Logfile of HijackThis v1.99.1
Scan saved at 4:54:49 PM, on 7/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\vmpgqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\DOCUME~1\jnoe\LOCALS~1\Temp\sysnet.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Windows\System32\vidctrl\vidctrl.exe
C:\Windows\System32\wintask.exe
C:\Windows\System32\msdrxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\jnoe\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\Windows\Nail.exe
O2 - BHO: (no name) - {00000000-0000-4232-ADE2-50EF4AF470E2} - C:\Program Files\0hnsep56\0hnsep56.dll (file missing)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\Windows\eltt.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\Windows\System32\richedtr.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\jnoe\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [exp] C:\Windows\System32\exp
O4 - HKLM\..\Run: [mtg] C:\Windows\System32\mtg.exe
O4 - HKLM\..\Run: [vidctrl] C:\Windows\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [eltupt] C:\Windows\eltupt.exe
O4 - HKLM\..\Run: [richup] C:\Windows\System32\richup.exe
O4 - HKLM\..\Run: [7s7V3Fl] msdrxy.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\Windows\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\Windows\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\Windows\System32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MBo9RPJpg] mqref.exe
O4 - HKCU\..\Run: [Fzvcc] C:\Windows\System32\??stem\winword.exe
O4 - HKCU\..\Run: [Lerm] C:\Program Files\saar\elat.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://a248.e.akama...qt/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/exentCtl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thecenter.corp
O17 - HKLM\Software\..\Telephony: DomainName = thecenter.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thecenter.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thecenter.corp
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: CSCSettings - C:\Windows\system32\kndkyr.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\Windows\svcproc.exe