Is This Pc Infected?

cromwell_4

By cromwell_4,
in Malware Removal

 Share Followers 0

Recommended Posts

cromwell_4

cromwell_4

Posted
Posted

One of my users had a virtual memory error. Everything looks ok. I have run Spybot and Adaware. Could you please have a quick look at the log below and let me know if there are any issues?

Many thanks for all of your help.

Logfile of HijackThis v1.99.1

Scan saved at 10:04:35, on 29/09/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\floplock.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\program files\notes\ntmulti.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINNT\Explorer.Exe

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UpdaterUI.exe

C:\WINNT\system32\internat.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O1 - Hosts: 170.230.110.20 ocie

O1 - Hosts: 170.230.107.200 ftp.campbellplace.com www.campbellplace.com

O1 - Hosts: 194.118.99.14 GBBSERVER1 KGLHUB01

O1 - Hosts: 213.62.238.230 GBBIPMS

O1 - Hosts: 195.118.243.105 GBCAMP01 GBCAMP01-IP

O1 - Hosts: 195.51.85.1 PUURS

O1 - Hosts: 195.118.243.101 GBBDGM1

O1 - Hosts: 32.77.1.31 DMCAMUS02

O1 - Hosts: 32.77.1.28 DMCAMUS06

O1 - Hosts: 170.230.46.6 DACAMUS04 DACAMUS04.SOUPS.COM

O1 - Hosts: 170.230.115.80 campbellcorner

O1 - Hosts: 213.62.238.15 DMKGLUK01

O1 - Hosts: 195.118.243.108 DHDIEBE01

O1 - Hosts: 195.118.243.100 Y2CAMD00 Y2CAMD00-IP

O1 - Hosts: 194.253.61.57 COMFIERY

O1 - Hosts: 194.253.61.73 GENFIERY

O1 - Hosts: 213.62.238.49 GBBTOWER

O1 - Hosts: 203.8.80.233 DMSYDAU01

O1 - Hosts: 203.8.80.234 DMSYDAU02

O1 - Hosts: 141.94.135.6 FIREWALL1

O1 - Hosts: 141.94.135.4 FIREWALL2

O1 - Hosts: 213.62.238.12 EKGLAPP02

O1 - Hosts: 213.62.238.20 EKGLCMB01

O1 - Hosts: 170.230.105.27 DACAMUS02

O1 - Hosts: 128.1.0.9 S4441272

O1 - Hosts: 128.1.0.10 CBS270

O1 - Hosts: 195.118.243.109 EURAPP01

O1 - Hosts: 213.62.238.11 GBBSERVER2

O1 - Hosts: 213.62.238.23 GBBSQL

O1 - Hosts: 170.230.236.44 GBBCOGNOS

O1 - Hosts: 170.230.113.75 CAMPBELLDW01

O1 - Hosts: 170.230.46.5 DACAMUS03 DACAMUS03.SOUPS.COM

O1 - Hosts: 213.62.238.17 DAKGLUK01

O1 - Hosts: 170.230.185.20 DMASHUK10

O1 - Hosts: 170.230.240.20 DMWORUK10

O1 - Hosts: 170.230.197.20 DMCRAUK10

O1 - Hosts: 213.62.238.30 GBBPSOFT

O1 - Hosts: 213.62.238.40 GBBIPMS2

O1 - Hosts: 213.62.238.5 FIREWALL

O1 - Hosts: 195.118.243.110 EUCAMD00

O1 - Hosts: 170.230.113.75 WHQDWH41

O1 - Hosts: 170.230.104.217 DDACAMUS01

O1 - Hosts: 170.230.240.15 EWORCMB01

O1 - Hosts: 170.230.185.15 EASHCMB01

O1 - Hosts: 170.230.197.50 ECRACMB01

O1 - Hosts: 170.230.191.3 DMDUNFR10

O1 - Hosts: 213.62.238.34 GBBCITRIX

O1 - Hosts: 213.62.238.18 EKGLAPP04

O1 - Hosts: 170.230.185.20 DMASHUK10

O1 - Hosts: 170.230.189.178 DAKARSE01

O1 - Hosts: 170.230.113.149 psacpt PSACPT

O1 - Hosts: 170.230.128.36 DMTORCA01

O1 - Hosts: 170.230.243.9 CAMBOURNE-UNITY

O1 - Hosts: 170.230.243.7 CAMBOURNE-PUB

O1 - Hosts: 170.230.215.123 DMHBUAU10

O1 - Hosts: 170.230.115.101 DMCAMUS12

O1 - Hosts: 170.230.46.11 DMCAMUS10

O1 - Hosts: 213.62.238.25 DGKGLUK01

O1 - Hosts: 170.230.236.42 DMCAMUK10

O1 - Hosts: 170.230.115.80 CAMPBELLCORNER

O1 - Hosts: 195.51.83.8 DMBOUFR10

O1 - Hosts: 170.230.113.198 DCCAMUS01

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - Startup: dg_connect_eukinapp09.bat

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O14 - IERESET.INF: START_PAGE_URL=about:blank

O16 - DPF: Oracle Sales Analyzer 6,4,0 Patch 5 - http://iri.cpgnetwork.co.uk/osaweb/java/osa640.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dccamus01.soups.com/qp2.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dmcamuk10/iNotes6.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://portal.som.cranfield.ac.uk/msc/Port...rces/msddsc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4BD674-3036-4F86-921D-3A2D75D2D051}: NameServer = 170.230.236.46,170.230.236.36

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.com

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exe

O23 - Service: OracleOracle_homeClientCache - Unknown owner - C:\orant\BIN\ONRSD.EXE

O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing