Scan saved at 22:12:26, on 18/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\kernels32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\Gsi.exe
C:\WINDOWS\System32\lsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\sessmgr.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\John\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jenni\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\frennk.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\System32\smiehlp.dll
O2 - BHO: (no name) - {F16FC0E1-FA9C-4106-8AB4-794E57DF35E1} - C:\WINDOWS\System32\ghah.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Csl] C:\WINDOWS\System32\Ipo.exe
O4 - HKLM\..\Run: [Hsr] C:\WINDOWS\Gsi.exe
O4 - HKLM\..\Run: [Shellspl] lsas.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\John\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [Aki] C:\WINDOWS\System32\Uht.exe
O4 - HKLM\..\Run: [Akh] C:\WINDOWS\System32\Kjh.exe
O4 - HKLM\..\Run: [Eko] C:\WINDOWS\System32\Ren.exe
O4 - HKLM\..\Run: [Scs] C:\WINDOWS\Hoh.exe
O4 - HKLM\..\Run: [Crl] C:\WINDOWS\System32\Iof.exe
O4 - HKLM\..\Run: [Vus] C:\WINDOWS\Gmf.exe
O4 - HKLM\..\Run: [Lgk] C:\WINDOWS\Lmd.exe
O4 - HKLM\..\Run: [Fdk] C:\WINDOWS\System32\Ook.exe
O4 - HKLM\..\Run: [Hii] C:\WINDOWS\System32\Svp.exe
O4 - HKLM\..\Run: [Vrd] C:\WINDOWS\Mme.exe
O4 - HKLM\..\Run: [Arf] C:\WINDOWS\Gtt.exe
O4 - HKLM\..\Run: [Eme] C:\WINDOWS\Mso.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Foh.exe
O4 - HKLM\..\Run: [Mrf] C:\WINDOWS\System32\Vsj.exe
O4 - HKLM\..\Run: [Ioi] C:\WINDOWS\System32\Hgn.exe
O4 - HKLM\..\Run: [Hlj] C:\WINDOWS\Rjl.exe
O4 - HKLM\..\Run: [Mna] C:\WINDOWS\System32\Bgc.exe
O4 - HKLM\..\Run: [Iji] C:\WINDOWS\System32\Fbh.exe
O4 - HKLM\..\Run: [Rog] C:\WINDOWS\System32\Gat.exe
O4 - HKLM\..\Run: [Sib] C:\WINDOWS\Sln.exe
O4 - HKCU\..\Run: [Csl] C:\WINDOWS\System32\Ipo.exe
O4 - HKCU\..\Run: [Hsr] C:\WINDOWS\Gsi.exe
O4 - HKCU\..\Run: [Aki] C:\WINDOWS\System32\Uht.exe
O4 - HKCU\..\Run: [Akh] C:\WINDOWS\System32\Kjh.exe
O4 - HKCU\..\Run: [Eko] C:\WINDOWS\System32\Ren.exe
O4 - HKCU\..\Run: [Scs] C:\WINDOWS\Hoh.exe
O4 - HKCU\..\Run: [Crl] C:\WINDOWS\System32\Iof.exe
O4 - HKCU\..\Run: [Vus] C:\WINDOWS\Gmf.exe
O4 - HKCU\..\Run: [Fdk] C:\WINDOWS\System32\Ook.exe
O4 - HKCU\..\Run: [Vrd] C:\WINDOWS\Mme.exe
O4 - HKCU\..\Run: [Eme] C:\WINDOWS\Mso.exe
O4 - HKCU\..\Run: [Mrf] C:\WINDOWS\System32\Vsj.exe
O4 - HKCU\..\Run: [Hlj] C:\WINDOWS\Rjl.exe
O4 - HKCU\..\Run: [Iji] C:\WINDOWS\System32\Fbh.exe
O4 - HKCU\..\Run: [Sib] C:\WINDOWS\Sln.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3136449291
O18 - Filter: text/html - {98E52DCA-E258-4DBD-A00B-6E6ECC279045} - C:\WINDOWS\System32\ghah.dll
O18 - Filter: text/plain - {98E52DCA-E258-4DBD-A00B-6E6ECC279045} - C:\WINDOWS\System32\ghah.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe