wcqk\xsuesle.exe
O4 - HKLM\..\Run: [axhmv] C:\WINDOWS\system32\wohms\axhmv.exe
O4 - HKLM\..\Run: [mjefevc] C:\WINDOWS\system32\itenbsw\mjefevc.exe
O4 - HKLM\..\Run: [yodisaue] C:\WINDOWS\system32\qkvxv\yodisaue.exe
O4 - HKLM\..\Run: [yiua] C:\WINDOWS\system32\lcnqkona\yiua.exe
O4 - HKLM\..\Run: [odlyhn] C:\WINDOWS\system32\wnmpd\odlyhn.exe
O4 - HKLM\..\Run: [ygdk] C:\WINDOWS\system32\pmaf\ygdk.exe
O4 - HKLM\..\Run: [htrknen] C:\WINDOWS\system32\dercw\htrknen.exe
O4 - HKLM\..\Run: [aktgfsf] C:\WINDOWS\system32\nhnrqu\aktgfsf.exe
O4 - HKLM\..\Run: [uctbyfb] C:\WINDOWS\system32\daotfx\uctbyfb.exe
O4 - HKLM\..\Run: [sxso] C:\WINDOWS\system32\kstmi\sxso.exe
O4 - HKLM\..\Run: [vvqld] C:\WINDOWS\system32\mxgtpmn\vvqld.exe
O4 - HKLM\..\Run: [hfgjkx] C:\WINDOWS\system32\glytdgoe\hfgjkx.exe
O4 - HKLM\..\Run: [wcxwcc] C:\WINDOWS\system32\sllomyf\wcxwcc.exe
O4 - HKLM\..\Run: [ewhx] C:\WINDOWS\system32\qsolkoax\ewhx.exe
O4 - HKLM\..\Run: [ixxhqqjs] C:\WINDOWS\system32\tslrqpem\ixxhqqjs.exe
O4 - HKLM\..\Run: [kbkw] C:\WINDOWS\system32\giooj\kbkw.exe
O4 - HKLM\..\Run: [gfwicohm] C:\WINDOWS\system32\lqdueqor\gfwicohm.exe
O4 - HKLM\..\Run: [sdabyinn] C:\WINDOWS\system32\fukuxfs\sdabyinn.exe
O4 - HKLM\..\Run: [xdtd] C:\WINDOWS\system32\feaehge\xdtd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\dealhelper.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Mary\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\wyyge.exe] C:\WINDOWS\wyyge.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
O4 - HKLM\..\Run: [ccnbk] C:\WINDOWS\system32\hcgsk\ccnbk.exe
O4 - HKLM\..\Run: [cnyom] C:\WINDOWS\system32\msxgew\cnyom.exe
O4 - HKLM\..\Run: [wjbhak] C:\WINDOWS\system32\dmkux\wjbhak.exe
O4 - HKLM\..\Run: [gpjayfnn] C:\WINDOWS\system32\wnyqfp\gpjayfnn.exe
O4 - HKLM\..\Run: [axlrupw] C:\WINDOWS\system32\vvfa\axlrupw.exe
O4 - HKLM\..\Run: [vxkh] C:\WINDOWS\system32\pnafm\vxkh.exe
O4 - HKLM\..\Run: [hvexhvv] C:\WINDOWS\system32\gcho\hvexhvv.exe
O4 - HKLM\..\Run: [scag] C:\WINDOWS\system32\luxbc\scag.exe
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKLM\..\Run: [jjexwv] C:\WINDOWS\system32\rmwrebq\jjexwv.exe
O4 - HKLM\..\Run: [ohwxfr] C:\WINDOWS\system32\cdfssu\ohwxfr.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [osnS37g] wdires.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewhxqsolkoax - Unknown - C:\WINDOWS\system32\qsolkoax\ewhx.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: odlyhnwnmpd - Unknown - C:\WINDOWS\system32\wnmpd\odlyhn.exe
O23 - Service: ohwxfrcdfssu - Unknown - C:\WINDOWS\system32\cdfssu\ohwxfr.exe
O23 - Service: Softex OmniPass Service - Unknown - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: sdabyinnfukuxfs - Unknown - C:\WINDOWS\system32\fukuxfs\sdabyinn.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sxsokstmi - Unknown - C:\WINDOWS\system32\kstmi\sxso.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wcxwccsllomyf - Unknown - C:\WINDOWS\system32\sllomyf\wcxwcc.exe
O23 - Service: wpbkymnxjin - Unknown - C:\WINDOWS\System32\nxjin\wpbkym.exe
Sign In
Create Account
