Jump to content
Sign in to follow this  
jinja1

Last Couple Of Things

Recommended Posts

I've been through the 'trauma' before of having received (unwillingly) 180 Search Assistant and all its infectious junk. Having borrowed a laptop for some work, the same has happened. Managed to get rid of most with SpyBot & AdAware & CWShredder & TrojanHunter. This is what's left. Appreciate any help. :help:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:30:58, on 27/03/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\userinit32.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Share this post


Link to post
Share on other sites

Sorry about the delay. Writing this from another computer as logging back on to run those prgrams has infested the computer even more than before.

 

Will only be able to run 2 of them and will repost soon.

Share this post


Link to post
Share on other sites

May have to post a couple of times here.

 

First = results of check with E-Trust Anti-Virus Scanner:

 

Scan Results: 15261 files scanned. 23 viruses were detected.

 

File Infection Status Path

 

ei.exe.tcf Win32.Prutec!downloader

infected C:\Documents and Settings\user\Local Settings\Temp\

 

istsvc.exe Win32.SillyDl.JD

infected C:\Documents and Settings\user\Local Settings\Temp\

 

sixtypopsix[1].exe Win32.Secdrop.EH

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\

 

v3cab[1].cab Win32.SillyDl.GY!CAB

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\

 

pi1_25[1].exe Win32.Prutec

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\

 

istsvc[1].exe Win32.SillyDl.JD

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

pi[1].exe Win32.Prutec

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

thin-143-1-x-x[1].exe Win32.BettInet

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

ei[1].exe Win32.Prutec!downloader

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\

 

js[2].htm JS.SillyDlScript.C

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\

 

IeBHOs.dll Win32.Prutec!downloader

infected C:\Program Files\E2G\

 

istsvc.exe Win32.SillyDl.JD

infected C:\Program Files\ISTsvc\

 

MediaAccess.exe Win32.SillyDl.HZ

infected C:\Program Files\Media Access\

 

hbqgm.exe Win32.SillyDl.JC

infected C:\WINDOWS\

 

kan.reg REG.Secdrop

infected C:\WINDOWS\

 

kansu.reg REG.Secdrop

infected C:\WINDOWS\

 

kansy.reg REG.Secdrop

infected C:\WINDOWS\

 

kany.reg REG.Secdrop

infected C:\WINDOWS\

 

pi1_25.exe Win32.Prutec

infected C:\WINDOWS\

 

sixtypopsix.exe Win32.Secdrop.EH

infected C:\WINDOWS\

 

istrecover[1].exe Win32.SillyDl.JC

infected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\

 

istsvc[1].exe Win32.SillyDl.JD

infected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\

 

hpsebc08.exe Win32.Seenbot.T

infected C:\WINDOWS\system32\

Share this post


Link to post
Share on other sites

2nd = from the Panda Scan (in 2 parts on this forum as it's too long to post in one go):

 

Panda ActiveScan

 

 

Incident Status Location

 

Virus:Bck/Small.HI Disinfected Operating system

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccK.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll

Virus:Trj/Agent.HJ No disinfected Operating system

Spyware:Spyware/YourSiteBar No disinfected C:\PROGRA~1\YOURSI~1\ysb.dll

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwra.exe

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwrd\ukwrc.dll

Adware:Adware/nCase No disinfected C:\Program Files\180solutions

Spyware:Spyware/AdClicker No disinfected Windows Registry

Spyware:Spyware/Dyfuca No disinfected C:\DOCUME~1\user\LOCALS~1\Temp\optimize.exe

Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe

Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan

Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe

Adware:Adware/CWS No disinfected C:\Documents and Settings\user\Favorites\Fun & Games\Betting.lnk

Adware:Adware/BHO No disinfected Windows Registry

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\System32\nsvsvc\nsv.ocx

Spyware:Spyware/Roing No disinfected Windows Registry

Adware:Adware/SideFind No disinfected C:\Program Files\SideFind

Spyware:Spyware/Media-motor No disinfected Windows Registry

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access

Adware:Adware/E2Give No disinfected C:\Program Files\E2G

Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar

Spyware:Spyware/SurfSideKick No disinfected Windows Registry

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\GLF10GLF10.EXE

Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\user\Local Settings\Temp\i15.tmp

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\istsvc.exe

Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\user\Local Settings\Temp\optimize.exe

Adware:Adware/PowerScan No disinfected C:\Documents and Settings\user\Local Settings\Temp\powerscan.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\rcbq75.exe

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\sidefind.exe

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\targetsaver.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\YWopTA.exe

Virus:Trj/Agent.HJ Disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\sixtypopsix[1].exe

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\v3cab[1].cab[v3.dll]

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\v3cab[1].cab[v3cab.inf]

Adware:Adware/nCase No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\180ax[1].exe

Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\mm15201518.Stub[1].exe

Adware:Adware/PurityScan No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\mtrslib2[1].js

Virus:Trj/Small.FE Disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\pi1_25[1].exe

Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\sskb5[1].exe

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab[mm63.INF]

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab[mm63.ocx]

Share this post


Link to post
Share on other sites

Panda Part 2:

 

Virus:Trj/LowZones.BB No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\io[1].exe[kany.reg]

Virus:Trj/LowZones.BB No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\io[1].exe[kansy.reg]

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\istsvc[1].exe

Adware:Adware/Transponder No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\thin-143-1-x-x[1].exe

Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\CAO921LU.HTM

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\sfbho13[1].dll

Adware:Adware/Atlas No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\Switp_bund_ar14[1].exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\ysb_regular[1].cab[ysbactivex.dll]

Virus:Trj/LowZones.BB No disinfected C:\oi.exe[kany.reg]

Virus:Trj/LowZones.BB No disinfected C:\oi.exe[kansy.reg]

Adware:Adware/Zango No disinfected C:\Program Files\180Solutions\sais.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwra.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwrd\ukwrc.dll

Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\ukwr\ukwrl.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwrm.exe

Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\ukwr\ukwrp.exe

Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe

Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccK.exe

Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan\powerscan.exe

Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sfbho.dll

Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar\ysb.dll

Virus:Trj/LowZones.BB No disinfected C:\RECYCLER\S-1-5-21-1547161642-113007714-1060284298-1003\Dc1111.tcf[kan.reg]

Virus:Trj/LowZones.BB No disinfected C:\RECYCLER\S-1-5-21-1547161642-113007714-1060284298-1003\Dc1111.tcf[kansu.reg]

Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.exe.tcf

Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\mm63.INF

Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\mm63.ocx

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\hbqgm.exe

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kan.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kansu.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kansy.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kany.reg

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\mm15201518.Stub.exe

Virus:Trj/Small.FE Disinfected C:\WINDOWS\pi1_25.exe

Adware:Adware/nCase No disinfected C:\WINDOWS\pknqz.exe

Virus:Trj/Agent.HJ Disinfected C:\WINDOWS\sixtypopsix.exe

Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\sskb5.exe

Adware:Adware/Atlas No disinfected C:\WINDOWS\Switp_bund_ar14.exe

Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8VWF61CJ\istdownload[1].exe

Adware:Adware/SideFind No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I7QBGH4D\sidefind[1].exe

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\istbarcm[1].dll

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\istrecover[1].exe

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\istsvc[1].exe

Adware:Adware/SideFind No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\targetsaver[1].exe

Virus:W32/Sdbot.CMA.worm Disinfected C:\WINDOWS\system32\hpsebc08.exe

Virus:Bck/Small.HI Disinfected C:\WINDOWS\system32\hwclock.exe

Virus:Trj/Drp.Juntador.B Disinfected C:\WINDOWS\system32\msua.exe

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe

Virus:W32/Gaobot.DMC.worm Disinfected C:\WINDOWS\system32\userinit32.exe

Share this post


Link to post
Share on other sites

AND FINALLY...

 

The Hijack This log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:47:56, on 31/03/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\hbqgm.exe

C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

C:\WINDOWS\System32\picsvr\picsvr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\PROGRA~1\COMMON~1\ukwr\ukwra.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\PROGRA~1\COMMON~1\ukwr\ukwrl.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ukwr] C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...Bridge-c139.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Share this post


Link to post
Share on other sites

this is a reposted log as the first has been dormant for a while and this is a borrowed comp that I'm trying to fix.

 

First = results of check with E-Trust Anti-Virus Scanner:

 

Scan Results: 15261 files scanned. 23 viruses were detected.

 

File Infection Status Path

 

ei.exe.tcf Win32.Prutec!downloader

infected C:\Documents and Settings\user\Local Settings\Temp\

 

istsvc.exe Win32.SillyDl.JD

infected C:\Documents and Settings\user\Local Settings\Temp\

 

sixtypopsix[1].exe Win32.Secdrop.EH

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\

 

v3cab[1].cab Win32.SillyDl.GY!CAB

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\

 

pi1_25[1].exe Win32.Prutec

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\

 

istsvc[1].exe Win32.SillyDl.JD

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

pi[1].exe Win32.Prutec

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

thin-143-1-x-x[1].exe Win32.BettInet

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\

 

ei[1].exe Win32.Prutec!downloader

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\

 

js[2].htm JS.SillyDlScript.C

infected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\

 

IeBHOs.dll Win32.Prutec!downloader

infected C:\Program Files\E2G\

 

istsvc.exe Win32.SillyDl.JD

infected C:\Program Files\ISTsvc\

 

MediaAccess.exe Win32.SillyDl.HZ

infected C:\Program Files\Media Access\

 

hbqgm.exe Win32.SillyDl.JC

infected C:\WINDOWS\

 

kan.reg REG.Secdrop

infected C:\WINDOWS\

 

kansu.reg REG.Secdrop

infected C:\WINDOWS\

 

kansy.reg REG.Secdrop

infected C:\WINDOWS\

 

kany.reg REG.Secdrop

infected C:\WINDOWS\

 

pi1_25.exe Win32.Prutec

infected C:\WINDOWS\

 

sixtypopsix.exe Win32.Secdrop.EH

infected C:\WINDOWS\

 

istrecover[1].exe Win32.SillyDl.JC

infected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\

 

istsvc[1].exe Win32.SillyDl.JD

infected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\

 

hpsebc08.exe Win32.Seenbot.T

infected C:\WINDOWS\system32\

Share this post


Link to post
Share on other sites

2nd = from the Panda Scan (in 2 parts on this forum as it's too long to post in one go):

 

Panda ActiveScan

 

 

Incident Status Location

 

Virus:Bck/Small.HI Disinfected Operating system

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccK.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll

Virus:Trj/Agent.HJ No disinfected Operating system

Spyware:Spyware/YourSiteBar No disinfected C:\PROGRA~1\YOURSI~1\ysb.dll

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwra.exe

Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\ukwr\ukwrd\ukwrc.dll

Adware:Adware/nCase No disinfected C:\Program Files\180solutions

Spyware:Spyware/AdClicker No disinfected Windows Registry

Spyware:Spyware/Dyfuca No disinfected C:\DOCUME~1\user\LOCALS~1\Temp\optimize.exe

Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe

Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan

Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe

Adware:Adware/CWS No disinfected C:\Documents and Settings\user\Favorites\Fun & Games\Betting.lnk

Adware:Adware/BHO No disinfected Windows Registry

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\System32\nsvsvc\nsv.ocx

Spyware:Spyware/Roing No disinfected Windows Registry

Adware:Adware/SideFind No disinfected C:\Program Files\SideFind

Spyware:Spyware/Media-motor No disinfected Windows Registry

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access

Adware:Adware/E2Give No disinfected C:\Program Files\E2G

Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar

Spyware:Spyware/SurfSideKick No disinfected Windows Registry

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\GLF10GLF10.EXE

Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\user\Local Settings\Temp\i15.tmp

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\istsvc.exe

Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\user\Local Settings\Temp\optimize.exe

Adware:Adware/PowerScan No disinfected C:\Documents and Settings\user\Local Settings\Temp\powerscan.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\rcbq75.exe

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\sidefind.exe

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temp\targetsaver.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temp\YWopTA.exe

Virus:Trj/Agent.HJ Disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\sixtypopsix[1].exe

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\v3cab[1].cab[v3.dll]

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0T2B89Q3\v3cab[1].cab[v3cab.inf]

Adware:Adware/nCase No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\180ax[1].exe

Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\mm15201518.Stub[1].exe

Adware:Adware/PurityScan No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\mtrslib2[1].js

Virus:Trj/Small.FE Disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\pi1_25[1].exe

Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GXDD2MSX\sskb5[1].exe

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab[mm63.INF]

Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\alien[1].cab[mm63.ocx]

Share this post


Link to post
Share on other sites

Panda Part 2:

 

Virus:Trj/LowZones.BB No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\io[1].exe[kany.reg]

Virus:Trj/LowZones.BB No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\io[1].exe[kansy.reg]

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\istsvc[1].exe

Adware:Adware/Transponder No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I19N1IGT\thin-143-1-x-x[1].exe

Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\CAO921LU.HTM

Adware:Adware/SideFind No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\sfbho13[1].dll

Adware:Adware/Atlas No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\Switp_bund_ar14[1].exe

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\VFUVB1B1\ysb_regular[1].cab[ysbactivex.dll]

Virus:Trj/LowZones.BB No disinfected C:\oi.exe[kany.reg]

Virus:Trj/LowZones.BB No disinfected C:\oi.exe[kansy.reg]

Adware:Adware/Zango No disinfected C:\Program Files\180Solutions\sais.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwra.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwrd\ukwrc.dll

Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\ukwr\ukwrl.exe

Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\ukwr\ukwrm.exe

Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\ukwr\ukwrp.exe

Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe

Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe

Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccK.exe

Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan\powerscan.exe

Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sfbho.dll

Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar\ysb.dll

Virus:Trj/LowZones.BB No disinfected C:\RECYCLER\S-1-5-21-1547161642-113007714-1060284298-1003\Dc1111.tcf[kan.reg]

Virus:Trj/LowZones.BB No disinfected C:\RECYCLER\S-1-5-21-1547161642-113007714-1060284298-1003\Dc1111.tcf[kansu.reg]

Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.exe.tcf

Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\mm63.INF

Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\mm63.ocx

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\hbqgm.exe

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kan.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kansu.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kansy.reg

Virus:Trj/LowZones.BB Disinfected C:\WINDOWS\kany.reg

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\mm15201518.Stub.exe

Virus:Trj/Small.FE Disinfected C:\WINDOWS\pi1_25.exe

Adware:Adware/nCase No disinfected C:\WINDOWS\pknqz.exe

Virus:Trj/Agent.HJ Disinfected C:\WINDOWS\sixtypopsix.exe

Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\sskb5.exe

Adware:Adware/Atlas No disinfected C:\WINDOWS\Switp_bund_ar14.exe

Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8VWF61CJ\istdownload[1].exe

Adware:Adware/SideFind No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I7QBGH4D\sidefind[1].exe

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\istbarcm[1].dll

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVCX2Z6B\istrecover[1].exe

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\istsvc[1].exe

Adware:Adware/SideFind No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SFED07MD\targetsaver[1].exe

Virus:W32/Sdbot.CMA.worm Disinfected C:\WINDOWS\system32\hpsebc08.exe

Virus:Bck/Small.HI Disinfected C:\WINDOWS\system32\hwclock.exe

Virus:Trj/Drp.Juntador.B Disinfected C:\WINDOWS\system32\msua.exe

Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe

Virus:W32/Gaobot.DMC.worm Disinfected C:\WINDOWS\system32\userinit32.exe

Share this post


Link to post
Share on other sites

AND FINALLY...

 

The Hijack This log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:47:56, on 31/03/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\hbqgm.exe

C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

C:\WINDOWS\System32\picsvr\picsvr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\PROGRA~1\COMMON~1\ukwr\ukwra.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\PROGRA~1\COMMON~1\ukwr\ukwrl.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ukwr] C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...Bridge-c139.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Share this post


Link to post
Share on other sites

Hi jinja1,

 

Open HijackThis, run a scan and check these items:

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

 

O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\Run: [ukwr] C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

 

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...Bridge-c139.cab

 

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

 

Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

 

Then,reboot in Safe mode. To reboot in Safe mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

 

You will need to configure Windows XP to show all files and folders.

1. Open My Computer.

2.Select the Tools menu and click Folder Options.

3. Select the View Tab.

4.Under the Hidden files and folders heading select Show hidden files and folders.

5.Uncheck the Hide protected operating system files (recommended) option.

6.Click Yes to confirm.

7.Click OK.

 

Then, delete these files:

C:\WINDOWS\hbqgm.exe

c:\windows\180ax.exe

 

Then, delete these folders:

C:\WINDOWS\System32\nsvsvc

C:\WINDOWS\System32\picsvr

C:\PROGRA~1\COMMON~1\ukwr

 

Then, search for these files and delete them:

userinit32.exe

hpsebc08.exe

 

Then, delete Temp Files. To delete temp files:

Click on Start and then run, and type %temp% and press the ok button.

 

This should open up the temp directory that your machine uses. Please delete all files that are found there.

 

Do this same process for %windir%\temp.

 

Then, delete Temporary Internet Files. To delete Temporary Internet Files:

Open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

 

Then,reboot (in the normal mode) and post a new log in this thread.

Edited by tj416

Share this post


Link to post
Share on other sites

OK, I've done all you said and here's the new log:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:31:08, on 09/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

 

 

 

Hope it's clean now.

:unsure::unsure:

Share this post


Link to post
Share on other sites

Hi jinja1,

 

The 023 seems to be persistant. To remove it:

  • Click Start>Run.
  • Type in services.msc.
  • Scroll down till you find a entry with Hardware Clock Driver as its Display Name.
  • Right-click it and select Stop.
  • Double click that entry and under the General tab, select Disabled under "Startup type:".
  • Click Ok.
  • Open HijackThis.
  • Click the Config button.
  • Click the Misc Tools button.
  • Select Delete an NT service.
  • Copy and paste the following into the box:

    hwclock

  • Click Ok.
Then, reboot and post a fresh HijackThis log.

Share this post


Link to post
Share on other sites

Done.

 

Here's the latest log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:09:15, on 13/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

 

 

 

I'm still getting 3 things through SpyBot: 1 is an error message in German; 1 is about ISearchFind; and 1 is about n-case. Mean anything?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:09:15, on 13/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

 

 

 

I'm still getting 3 things through SpyBot: 1 is an error message in German; 1 is about ISearchFind; and 1 is about n-case. Mean anything?

Share this post


Link to post
Share on other sites

Hi jinja1,

 

MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet. Please go to

Microsoft Windows and Internet Explorer Updates to get the critical updates. Then, post a fresh HijackThis log.

Edited by tj416

Share this post


Link to post
Share on other sites

OK, did that. How often do you recommend doing those Windows Updates?

 

Here's the latest (and hopefully final) log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:10:23, on 20/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\Documents and Settings\user\My Documents\SpyWare Tools\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patana.ac.th/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.6:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.patana.ac.th; 172.17.2.155; mail1.patana.ac.th;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113973588957

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85DFB1B0-23FD-48FA-8DC3-3AA2EE55FBF3}: NameServer = 172.17.5.252,172.17.5.253

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Share this post


Link to post
Share on other sites

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

This shows that your version of Windows and IE is outdated.

 

Try fixing the following entry and then try running Windows Update:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113973588957

 

Thanks,

TJ

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...