[noodlez22]

i just got this computer from a friend and have been reding theese forum i just downloaded hijack and heres the log can anyone help me with what i should get rid of



Logfile of HijackThis v1.99.1
Scan saved at 5:55:14 PM, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\svchost.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com/
O1 - Hosts: 66.180.173.39 google.ae
O1 - Hosts: 66.180.173.39 google.am
O1 - Hosts: 66.180.173.39 google.as
O1 - Hosts: 66.180.173.39 google.at
O1 - Hosts: 66.180.173.39 google.az
O1 - Hosts: 66.180.173.39 google.be
O1 - Hosts: 66.180.173.39 google.bi
O1 - Hosts: 66.180.173.39 google.ca
O1 - Hosts: 66.180.173.39 google.cd
O1 - Hosts: 66.180.173.39 google.cg
O1 - Hosts: 66.180.173.39 google.ch
O1 - Hosts: 66.180.173.39 google.ci
O1 - Hosts: 66.180.173.39 google.cl
O1 - Hosts: 66.180.173.39 google.co.cr
O1 - Hosts: 66.180.173.39 google.co.hu
O1 - Hosts: 66.180.173.39 google.co.il
O1 - Hosts: 66.180.173.39 google.co.in
O1 - Hosts: 66.180.173.39 google.co.je
O1 - Hosts: 66.180.173.39 google.co.jp
O1 - Hosts: 66.180.173.39 google.co.ke
O1 - Hosts: 66.180.173.39 google.co.kr
O1 - Hosts: 66.180.173.39 google.co.ls
O1 - Hosts: 66.180.173.39 google.co.nz
O1 - Hosts: 66.180.173.39 google.co.th
O1 - Hosts: 66.180.173.39 google.co.ug
O1 - Hosts: 66.180.173.39 google.co.uk
O1 - Hosts: 66.180.173.39 google.co.ve
O1 - Hosts: 66.180.173.39 google.com
O1 - Hosts: 66.180.173.39 google.com.ag
O1 - Hosts: 66.180.173.39 google.com.ar
O1 - Hosts: 66.180.173.39 google.com.au
O1 - Hosts: 66.180.173.39 google.com.br
O1 - Hosts: 66.180.173.39 google.com.co
O1 - Hosts: 66.180.173.39 google.com.cu
O1 - Hosts: 66.180.173.39 google.com.do
O1 - Hosts: 66.180.173.39 google.com.ec
O1 - Hosts: 66.180.173.39 google.com.fj
O1 - Hosts: 66.180.173.39 google.com.gi
O1 - Hosts: 66.180.173.39 google.com.gr
O1 - Hosts: 66.180.173.39 google.com.gt
O1 - Hosts: 66.180.173.39 google.com.hk
O1 - Hosts: 66.180.173.39 google.com.ly
O1 - Hosts: 66.180.173.39 google.com.mt
O1 - Hosts: 66.180.173.39 google.com.mx
O1 - Hosts: 66.180.173.39 google.com.my
O1 - Hosts: 66.180.173.39 google.com.na
O1 - Hosts: 66.180.173.39 google.com.nf
O1 - Hosts: 66.180.173.39 google.com.ni
O1 - Hosts: 66.180.173.39 google.com.np
O1 - Hosts: 66.180.173.39 google.com.pa
O1 - Hosts: 66.180.173.39 google.com.pe
O1 - Hosts: 66.180.173.39 google.com.ph
O1 - Hosts: 66.180.173.39 google.com.pk
O1 - Hosts: 66.180.173.39 google.com.pr
O1 - Hosts: 66.180.173.39 google.com.py
O1 - Hosts: 66.180.173.39 google.com.sa
O1 - Hosts: 66.180.173.39 google.com.sg
O1 - Hosts: 66.180.173.39 google.com.sv
O1 - Hosts: 66.180.173.39 google.com.tr
O1 - Hosts: 66.180.173.39 google.com.tw
O1 - Hosts: 66.180.173.39 google.com.ua
O1 - Hosts: 66.180.173.39 google.com.uy
O1 - Hosts: 66.180.173.39 google.com.vc
O1 - Hosts: 66.180.173.39 google.com.vn
O1 - Hosts: 66.180.173.39 google.de
O1 - Hosts: 66.180.173.39 google.dj
O1 - Hosts: 66.180.173.39 google.dk
O1 - Hosts: 66.180.173.39 google.es
O1 - Hosts: 66.180.173.39 google.fi
O1 - Hosts: 66.180.173.39 google.fm
O1 - Hosts: 66.180.173.39 google.fr
O1 - Hosts: 66.180.173.39 google.gg
O1 - Hosts: 66.180.173.39 google.gl
O1 - Hosts: 66.180.173.39 google.gm
O1 - Hosts: 66.180.173.39 google.hn
O1 - Hosts: 66.180.173.39 google.ie
O1 - Hosts: 66.180.173.39 google.it
O1 - Hosts: 66.180.173.39 google.kz
O1 - Hosts: 66.180.173.39 google.li
O1 - Hosts: 66.180.173.39 google.lt
O1 - Hosts: 66.180.173.39 google.lu
O1 - Hosts: 66.180.173.39 google.lv
O1 - Hosts: 66.180.173.39 google.mn
O1 - Hosts: 66.180.173.39 google.ms
O1 - Hosts: 66.180.173.39 google.mu
O1 - Hosts: 66.180.173.39 google.mw
O1 - Hosts: 66.180.173.39 google.nl
O1 - Hosts: 66.180.173.39 google.no
O1 - Hosts: 66.180.173.39 google.off.ai
O1 - Hosts: 66.180.173.39 google.pl
O1 - Hosts: 66.180.173.39 google.pn
O1 - Hosts: 66.180.173.39 google.pt
O1 - Hosts: 66.180.173.39 google.ro
O1 - Hosts: 66.180.173.39 google.ru
O1 - Hosts: 66.180.173.39 google.rw
O1 - Hosts: 66.180.173.39 google.se
O1 - Hosts: 66.180.173.39 google.sh
O1 - Hosts: 66.180.173.39 google.sk
O1 - Hosts: 66.180.173.39 google.sm
O1 - Hosts: 66.180.173.39 google.td
O1 - Hosts: 66.180.173.39 google.tm
O2 - BHO: (no name) - {00000000-0000-4E11-85E5-CA0203BFE625} - C:\Program Files\udxr1zdc\udxr1zdc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4427F0C-86E8-DBC2-5BC0-0E63C2B98CE4} - C:\WINNT\ymzbzeiq.dll
O2 - BHO: (no name) - {F5CCF2E1-006A-D2B4-7EF0-9C7EA01BD246} - blank (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Search - {524F4442-D391-879D-5E4F-4F1147254BC4} - C:\WINNT\ymzbzeiq.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINNT\SysCheckBop32
O4 - HKLM\..\Run: [C:\WINNT\IEXPLOR.EXE] C:\WINNT\IEXPLOR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [732g3mO] cd_cr70.exe
O4 - HKLM\..\Run: [udxr1zdc] C:\Program Files\udxr1zdc\udxr1zdc.exe
O4 - HKLM\..\Run: [gltfwmtw] c:\winnt\system32\gltfwmtw.exe
O4 - HKLM\..\Run: [msw] C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
O4 - HKLM\..\Run: [SysStart] C:\WINNT\System32\jflsysi6.exe lee0105
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitewvx32.exe
O4 - HKLM\..\Run: [aphxoqruovunpporsqpqmlmmak] C:\WINNT\hxyxktaq.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\nzallv.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINNT\IEXPLOR.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINNT\System32\bootpd.exe
O4 - HKLM\..\Run: [ms0555138-1961] C:\WINNT\ms0555138-1961.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kaqoow.exe reg_run
O4 - HKCU\..\Run: [M0tmRgiph] xavxdec_040c.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &AIM Search - blank
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINNT\System32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131049364749
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131049348296
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O18 - Filter: text/plain - {C015A2F8-80AE-4018-8863-35A9D1EB3C6B} - blank
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TG91\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: nxibtemifgejc - Unknown owner - C:\WINNT\System32\fgejc\nxibtemi.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Advertisements]

Please go here:

Malware Removal Guide

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, ask for advice in the Malware Forum

[Retired Tech]

Please go here:

Malware Removal Guide

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, ask for advice in the Malware Forum