 |  |  |  |  |  |  |  |
Hacktool.rootkit help!
 |
Hello, I have been experiencing various problems on my computer, from random crashing/rebooting to unacceptable latency levels and program malfunctions. After several times trying to run HJT without it freezing up, I produced this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 5:31:58 PM, on 9/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe
I appreciate anything you can do! Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 5:31:58 PM, on 9/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe
I appreciate anything you can do! Thanks!
Hi Rick, welcome to DaniWeb 
Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!) to begin the cleanup process.
When you've finished, close any open browser windows, scan with HijackThis, and post a new log.
Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!) to begin the cleanup process.
When you've finished, close any open browser windows, scan with HijackThis, and post a new log.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Ok, Ive done the checks you've listed, and this is the logfile I get:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:35 AM, on 9/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HJT\HijackThis.exe
C:\WINDOWS\telecable.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe
I looked in the processes tab of my task manager and noticed two programs that run by themselves for about 2 seconds then exit, then run again and exit. The programs never pop up, but they are running as processes. They are notepad.exe and telecable.exe. When those programs are running they suck up 100% of my system usage, accounting for my high latency levels. Just thought I'd mention that. Thanks again for your help <: )
Logfile of HijackThis v1.99.1
Scan saved at 10:24:35 AM, on 9/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\restore.exe
C:\WINDOWS\scmsm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HJT\HijackThis.exe
C:\WINDOWS\telecable.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assist...mpaign=wdz0605
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - Default URLSearchHook is missing
O1 - Hosts: 128.250.24.84 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 128.250.24.84 www3.aibgbonline.co.uk
O1 - Hosts: 128.250.24.84 www.bank.alliance-leicester.co.uk
O1 - Hosts: 128.250.24.84 login.iblogin.com
O1 - Hosts: 128.250.24.84 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 128.250.24.84 inet.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.barclays.co.uk
O1 - Hosts: 128.250.24.84 iibank.cahoot.com
O1 - Hosts: 128.250.24.84 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 128.250.24.84 ww.hsbc.co.uk
O1 - Hosts: 128.250.24.84 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 128.250.24.84 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 128.250.24.84 ob2.nationet.com
O1 - Hosts: 128.250.24.84 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 128.250.24.84 ww1.nwolb.com
O1 - Hosts: 128.250.24.84 ww1.onlinebanking.iombank.com
O1 - Hosts: 128.250.24.84 ww1.www.rbsdigital.com
O1 - Hosts: 128.250.24.84 welcome.smile.co.uk
O1 - Hosts: 128.250.24.84 login.365online.com
O1 - Hosts: 128.250.24.84 wvw.citizensbankonline.com
O1 - Hosts: 128.250.24.84 esecure.regionsnet.com
O1 - Hosts: 128.250.24.84 rollb.associatedbank.com
O1 - Hosts: 128.250.24.84 upb.unionplanters.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.huntington.com
O1 - Hosts: 128.250.24.84 inet.southtrustonlinebanking.com
O1 - Hosts: 128.250.24.84 logon.personal.wamu.com
O1 - Hosts: 128.250.24.84 login.compassweb.com
O1 - Hosts: 128.250.24.84 logon.firstmeritib.com
O1 - Hosts: 128.250.24.84 login.ccfcuonline.org
O1 - Hosts: 128.250.24.84 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 128.250.24.84 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 128.250.24.84 wvw.totallyfreebanking.com
O1 - Hosts: 128.250.24.84 www.online.wellsfargo.com
O1 - Hosts: 128.250.24.84 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 128.250.24.84 accounts4.keybank.com
O1 - Hosts: 128.250.24.84 logon.bankone.com
O1 - Hosts: 128.250.24.84 www.secure.tdbanknorth.com
O1 - Hosts: 128.250.24.84 www.secure.mvnt4.com
O1 - Hosts: 128.250.24.84 ww.mynfbonline.com
O1 - Hosts: 128.250.24.84 login.forumcuonline.com
O1 - Hosts: 128.250.24.84 www.eds.usersonlnet.com
O1 - Hosts: 128.250.24.84 www.onlineid.bankofamerica.com
O1 - Hosts: 128.250.24.84 wvw.e-gold.com
O1 - Hosts: 128.250.24.84 pcbs.peoples.com
O1 - Hosts: 128.250.24.84 www.global1.onlinebank.com
O1 - Hosts: 128.250.24.84 ww2.mybranch.lafcu.com
O1 - Hosts: 128.250.24.84 login.webbanking.comerica.com
O1 - Hosts: 128.250.24.84 web.banking.firsttennessee.com
O1 - Hosts: 128.250.24.84 logon.members1st.org
O1 - Hosts: 128.250.24.84 www.cib.ibanking-services.com
O1 - Hosts: 128.250.24.84 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 128.250.24.84 wvw.paypal.com
O1 - Hosts: 128.250.24.84 www.signin.ebay.com
O1 - Hosts: 128.250.24.84 wvw.etrade.com
O1 - Hosts: 128.250.24.84 ww4.fleethomelink.fleet.com
O1 - Hosts: 128.250.24.84 ww3.connect.skyfi.com
O1 - Hosts: 128.250.24.84 www6.usbank.com
O1 - Hosts: 128.250.24.84 www.bvi.bancodevalencia.es
O1 - Hosts: 128.250.24.84 extrant.banesto.es
O1 - Hosts: 128.250.24.84 banesnt.banesto.es
O1 - Hosts: 128.250.24.84 activia.caixagalicia.es
O1 - Hosts: 128.250.24.84 www.bancae.caixapenedes.com
O1 - Hosts: 128.250.24.84 login.caixasabadell.net
O1 - Hosts: 128.250.24.84 oii.cajamadrid.es
O1 - Hosts: 128.250.24.84 login.cajamar.es
O1 - Hosts: 128.250.24.84 login.ccm.es
O1 - Hosts: 128.250.24.84 ww.unicaja.es
O1 - Hosts: 128.250.24.84 www5.bancopopular.es
O1 - Hosts: 128.250.24.84 ww3.bbvanet.com
O1 - Hosts: 128.250.24.84 ww.bayernlb.de
O1 - Hosts: 128.250.24.84 ww2.berliner-volksbank.de
O1 - Hosts: 128.250.24.84 ww7.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 portal09.commerzbanking.de
O1 - Hosts: 128.250.24.84 www.meine.deutsche-bank.de
O1 - Hosts: 128.250.24.84 ww2.dresdner-privat.de
O1 - Hosts: 128.250.24.84 ww.e-banking.helaba.de
O1 - Hosts: 128.250.24.84 ww.hsh-nordbank.de
O1 - Hosts: 128.250.24.84 www.my.hypovereinsbank.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-berlin.de
O1 - Hosts: 128.250.24.84 www.banking.lbbw.de
O1 - Hosts: 128.250.24.84 lrp.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww3.homebanking-niedersachsen.de
O1 - Hosts: 128.250.24.84 www.onlinebanking.norisbank.de
O1 - Hosts: 128.250.24.84 www.banking.postbank.de
O1 - Hosts: 128.250.24.84 wvw.internetbanking.gad.de
O1 - Hosts: 128.250.24.84 ww1.portal.izb.de
O1 - Hosts: 128.250.24.84 wvw.kunden-service.lbs.de
O1 - Hosts: 128.250.24.84 ibanking.seb.de
O1 - Hosts: 128.250.24.84 bw7.sparkasse-banking.de
O1 - Hosts: 128.250.24.84 ww2.homebanking-sparkasse.de
O1 - Hosts: 128.250.24.84 ww2.vr-networld-ebanking.de
O1 - Hosts: 128.250.24.84 ww.bics.fr
O1 - Hosts: 128.250.24.84 www.co.caixabank.fr
O1 - Hosts: 128.250.24.84 ww.creditmutuel.fr
O1 - Hosts: 128.250.24.84 internetbank.intesabci.it
O1 - Hosts: 128.250.24.84 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Java Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\java.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124917979545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125500101436
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: restore - Unknown owner - C:\WINDOWS\restore.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: telecable - Unknown owner - C:\WINDOWS\telecable.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wordpad - Unknown owner - C:\WINDOWS\wordpad.exe
I looked in the processes tab of my task manager and noticed two programs that run by themselves for about 2 seconds then exit, then run again and exit. The programs never pop up, but they are running as processes. They are notepad.exe and telecable.exe. When those programs are running they suck up 100% of my system usage, accounting for my high latency levels. Just thought I'd mention that. Thanks again for your help <: )
|
Similar Threads
- Hacktool.rootkit -how do get rid of it (Viruses, Spyware and other Nasties)
- Hacktool.rootkit virus in WinXP (Viruses, Spyware and other Nasties)
- Unable to get rid of Hacktool.rootkit virus(/Trojan) (Viruses, Spyware and other Nasties)
- Need help with "trojan.hacktool.rootkit" PLEASE!!! (Viruses, Spyware and other Nasties)
- Unable to completely remove HackTool.Rootkit virus (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Where can I find adware/spyware?
- Next Thread: hijack for viewing plz
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday