HijackThis Log File
Hey,
If anyone could help with with problems on my system it would be greatly appreciated. Here is my log. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 2:34:12 PM, on 1/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\syshost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Ares Lite Edition\Ares.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au
O1 - Hosts: 69.50.190.26 www.halifax-online.co.uk
O1 - Hosts: 69.50.190.26 ibank.barclays.co.uk
O1 - Hosts: 69.50.190.26 online.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 online-business.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 69.50.190.26 www.nwolb.com
O1 - Hosts: 69.50.190.26 banesnet.banesto.es
O1 - Hosts: 69.50.190.26 extranet.banesto.es
O1 - Hosts: 69.50.190.26 ebanking.bccbrescia.it
O1 - Hosts: 69.50.190.26 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.50.190.26 www.rbsdigital.com
O1 - Hosts: 69.50.190.26 oi.cajamadrid.es
O1 - Hosts: 69.50.190.26 bancae.caixapenedes.com
O1 - Hosts: 69.50.190.26 banking.postbank.de
O1 - Hosts: 69.50.190.26 meine.deutsche-bank.de
O1 - Hosts: 69.50.190.26 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.50.190.26 ibank.cahoot.com
O1 - Hosts: 69.50.190.26 webbank.openplan.co.uk
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [dmbnz.exe] C:\WINDOWS\System32\dmbnz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Ares Lite Edition\My Shared Folder\webroot software, inc - 3 0 0 113 - spy sweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AF1B3EF-1650-4A2F-A158-FDB857B97AAB}: NameServer = 85.255.114.3 85.255.112.90
O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q26069365_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q299290_disk.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
If anyone could help with with problems on my system it would be greatly appreciated. Here is my log. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 2:34:12 PM, on 1/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\syshost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Ares Lite Edition\Ares.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au
O1 - Hosts: 69.50.190.26 www.halifax-online.co.uk
O1 - Hosts: 69.50.190.26 ibank.barclays.co.uk
O1 - Hosts: 69.50.190.26 online.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 online-business.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 69.50.190.26 www.nwolb.com
O1 - Hosts: 69.50.190.26 banesnet.banesto.es
O1 - Hosts: 69.50.190.26 extranet.banesto.es
O1 - Hosts: 69.50.190.26 ebanking.bccbrescia.it
O1 - Hosts: 69.50.190.26 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.50.190.26 www.rbsdigital.com
O1 - Hosts: 69.50.190.26 oi.cajamadrid.es
O1 - Hosts: 69.50.190.26 bancae.caixapenedes.com
O1 - Hosts: 69.50.190.26 banking.postbank.de
O1 - Hosts: 69.50.190.26 meine.deutsche-bank.de
O1 - Hosts: 69.50.190.26 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.50.190.26 ibank.cahoot.com
O1 - Hosts: 69.50.190.26 webbank.openplan.co.uk
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\2.bin\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [dmbnz.exe] C:\WINDOWS\System32\dmbnz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Ares Lite Edition\My Shared Folder\webroot software, inc - 3 0 0 113 - spy sweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AF1B3EF-1650-4A2F-A158-FDB857B97AAB}: NameServer = 85.255.114.3 85.255.112.90
O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q26069365_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q299290_disk.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
0
This discussion has been closed.
Comments
==
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new HijackThis log.