Scan saved at 7:32:16 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\msole32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\hjtcx\abvho.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\jencs\gooe.exe
C:\WINDOWS\system32\uovijv\ndyi.exe
C:\WINDOWS\system32\duxus\njsifl.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\vayndb\vdoddvbk.exe
C:\WINDOWS\system32\twnqk\tpivygco.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\wqeyomi\hudtrtb.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\htdlr\feroan.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hknjl\lkbc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dciayx.exe
C:\WINDOWS\system32\winnook.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\mqtkcgvq\wuumk.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rich\Local Settings\Temporary Internet Files\Content.IE5\GD6B4HQB\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp75CC.tmp
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [nekxq] C:\WINDOWS\System32\qxdllqly\nekxq.exe
O4 - HKLM\..\Run: [rmlypj] C:\WINDOWS\System32\oidfgs\rmlypj.exe
O4 - HKLM\..\Run: [vtunqpj] C:\WINDOWS\System32\iskupibl\vtunqpj.exe
O4 - HKLM\..\Run: [jddcup] C:\WINDOWS\System32\ptmha\jddcup.exe
O4 - HKLM\..\Run: [pnaqgj] C:\WINDOWS\system32\windrknq\pnaqgj.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [vmsh] C:\WINDOWS\system32\durqnr\vmsh.exe
O4 - HKLM\..\Run: [axkx] C:\WINDOWS\system32\hlkaf\axkx.exe
O4 - HKLM\..\Run: [lqndkck] C:\WINDOWS\system32\ldjtfkpm\lqndkck.exe
O4 - HKLM\..\Run: [wiqyyh] C:\WINDOWS\system32\udyewih\wiqyyh.exe
O4 - HKLM\..\Run: [igqs] C:\WINDOWS\system32\kaqle\igqs.exe
O4 - HKLM\..\Run: [yhow] C:\WINDOWS\system32\twogwkki\yhow.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [knifs] C:\WINDOWS\system32\khibhoe\knifs.exe
O4 - HKLM\..\Run: [vqvyq] C:\WINDOWS\system32\myhm\vqvyq.exe
O4 - HKLM\..\Run: [ewqtlqk] C:\WINDOWS\system32\grfjtcj\ewqtlqk.exe
O4 - HKLM\..\Run: [lwqug] C:\WINDOWS\system32\xmscr\lwqug.exe
O4 - HKLM\..\Run: [jrllcngf] C:\WINDOWS\system32\agfdr\jrllcngf.exe
O4 - HKLM\..\Run: [tieh] C:\WINDOWS\system32\akobisp\tieh.exe
O4 - HKLM\..\Run: [njsifl] C:\WINDOWS\system32\duxus\njsifl.exe
O4 - HKLM\..\Run: [uwiqn] C:\WINDOWS\system32\lwyjhli\uwiqn.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [lnbpiuk] C:\WINDOWS\system32\cxwehsqi\lnbpiuk.exe
O4 - HKLM\..\Run: [ydxm] C:\WINDOWS\system32\pxgtsm\ydxm.exe
O4 - HKLM\..\Run: [vdoddvbk] C:\WINDOWS\system32\vayndb\vdoddvbk.exe
O4 - HKLM\..\Run: [ctvqdmhb] C:\WINDOWS\system32\bvamtqmk\ctvqdmhb.exe
O4 - HKLM\..\Run: [hvvus] C:\WINDOWS\system32\bnpd\hvvus.exe
O4 - HKLM\..\Run: [exgc] C:\WINDOWS\system32\cbefdfjg\exgc.exe
O4 - HKLM\..\Run: [cryvrf] C:\WINDOWS\system32\hityvftk\cryvrf.exe
O4 - HKLM\..\Run: [terws] C:\WINDOWS\system32\gtbs\terws.exe
O4 - HKLM\..\Run: [wjytk] C:\WINDOWS\system32\exje\wjytk.exe
O4 - HKLM\..\Run: [tpivygco] C:\WINDOWS\system32\twnqk\tpivygco.exe
O4 - HKLM\..\Run: [nfiago] C:\WINDOWS\system32\lqsftiwg\nfiago.exe
O4 - HKLM\..\Run: [yadpiagr] C:\WINDOWS\system32\edrjclbs\yadpiagr.exe
O4 - HKLM\..\Run: [evnrlv] C:\WINDOWS\system32\ruoc\evnrlv.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\system32\LogFiles\A5281300.so
O4 - HKLM\..\Run: [abvho] C:\WINDOWS\system32\hjtcx\abvho.exe
O4 - HKLM\..\Run: [wuumk] C:\WINDOWS\system32\mqtkcgvq\wuumk.exe
O4 - HKLM\..\Run: [hudtrtb] C:\WINDOWS\system32\wqeyomi\hudtrtb.exe
O4 - HKLM\..\Run: [gooe] C:\WINDOWS\system32\jencs\gooe.exe
O4 - HKLM\..\Run: [ndyi] C:\WINDOWS\system32\uovijv\ndyi.exe
O4 - HKLM\..\Run: [feroan] C:\WINDOWS\system32\htdlr\feroan.exe
O4 - HKLM\..\Run: [lkbc] C:\WINDOWS\system32\hknjl\lkbc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [awq8RijEe] dciayx.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\winnook.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\DOCUME~1\Rich\LOCALS~1\Temp\atbqpabs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: lnbpiukcxwehsqi - Unknown owner - C:\WINDOWS\system32\cxwehsqi\lnbpiuk.exe
O23 - Service: lwqugxmscr - Unknown owner - C:\WINDOWS\system32\xmscr\lwqug.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Utilities\NPROTECT.EXE
O23 - Service: pnaqgjwindrknq - Unknown owner - C:\WINDOWS\system32\windrknq\pnaqgj.exe
O23 - Service: rmlypjoidfgs - Unknown owner - C:\WINDOWS\System32\oidfgs\rmlypj.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: terwsgtbs - Unknown owner - C:\WINDOWS\system32\gtbs\terws.exe
O23 - Service: vmshdurqnr - Unknown owner - C:\WINDOWS\system32\durqnr\vmsh.exe
O23 - Service: wuumkmqtkcgvq - Unknown owner - C:\WINDOWS\system32\mqtkcgvq\wuumk.exe