Logfile of HijackThis v1.99.1
Scan saved at 14:14:15, on 10/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Abv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Desktop\Hijack1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Workflow(1)] D:\Workflow.exe
O4 - HKLM\..\Run: [Ivr] C:\WINDOWS\Kbh.exe
O4 - HKLM\..\Run: [Osa] C:\WINDOWS\Qev.exe
O4 - HKLM\..\Run: [Dbh] C:\WINDOWS\Ans.exe
O4 - HKLM\..\Run: [Nqt] C:\WINDOWS\Hff.exe
O4 - HKLM\..\Run: [Kka] C:\WINDOWS\System32\Tud.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\System32\Nat.exe
O4 - HKLM\..\Run: [Snb] C:\WINDOWS\Ffg.exe
O4 - HKLM\..\Run: [Nju] C:\WINDOWS\System32\Dfd.exe
O4 - HKLM\..\Run: [Vrd] C:\WINDOWS\System32\Vst.exe
O4 - HKLM\..\Run: [Rhd] C:\WINDOWS\Rak.exe
O4 - HKLM\..\Run: [Kfd] C:\WINDOWS\Jbg.exe
O4 - HKLM\..\Run: [Nlm] C:\WINDOWS\System32\Tdv.exe
O4 - HKLM\..\Run: [Svq] C:\WINDOWS\System32\Fkj.exe
O4 - HKLM\..\Run: [Mit] C:\WINDOWS\Noj.exe
O4 - HKLM\..\Run: [Vee] C:\WINDOWS\Mbl.exe
O4 - HKLM\..\Run: [Pdi] C:\WINDOWS\System32\Sid.exe
O4 - HKLM\..\Run: [Fsa] C:\WINDOWS\System32\Ema.exe
O4 - HKLM\..\Run: [Ags] C:\WINDOWS\Kde.exe
O4 - HKLM\..\Run: [Mtb] C:\WINDOWS\Tbo.exe
O4 - HKLM\..\Run: [Abn] C:\WINDOWS\System32\Uah.exe
O4 - HKLM\..\Run: [Nmp] C:\WINDOWS\System32\Eii.exe
O4 - HKLM\..\Run: [Vhc] C:\WINDOWS\Nis.exe
O4 - HKLM\..\Run: [Pli] C:\WINDOWS\System32\Ctj.exe
O4 - HKLM\..\Run: [Gsg] C:\WINDOWS\System32\Qnj.exe
O4 - HKLM\..\Run: [Cmq] C:\WINDOWS\System32\Uit.exe
O4 - HKLM\..\Run: [Pvi] C:\WINDOWS\Urc.exe
O4 - HKLM\..\Run: [Lej] C:\WINDOWS\Gca.exe
O4 - HKLM\..\Run: [Aoj] C:\WINDOWS\Sas.exe
O4 - HKLM\..\Run: [Jdf] C:\WINDOWS\Qma.exe
O4 - HKLM\..\Run: [Oed] C:\WINDOWS\System32\Hbc.exe
O4 - HKLM\..\Run: [Qpm] C:\WINDOWS\Bpu.exe
O4 - HKLM\..\Run: [Cjs] C:\WINDOWS\Kqk.exe
O4 - HKLM\..\Run: [Tct] C:\WINDOWS\System32\Dpk.exe
O4 - HKLM\..\Run: [Hvp] C:\WINDOWS\Grp.exe
O4 - HKLM\..\Run: [Gds] C:\WINDOWS\Qjb.exe
O4 - HKLM\..\Run: [Kal] C:\WINDOWS\Bhr.exe
O4 - HKLM\..\Run: [Krl] C:\WINDOWS\Vlf.exe
O4 - HKLM\..\Run: [Kac] C:\WINDOWS\Vil.exe
O4 - HKLM\..\Run: [Vcc] C:\WINDOWS\System32\Ekp.exe
O4 - HKLM\..\Run: [Pvj] C:\WINDOWS\Jhb.exe
O4 - HKLM\..\Run: [Aqk] C:\WINDOWS\System32\Lvt.exe
O4 - HKLM\..\Run: [Vpc] C:\WINDOWS\System32\Sog.exe
O4 - HKLM\..\Run: [Hcr] C:\WINDOWS\System32\Cdl.exe
O4 - HKLM\..\Run: [Sni] C:\WINDOWS\System32\Svo.exe
O4 - HKLM\..\Run: [Oud] C:\WINDOWS\Vjf.exe
O4 - HKLM\..\Run: [Rjg] C:\WINDOWS\Fus.exe
O4 - HKLM\..\Run: [Fpc] C:\WINDOWS\System32\Ujm.exe
O4 - HKLM\..\Run: [Jfi] C:\WINDOWS\Ldf.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Hsp] C:\WINDOWS\Ell.exe
O4 - HKLM\..\Run: [Umd] C:\WINDOWS\system32\Dil.exe
O4 - HKLM\..\Run: [Juc] C:\WINDOWS\Qbn.exe
O4 - HKLM\..\Run: [Qmi] C:\WINDOWS\Oao.exe
O4 - HKLM\..\Run: [Ikg] C:\WINDOWS\system32\Dhv.exe
O4 - HKLM\..\Run: [Ovr] C:\WINDOWS\Kii.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Dqa] C:\WINDOWS\system32\Agi.exe
O4 - HKLM\..\Run: [Elk] C:\WINDOWS\system32\Amd.exe
O4 - HKLM\..\Run: [Bqc] C:\WINDOWS\system32\Eui.exe
O4 - HKLM\..\Run: [Hdp] C:\WINDOWS\system32\Dge.exe
O4 - HKLM\..\Run: [Uba] C:\WINDOWS\Alh.exe
O4 - HKLM\..\Run: [Suj] C:\WINDOWS\system32\Uni.exe
O4 - HKLM\..\Run: [Alp] C:\WINDOWS\Lvs.exe
O4 - HKLM\..\Run: [Lbb] C:\WINDOWS\Pbe.exe
O4 - HKLM\..\Run: [Aes] C:\WINDOWS\system32\Jsi.exe
O4 - HKLM\..\Run: [Doh] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Mbf] C:\WINDOWS\system32\Qtl.exe
O4 - HKLM\..\Run: [Pqs] C:\WINDOWS\Sba.exe
O4 - HKLM\..\Run: [Uqc] C:\WINDOWS\Imf.exe
O4 - HKLM\..\Run: [Olf] C:\WINDOWS\system32\Cjt.exe
O4 - HKLM\..\Run: [Jla] C:\WINDOWS\Abv.exe
O4 - HKLM\..\Run: [Btv] C:\WINDOWS\system32\Com.exe
O4 - HKLM\..\Run: [Vuj] C:\WINDOWS\Sql.exe
O4 - HKLM\..\Run: [Utd] C:\WINDOWS\Nee.exe
O4 - HKLM\..\Run: [Jhs] C:\WINDOWS\system32\Gli.exe
O4 - HKLM\..\Run: [Hah] C:\WINDOWS\Nsl.exe
O4 - HKLM\..\Run: [Toa] C:\WINDOWS\system32\Etv.exe
O4 - HKLM\..\Run: [Gao] C:\WINDOWS\Njj.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\system32\Gep.exe
O4 - HKLM\..\Run: [Ldh] C:\WINDOWS\Rea.exe
O4 - HKLM\..\Run: [Qgs] C:\WINDOWS\Nft.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Ivr] C:\WINDOWS\Kbh.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe