A week ago the connection started dropping during periods of inactivity.
A scan (Spybot, Adaware, and Norton Corporate eddition) revealed a number of viruses/malware, including pokapoka and a number of w32 worms.
These have all been sucessfuly been removed (I hope) using a combination of Spybot, Adaware, Norton and AVG.
However although AVG identified and removed the mswi32.pif Trojan, it still reappears.
Have tried the following in Safe mode: AVG, Norton, Spybot and Adaware.
Surprisingly I have not found any info on the mswi32.pif processes which is MR.
Have tried looking at the mswi32.pif file on the system32 folder but it closes explorer when I try.
Any help would be greatly appriciated.
Logfile of HijackThis v1.99.1
Scan saved at 19:29:56, on 12/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Program Files\ComputerAssociates\ARCserve\msgeng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ComputerAssociates\ARCserve\casmrtbk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\winnt\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\cba\pds.exe
C:\winnt\System32\llssrv.exe
C:\winnt\LogWatNT.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\winnt\system32\ntfrs.exe
C:\winnt\system32\regsvc.exe
C:\winnt\System32\locator.exe
C:\winnt\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\winnt\system32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\tcpsvcs.exe
C:\winnt\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\winnt\system32\ams_ii\hndlrsvc.exe
C:\winnt\system32\MsgSys.EXE
C:\winnt\system32\ams_ii\iao.exe
C:\winnt\system32\cba\xfr.exe
C:\winnt\System32\ismserv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe
C:\Program Files\ComputerAssociates\ARCserveITDS\Liccheck.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\mswi32.pif
C:\winnt\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\winnt\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\winnt\system32\mswi32.pif
D:\Spyware\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\system32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128674547640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dfsales.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BACAB12-5BD0-4BD4-9443-4590A96A6FA3}: NameServer = 194.94.65.69,10.10.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dfsales.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dfsales.co.uk
O20 - Winlogon Notify: NavLogon - C:\winnt\system32\NavLogon.dll
O23 - Service: ARCserve Database Engine (ASDBEngine) - Computer Associates International, Inc. - C:\Program Files\ComputerAssociates\ARCserve\DBENG.exe
O23 - Service: ARCserve Discovery Service (ASDiscoverySvc) - Computer Associates - C:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe
O23 - Service: ARCserve Job Engine (ASJobEngine) - Unknown owner - C:\Program Files\ComputerAssociates\ARCserve\jobeng.exe
O23 - Service: ARCserve Message Engine (ASMsgEngine) - Computer Associates International, Inc. - C:\Program Files\ComputerAssociates\ARCserve\msgeng.exe
O23 - Service: ARCserve Tape Engine (ASTapeEngine) - Unknown owner - C:\Program Files\ComputerAssociates\ARCserve\tapeeng.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cheyenne Alert Notification Server - Cheyenne Division Of Computer Associates International, Inc. - C:\Program Files\ComputerAssociates\ARCserve\Alert\ALERT.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\winnt\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\winnt\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\winnt\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\winnt\system32\cba\pds.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\winnt\LogWatNT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\winnt\system32\scardsvr32.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)