Logfile of HijackThis v1.99.1
Scan saved at 5:55:14 PM, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\svchost.exe
C:\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com/
O1 - Hosts: 66.180.173.39 google.ae
O1 - Hosts: 66.180.173.39 google.am
O1 - Hosts: 66.180.173.39 google.as
O1 - Hosts: 66.180.173.39 google.at
O1 - Hosts: 66.180.173.39 google.az
O1 - Hosts: 66.180.173.39 google.be
O1 - Hosts: 66.180.173.39 google.bi
O1 - Hosts: 66.180.173.39 google.ca
O1 - Hosts: 66.180.173.39 google.cd
O1 - Hosts: 66.180.173.39 google.cg
O1 - Hosts: 66.180.173.39 google.ch
O1 - Hosts: 66.180.173.39 google.ci
O1 - Hosts: 66.180.173.39 google.cl
O1 - Hosts: 66.180.173.39 google.co.cr
O1 - Hosts: 66.180.173.39 google.co.hu
O1 - Hosts: 66.180.173.39 google.co.il
O1 - Hosts: 66.180.173.39 google.co.in
O1 - Hosts: 66.180.173.39 google.co.je
O1 - Hosts: 66.180.173.39 google.co.jp
O1 - Hosts: 66.180.173.39 google.co.ke
O1 - Hosts: 66.180.173.39 google.co.kr
O1 - Hosts: 66.180.173.39 google.co.ls
O1 - Hosts: 66.180.173.39 google.co.nz
O1 - Hosts: 66.180.173.39 google.co.th
O1 - Hosts: 66.180.173.39 google.co.ug
O1 - Hosts: 66.180.173.39 google.co.uk
O1 - Hosts: 66.180.173.39 google.co.ve
O1 - Hosts: 66.180.173.39 google.com
O1 - Hosts: 66.180.173.39 google.com.ag
O1 - Hosts: 66.180.173.39 google.com.ar
O1 - Hosts: 66.180.173.39 google.com.au
O1 - Hosts: 66.180.173.39 google.com.br
O1 - Hosts: 66.180.173.39 google.com.co
O1 - Hosts: 66.180.173.39 google.com.cu
O1 - Hosts: 66.180.173.39 google.com.do
O1 - Hosts: 66.180.173.39 google.com.ec
O1 - Hosts: 66.180.173.39 google.com.fj
O1 - Hosts: 66.180.173.39 google.com.gi
O1 - Hosts: 66.180.173.39 google.com.gr
O1 - Hosts: 66.180.173.39 google.com.gt
O1 - Hosts: 66.180.173.39 google.com.hk
O1 - Hosts: 66.180.173.39 google.com.ly
O1 - Hosts: 66.180.173.39 google.com.mt
O1 - Hosts: 66.180.173.39 google.com.mx
O1 - Hosts: 66.180.173.39 google.com.my
O1 - Hosts: 66.180.173.39 google.com.na
O1 - Hosts: 66.180.173.39 google.com.nf
O1 - Hosts: 66.180.173.39 google.com.ni
O1 - Hosts: 66.180.173.39 google.com.np
O1 - Hosts: 66.180.173.39 google.com.pa
O1 - Hosts: 66.180.173.39 google.com.pe
O1 - Hosts: 66.180.173.39 google.com.ph
O1 - Hosts: 66.180.173.39 google.com.pk
O1 - Hosts: 66.180.173.39 google.com.pr
O1 - Hosts: 66.180.173.39 google.com.py
O1 - Hosts: 66.180.173.39 google.com.sa
O1 - Hosts: 66.180.173.39 google.com.sg
O1 - Hosts: 66.180.173.39 google.com.sv
O1 - Hosts: 66.180.173.39 google.com.tr
O1 - Hosts: 66.180.173.39 google.com.tw
O1 - Hosts: 66.180.173.39 google.com.ua
O1 - Hosts: 66.180.173.39 google.com.uy
O1 - Hosts: 66.180.173.39 google.com.vc
O1 - Hosts: 66.180.173.39 google.com.vn
O1 - Hosts: 66.180.173.39 google.de
O1 - Hosts: 66.180.173.39 google.dj
O1 - Hosts: 66.180.173.39 google.dk
O1 - Hosts: 66.180.173.39 google.es
O1 - Hosts: 66.180.173.39 google.fi
O1 - Hosts: 66.180.173.39 google.fm
O1 - Hosts: 66.180.173.39 google.fr
O1 - Hosts: 66.180.173.39 google.gg
O1 - Hosts: 66.180.173.39 google.gl
O1 - Hosts: 66.180.173.39 google.gm
O1 - Hosts: 66.180.173.39 google.hn
O1 - Hosts: 66.180.173.39 google.ie
O1 - Hosts: 66.180.173.39 google.it
O1 - Hosts: 66.180.173.39 google.kz
O1 - Hosts: 66.180.173.39 google.li
O1 - Hosts: 66.180.173.39 google.lt
O1 - Hosts: 66.180.173.39 google.lu
O1 - Hosts: 66.180.173.39 google.lv
O1 - Hosts: 66.180.173.39 google.mn
O1 - Hosts: 66.180.173.39 google.ms
O1 - Hosts: 66.180.173.39 google.mu
O1 - Hosts: 66.180.173.39 google.mw
O1 - Hosts: 66.180.173.39 google.nl
O1 - Hosts: 66.180.173.39 google.no
O1 - Hosts: 66.180.173.39 google.off.ai
O1 - Hosts: 66.180.173.39 google.pl
O1 - Hosts: 66.180.173.39 google.pn
O1 - Hosts: 66.180.173.39 google.pt
O1 - Hosts: 66.180.173.39 google.ro
O1 - Hosts: 66.180.173.39 google.ru
O1 - Hosts: 66.180.173.39 google.rw
O1 - Hosts: 66.180.173.39 google.se
O1 - Hosts: 66.180.173.39 google.sh
O1 - Hosts: 66.180.173.39 google.sk
O1 - Hosts: 66.180.173.39 google.sm
O1 - Hosts: 66.180.173.39 google.td
O1 - Hosts: 66.180.173.39 google.tm
O2 - BHO: (no name) - {00000000-0000-4E11-85E5-CA0203BFE625} - C:\Program Files\udxr1zdc\udxr1zdc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4427F0C-86E8-DBC2-5BC0-0E63C2B98CE4} - C:\WINNT\ymzbzeiq.dll
O2 - BHO: (no name) - {F5CCF2E1-006A-D2B4-7EF0-9C7EA01BD246} - blank (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Search - {524F4442-D391-879D-5E4F-4F1147254BC4} - C:\WINNT\ymzbzeiq.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINNT\SysCheckBop32
O4 - HKLM\..\Run: [C:\WINNT\IEXPLOR.EXE] C:\WINNT\IEXPLOR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [732g3mO] cd_cr70.exe
O4 - HKLM\..\Run: [udxr1zdc] C:\Program Files\udxr1zdc\udxr1zdc.exe
O4 - HKLM\..\Run: [gltfwmtw] c:\winnt\system32\gltfwmtw.exe
O4 - HKLM\..\Run: [msw] C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
O4 - HKLM\..\Run: [SysStart] C:\WINNT\System32\jflsysi6.exe lee0105
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitewvx32.exe
O4 - HKLM\..\Run: [aphxoqruovunpporsqpqmlmmak] C:\WINNT\hxyxktaq.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\nzallv.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINNT\IEXPLOR.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINNT\System32\bootpd.exe
O4 - HKLM\..\Run: [ms0555138-1961] C:\WINNT\ms0555138-1961.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kaqoow.exe reg_run
O4 - HKCU\..\Run: [M0tmRgiph] xavxdec_040c.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &AIM Search - blank
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINNT\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131049364749
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131049348296
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Filter: text/plain - {C015A2F8-80AE-4018-8863-35A9D1EB3C6B} - blank
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TG91\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: nxibtemifgejc - Unknown owner - C:\WINNT\System32\fgejc\nxibtemi.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe