Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hellmsn virus help needed please [CLOSED]


  • This topic is locked This topic is locked

#1
lexy28

lexy28

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I'm wondering if anyone can help me. My computer has been infected with the Hellmsn virus. Any help/advise you can give me would be greatly appreciated. My Hijacklog is as follows

Logfile of HijackThis v1.99.1
Scan saved at 15:45:12, on 28/05/05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00

(6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\COMOne\Bluetooth

Software\bin\btwdins.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\c

ommon\swtrayv4.exe
C:\Program

Files\Thrustmaster\Thrustmapper\TMTMTS

R.exe
C:\WINDOWS\System32\usbtapnp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\COMOne\Bluetooth

Software\BTTray.exe
C:\Program Files\Digital Line

Detect\DLG.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\wkcalrem.exe
C:\Program

Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Nokia\PC Suite for Nokia

7650\connmngmntbox.exe
C:\hellmsn.exe
C:\Program Files\Nokia\PC Suite for Nokia

7650\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.e

xe
C:\Program

Files\Intuwave\Shared\mRouterRunTime\m

RouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROAD

C~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.

exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\IFC Client\My

Documents\Caroline\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.euro.dell...ntries/uk/enu/g

en/default.htm
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.eircom.net
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.eircom.net
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.eircom.net
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6

BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF16

99E1} - C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B0

84872} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082

467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A56

76A7} - C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF0

0B1D6} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD]

C:\Program Files\Microsoft

Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works

Portfolio] C:\Program Files\Microsoft

Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works

Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD]

"C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4]

C:\PROGRA~1\MICROS~4\GAMECO~1\c

ommon\swtrayv4.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program

Files\Thrustmaster\Thrustmapper\TMTMTS

R.exe
O4 - HKLM\..\Run: [USBTA]

C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [WIN32] win32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program

Files\Norton Internet Security\cfgwiz.exe

/GUID

{257BBC47-1B26-432e-9F84-188603799

DD3} /MODE CfgWiz /CMDLINE

"REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe]

C:\Program Files\Norton Internet

Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt]

C:\Program Files\Common Files\Symantec

Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStart

up
O4 - HKLM\..\RunServices: [WIN32]

win32.exe
O4 - HKCU\..\Run: [SpySweeper]

C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [WIN32] win32.exe
O4 - HKCU\..\Run: [MSMSGS]

"C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk

= ?
O4 - Global Startup: Microsoft Works

Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk =

C:\Program

Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup:

PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup:

PCSuiteForNokia7650 TS.lnk = ?
O8 - Extra context menu item: &Add

animation to IncrediMail Style Box -

C:\PROGRA~1\INCRED~1\bin\resources\

WebMenuImg.htm
O8 - Extra context menu item: Send To

&Bluetooth - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 -

{CCA281CA-C863-46ef-9331-5C8D4460

577F} - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem:

@btrez.dll,-4017 -

{CCA281CA-C863-46ef-9331-5C8D4460

577F} - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie.htm
O14 - IERESET.INF:

START_PAGE_URL=http://www.eircom.ne

t
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162E

EEC5} (Symantec RuFSI Utility Class) -

http://security.syma...om/sscv6/Shared

Content/common/bin/cabsa.cab
O16 - DPF:

{A3009861-330C-4E10-822B-39D16EC8

829D} (CRAVOnline Object) -

http://www.ravantivi.../scan/ravonline.

cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{999

13937-AAA8-4BC2-A19F-749C8524DCE

9}: NameServer = 159.134.237.6

159.134.248.17
O23 - Service: Bluetooth Service (btwdins)

- WIDCOMM, Inc. - C:\Program

Files\COMOne\Bluetooth

Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) -

Symantec Corporation - C:\Program

Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus

Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\

SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe



Lexy
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP