DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Hacktool.rootkit help! (http://www.daniweb.com/forums/thread31854.html)

Rick James Sep 6th, 2005 7:33 pm
Hacktool.rootkit help!
 
Hello, I have been experiencing various problems on my computer, from random crashing/rebooting to unacceptable latency levels and program malfunctions. After several times trying to run HJT without it freezing up, I produced this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 5:31:58 PM, on 9/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe

I appreciate anything you can do! Thanks!

dlh6213 Sep 7th, 2005 12:43 am
Re: Hacktool.rootkit help!
 
Hi Rick, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!) to begin the cleanup process.

When you've finished, close any open browser windows, scan with HijackThis, and post a new log.

Rick James Sep 7th, 2005 12:30 pm
Re: Hacktool.rootkit help!
 
Ok, Ive done the checks you've listed, and this is the logfile I get:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:35 AM, on 9/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HJT\HijackThis.exe
C:\WINDOWS\telecable.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe

I looked in the processes tab of my task manager and noticed two programs that run by themselves for about 2 seconds then exit, then run again and exit. The programs never pop up, but they are running as processes. They are notepad.exe and telecable.exe. When those programs are running they suck up 100% of my system usage, accounting for my high latency levels. Just thought I'd mention that. Thanks again for your help <: )


All times are GMT -4. The time now is 6:29 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC