[lexy28]

Hi, I'm wondering if anyone can help me. My computer has been infected with the Hellmsn virus. Any help/advise you can give me would be greatly appreciated. My Hijacklog is as follows

Logfile of HijackThis v1.99.1
Scan saved at 15:45:12, on 28/05/05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00

(6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\COMOne\Bluetooth

Software\bin\btwdins.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\c

ommon\swtrayv4.exe
C:\Program

Files\Thrustmaster\Thrustmapper\TMTMTS

R.exe
C:\WINDOWS\System32\usbtapnp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\COMOne\Bluetooth

Software\BTTray.exe
C:\Program Files\Digital Line

Detect\DLG.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\wkcalrem.exe
C:\Program

Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Nokia\PC Suite for Nokia

7650\connmngmntbox.exe
C:\hellmsn.exe
C:\Program Files\Nokia\PC Suite for Nokia

7650\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.e

xe
C:\Program

Files\Intuwave\Shared\mRouterRunTime\m

RouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROAD

C~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.

exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\IFC Client\My

Documents\Caroline\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.euro.dell...ntries/uk/enu/g

en/default.htm
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.eircom.net
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.eircom.net
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.eircom.net
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6

BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF16

99E1} - C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B0

84872} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082

467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A56

76A7} - C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF0

0B1D6} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD]

C:\Program Files\Microsoft

Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works

Portfolio] C:\Program Files\Microsoft

Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works

Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD]

"C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4]

C:\PROGRA~1\MICROS~4\GAMECO~1\c

ommon\swtrayv4.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program

Files\Thrustmaster\Thrustmapper\TMTMTS

R.exe
O4 - HKLM\..\Run: [USBTA]

C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [WIN32] win32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program

Files\Norton Internet Security\cfgwiz.exe

/GUID

{257BBC47-1B26-432e-9F84-188603799

DD3} /MODE CfgWiz /CMDLINE

"REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe]

C:\Program Files\Norton Internet

Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt]

C:\Program Files\Common Files\Symantec

Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStart

up
O4 - HKLM\..\RunServices: [WIN32]

win32.exe
O4 - HKCU\..\Run: [SpySweeper]

C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [WIN32] win32.exe
O4 - HKCU\..\Run: [MSMSGS]

"C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk

= ?
O4 - Global Startup: Microsoft Works

Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk =

C:\Program

Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup:

PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup:

PCSuiteForNokia7650 TS.lnk = ?
O8 - Extra context menu item: &Add

animation to IncrediMail Style Box -

C:\PROGRA~1\INCRED~1\bin\resources\

WebMenuImg.htm
O8 - Extra context menu item: Send To

&Bluetooth - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 -

{CCA281CA-C863-46ef-9331-5C8D4460

577F} - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem:

@btrez.dll,-4017 -

{CCA281CA-C863-46ef-9331-5C8D4460

577F} - C:\Program

Files\COMOne\Bluetooth

Software\btsendto_ie.htm
O14 - IERESET.INF:

START_PAGE_URL=http://www.eircom.ne

t
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162E

EEC5} (Symantec RuFSI Utility Class) -

http://security.syma...om/sscv6/Shared

Content/common/bin/cabsa.cab
O16 - DPF:

{A3009861-330C-4E10-822B-39D16EC8

829D} (CRAVOnline Object) -

http://www.ravantivi.../scan/ravonline.

cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{999

13937-AAA8-4BC2-A19F-749C8524DCE

9}: NameServer = 159.134.237.6

159.134.248.17
O23 - Service: Bluetooth Service (btwdins)

- WIDCOMM, Inc. - C:\Program

Files\COMOne\Bluetooth

Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) -

Symantec Corporation - C:\Program

Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus

Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\

SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe



Lexy

[Advertisements]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Kat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.