Logfile of HijackThis v1.99.1
Scan saved at 11:13:59 AM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\windows\System32\smss.exe
C:\windows\System32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ovqyjb\Ojuad.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\System32\exp.exe
C:\windows\System32\wintask.exe
C:\windows\System32\msosspc.exe
C:\windows\System32\ukuvzr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\wanmpsvc.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\windows\system\wcktix.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\System32\mountutl.exe
C:\windows\System32\kbdcr.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
c:\windows\system32\iotmbcy.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jocelyn\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxifiles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\windows\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\windows\systb.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\windows\System32\hiiiygt.dll
O2 - BHO: SDWin32 Class - {AFAD0764-A968-447C-A562-F8D0416B6F65} - C:\windows\System32\otidr.dll
O2 - BHO: XBTB07618 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\MAXIFI~1\MAXIFI~1.DLL (file missing)
O2 - BHO: SDWin32 Class - {BC52882F-A210-4539-A736-2B9A2BC89D0B} - C:\windows\System32\xzcic.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\windows\system32\n.dll
O3 - Toolbar: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadGolfCourses] C:\Program Files\Mini-Golf\LoadGolfCourses.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zydwiutm] C:\Program Files\Ovqyjb\Ojuad.exe
O4 - HKLM\..\Run: [bO²ùõö/‚E%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\windows\docpd.exe
O4 - HKLM\..\Run: [PS1] C:\windows\System32\ps1.exe
O4 - HKLM\..\Run: [C:\windows\VCMnet11.exe] C:\windows\VCMnet11.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteuhb32.exe
O4 - HKLM\..\Run: [exp.exe] C:\windows\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\windows\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\windows\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AutoLoader5svH1JJTPbXL] "C:\windows\System32\driawex.exe"
O4 - HKLM\..\Run: [5F4h37U] msosspc.exe
O4 - HKLM\..\Run: [KavSvc] C:\windows\System32\ukuvzr.exe reg_run
O4 - HKLM\..\Run: [otidrc] C:\windows\System32\otidrc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\windows\wupdt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\windows\wupdt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [tozzghp] c:\windows\system32\iotmbcy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KovnRXY7U] mountutl.exe
O4 - HKCU\..\Run: [kbdcr] C:\windows\System32\kbdcr.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: hkigeat - Unknown owner - C:\windows\system32\hkigeat.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\windows\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\windows\wanmpsvc.exe