Haxdoor-H and maybe something else?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tk421

Thread Starter
Joined
Jan 14, 2005
Messages
30
Hi!


I ran Spybot numerous times, and it looks like teh Hxdoor spyware just cannot be removed byt it alone. It seems that my computer is a LOT slower tha it used to be. Note that my browser is not redirected anywhere at all. It's the slugginess that made me suspect that there was something fishy going on. There might be something else that is infected, I am not so sure now. Anyway, please let me know what I should do!


I ran the latest version of HiJack this, and this is my log:



Logfile of HijackThis v1.99.1
Scan saved at 12:28:16, on 2005-07-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\FTP\No-IP\DUC20.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Quicktime\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\palmOne\RepliGo\RepliGoMon.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Replay Radio 5\ReplayRadio.exe
C:\Program Files\Handy Backup\hbagent.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\WINDOWS\system32\new\lsass.exe
C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Cleaners\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJack this\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\palmOne\RepliGo\RepliGoIEHelper.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\justDo\Jd2002.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\palmOne\RepliGo\RepliGoIEBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Internet Timer 3] C:\PROGRA~1\INTERN~3\Intern~1.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashSaver] C:\Program Files\Flash Saver 4.5\flashsaver.EXE
O4 - HKLM\..\Run: [Nitro5x] c:\nitro5x\nitro5x.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\Quicktime\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\palmOne\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Replay Radio] "C:\Program Files\Replay Radio 5\ReplayRadio.exe" -quiet
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\Program Files\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1
O4 - Startup: HandStory.lnk = C:\Program Files\palmOne\HandStory.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\FTP\No-IP\DUC20.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Timex Trainer Launcher.lnk = ?
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm
O8 - Extra context menu item: &Save To Palm - C:\Program Files\palmOne\HandStoryME.htm
O8 - Extra context menu item: C&lip To Palm - C:\Program Files\palmOne\HandStoryMEC.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: ハイライト - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: ページ内の全てのリンクを開く... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: 同じサーバーの全ての画像をブロックする - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: 広告抑止リストに追加 - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: 検索 - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm
O9 - Extra button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Program Files\palmOne\HandStoryTE.htm
O9 - Extra 'Tools' menuitem: &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Program Files\palmOne\HandStoryTE.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\justDo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm one\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm one\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9936854-14DC-4BD5-BAC6-10333850F5EA}: NameServer = 206.47.244.91 206.47.244.50
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\FTP\No-IP\DUC20.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\new\lsass.exe" /service (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe" -service (file missing)



Thanks in advance for the help!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top