Unsolved

This post is more than 5 years old

1 Message

212

November 9th, 2005 22:00

Help please

which ones are dengerous? please help!!

Logfile of HijackThis v1.99.1
Scan saved at 1:31:56 AM, on 11/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hzwolvy.exe
C:\Program Files\LG\SecureCell\PLBkMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\oquyckf.exe
C:\WINDOWS\System32\camocx26.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Pxql\Avxq.exe
C:\Program Files\WinFixer2005\uwfx5.exe
D:\cvpnd.exe
C:\WINDOWS\dlhost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\smsc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijakthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mail2web.iu-bremen.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 209.190.4.218 www.halifax-online.co.uk
O1 - Hosts: 209.190.4.218 ibank.barclays.co.uk
O1 - Hosts: 209.190.4.218 online.lloydstsb.co.uk
O1 - Hosts: 209.190.4.218 online-business.lloydstsb.co.uk
O1 - Hosts: 209.190.4.218 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 209.190.4.218 www.nwolb.com
O1 - Hosts: 209.190.4.218 banesnet.banesto.es
O1 - Hosts: 209.190.4.218 extranet.banesto.es
O1 - Hosts: 209.190.4.218 ebanking.bccbrescia.it
O1 - Hosts: 209.190.4.218 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 209.190.4.218 www.rbsdigital.com
O1 - Hosts: 209.190.4.218 oi.cajamadrid.es
O1 - Hosts: 209.190.4.218 bancae.caixapenedes.com
O1 - Hosts: 209.190.4.218 banking.postbank.de
O1 - Hosts: 209.190.4.218 meine.deutsche-bank.de
O1 - Hosts: 209.190.4.218 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 209.190.4.218 ibank.cahoot.com
O1 - Hosts: 209.190.4.218 webbank.openplan.co.uk
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\byxyw.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\vtssr.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LG_PLUtil] C:\Program Files\LG\SecureCell\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Windows ASN Service] bot.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [54diI] C:\WINDOWS\oquyckf.exe
O4 - HKLM\..\Run: [70ae51147c6b] C:\WINDOWS\System32\camocx26.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Xksjgixj] C:\Program Files\Pxql\Avxq.exe
O4 - HKLM\..\Run: [reSl] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [bO²ùðY×y-¯Œ] C:\WINDOWS\oquyckf.exe
O4 - HKLM\..\Run: [virD] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [bO²ùõö/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\oquyckf.exe
br>4 - HKLM\..\Run: [qhqghnn] C:\WINDOWS\System32\hzwolvy.exe r
br>4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
br>4 - HKLM\..\RunServices: [Windows ASN Service] bot.exe
br>4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
br>4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
br>4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer2005\uwfx5.exe" /min
br>4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
br>4 - Global Startup: VPN Client.lnk = ?
br>8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
br>8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
br>8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
br>8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
br>8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
br>8 - Extra context menu item: Convert link target to existing PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
br>8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
br>8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
br>8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
br>8 - Extra context menu item: Convert selection to existing PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
br>8 - Extra context menu item: Convert to Adobe PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
br>8 - Extra context menu item: Convert to existing PDF - res://D:\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
br>8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
br>8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
br>8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
br>9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
br>9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
br>9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
br>9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
br>9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
br>9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
br>9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
br>15 - Trusted Zone: *.media-motor.net
br>15 - Trusted Zone: *.popuppers.com
br>15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
br>16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst_int2.exe
br>16 - DPF: {4C13D978-01EF-70DD-508A-5F9F3E54CB05} - http://66.117.37.5/1/rdgDE298.exe
br>16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100771376325
br>16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
br>16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
br>17 - HKLM\System\CCS\Services\Tcpip\..\{C76F2566-9F51-4A76-8B4B-4B0C1CB87073}: NameServer = 195.50.140.114 195.50.140.252
br>18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
br>18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
br>18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
br>18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
br>20 - Winlogon Notify: byxyw - C:\WINDOWS\SYSTEM32\byxyw.dll
br>20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
br>20 - Winlogon Notify: vtssr - C:\WINDOWS\System32\vtssr.dll
br>20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
br>21 - SSODL: System - {133AB3E2-0081-4764-A144-7F804E3C0CE9} - vr_sys.dll (file missing)
br>23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
br>23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
br>23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
br>23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
br>23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\cvpnd.exe
br>23 - Service: DynamicHost (DLHOST) - Unknown owner - C:\WINDOWS\dlhost.exe
br>23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\Matlab\webserver\bin\win32\matlabserver.exe
br>23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
br>23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\system32\OfficeGUI1.exe (file missing)
br>23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
br>23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
br>23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
br>23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
br>23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe
br>23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
br>23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
br>23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
No Responses!
No Events found!

Top