bloodhound exploit 6

  1. 13-12-2004  #1
    peter the piper
    peter the piper is offline Junior Member

    bloodhound exploit 6

    Just after I deleted Windows messenger(Daughters) Nortons flagged up Bloodhound.exploit.6. It could not remove it anf forwarded me to M.S site to download patch for IE6. did so would not run patch as no version 6 installed. Wrong. Having run all the usual updated progs, Ad-aware etc with no result I'm beginning to wonder is this a false result from Nortons? Panda online scan won't run because it dosn't recognise firefox.

    Win XP,Wireless router/modem, Nortons Firewall/virusscanner, Adaware, Spybot, Spywareblaster, Ccleaner, etc
    Hijack log below, thank you for all the help you can give me.
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\tblmouse.exe
    D:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    D:\Program Files\TotRecSched.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    D:\program files\qttask.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    D:\Program Files\SSC Service Utility\ssc_serv.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    D:\Program Files\Desktop Calendar\Desktop Calendar.exe
    C:\Program Files\Tweak-XP\popup.exe
    C:\PROGRA~1\ashampoo\ASHAMP~1\PopUpKiller.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Tweak-XP\blads.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
    d:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Wt32exe.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    D:\Program Files\Norton Internet Security Professional\NISSERV.EXE
    D:\Program Files\Norton Internet Security Professional\SymPxSvc.exe
    d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Norton Internet Security Professional\ATRACK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\user\Desktop\cleanup tools\hijackthis-1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
    O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Program Files\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [SSC Service Utility] D:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
    O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [Desktop Calendar] D:\Program Files\Desktop Calendar\Desktop Calendar.exe
    O4 - HKCU\..\Run: [Pop-Up-Blocker] C:\Program Files\Tweak-XP\popup.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\ashampoo\ASHAMP~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/regi...upportutil.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

  3. 14-12-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Thats a clean log from what I can see. Could you post the entire log please including the header. Thanks.
  4. 15-12-2004  #3
    peter the piper
    peter the piper is offline Junior Member
    Thanks for looking at my post, I enclose the current log with headers as requested. I was able to get Panda to do an online scan which showed 4 files and 1 message removed.
    Logfile of HijackThis v1.98.2
    Scan saved at 0858, on 15/12/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    d:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Wt32exe.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    D:\Program Files\Norton Internet Security Professional\NISSERV.EXE
    D:\Program Files\Norton Internet Security Professional\SymPxSvc.exe
    d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\TBPanel.exe
    C:\WINDOWS\System32\tblmouse.exe
    D:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    D:\Program Files\TotRecSched.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    D:\program files\qttask.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    D:\Program Files\SSC Service Utility\ssc_serv.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    D:\Program Files\Desktop Calendar\Desktop Calendar.exe
    C:\Program Files\Tweak-XP\popup.exe
    C:\PROGRA~1\ashampoo\ASHAMP~1\PopUpKiller.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Tweak-XP\blads.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Norton Internet Security Professional\ATRACK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\user\Desktop\cleanup tools\hijackthis-1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
    O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Program Files\TotRecSched.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [SSC Service Utility] D:\Program Files\SSC Service Utility\ssc_serv.exe /s
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
    O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [Desktop Calendar] D:\Program Files\Desktop Calendar\Desktop Calendar.exe
    O4 - HKCU\..\Run: [Pop-Up-Blocker] C:\Program Files\Tweak-XP\popup.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\ashampoo\ASHAMP~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/regi...upportutil.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
  5. 15-12-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    I suggest your upgrade Windows from http://windowsupdate.microsoft.com. You need Windows XP Service Pack 2.
  6. 17-12-2004  #5
    spy_hunter444@hotmail.com
    spy_hunter444@hotmail.com is offline Newbie
    Hey Peter,

    Do not be fooled. The virus is NOT gone. You need to run some sort of scan, perferably not on your computer (the antivirus might be infected). You could download Explorer and run Panda or run Mcafee.
  7. 17-12-2004  #6
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Its not a virus, its an exploit. Read this info.
+ Reply to Thread
« Mising shell.dll | Browser shuts down, please help »