Rick210468
-
Content Count
12 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Rick210468
-
-
OK:
here is the last hijackthis lof that I conducted:
Logfile of HijackThis v1.99.1
Scan saved at 18:33:30, on 13/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O1 - Hosts: 84.66.219.98 cfm.zapto.org
O1 - Hosts: 70.85.147.68 forum.iamnotageek.com
O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com
O1 - Hosts: 66.35.253.32 housecall.trendmicro.com
O1 - Hosts: 207.246.157.244 oldsexlinks.com
O1 - Hosts: 67.138.240.11 primehostreviews.com
O1 - Hosts: 206.204.52.6 security.symantec.com
O1 - Hosts: 66.28.176.86 shadow.atkingdom.com
O1 - Hosts: 207.246.157.249 spunkermovies.com
O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk
O1 - Hosts: 67.43.1.57 www.besttechie.net
O1 - Hosts: 213.150.62.120 www.bitdefender.com
O1 - Hosts: 66.55.148.147 www.cosmic-cum.com
O1 - Hosts: 66.28.176.236 www.erotiqlinks.com
O1 - Hosts: 194.60.170.7 www.experian.co.uk
O1 - Hosts: 66.249.87.99 www.google.co.uk
O1 - Hosts: 63.105.4.85 www.hsbc.com
O1 - Hosts: 66.250.223.113 www.localfoxes.net
O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com
O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com
O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com
O1 - Hosts: 193.108.153.116 www.pandasoftware.com
O1 - Hosts: 213.233.121.11 www.ravantivirus.com
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 69.50.130.78 www.snakesworld.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {FBF77D9B-CA17-A517-257C-C38A16C5AD4F} - C:\WINDOWS\mfcae32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe
O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe
O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe
O4 - HKLM\..\RunOnce: [sysbj.exe] C:\WINDOWS\sysbj.exe
O4 - HKLM\..\RunOnce: [appsm.exe] C:\WINDOWS\system32\appsm.exe
O4 - HKLM\..\RunOnce: [apiif.exe] C:\WINDOWS\apiif.exe
O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
O4 - HKLM\..\RunOnce: [msfq.exe] C:\WINDOWS\system32\msfq.exe
O4 - HKLM\..\RunOnce: [ntks32.exe] C:\WINDOWS\system32\ntks32.exe
O4 - HKLM\..\RunOnce: [javafp32.exe] C:\WINDOWS\system32\javafp32.exe
O4 - HKLM\..\RunOnce: [mfclj.exe] C:\WINDOWS\system32\mfclj.exe
O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe
O4 - HKLM\..\RunOnce: [apiqf32.exe] C:\WINDOWS\apiqf32.exe
O4 - HKLM\..\RunOnce: [winea.exe] C:\WINDOWS\winea.exe
O4 - HKLM\..\RunOnce: [d3am.exe] C:\WINDOWS\system32\d3am.exe
O4 - HKLM\..\RunOnce: [mfcxm.exe] C:\WINDOWS\system32\mfcxm.exe
O4 - HKLM\..\RunOnce: [mslj.exe] C:\WINDOWS\system32\mslj.exe
O4 - HKLM\..\RunOnce: [appvf32.exe] C:\WINDOWS\system32\appvf32.exe
O4 - HKLM\..\RunOnce: [winql32.exe] C:\WINDOWS\winql32.exe
O4 - HKLM\..\RunOnce: [crvn.exe] C:\WINDOWS\crvn.exe
O4 - HKLM\..\RunOnce: [appuu.exe] C:\WINDOWS\appuu.exe
O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\system32\sdkgr32.exe
O4 - HKLM\..\RunOnce: [mfcml.exe] C:\WINDOWS\mfcml.exe
O4 - HKLM\..\RunOnce: [javagz.exe] C:\WINDOWS\system32\javagz.exe
O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\winkj32.exe
O4 - HKLM\..\RunOnce: [crpl32.exe] C:\WINDOWS\system32\crpl32.exe
O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe
O4 - HKLM\..\RunOnce: [netcv.exe] C:\WINDOWS\system32\netcv.exe
O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\system32\ipwh32.exe
O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\system32\addcj32.exe
O4 - HKLM\..\RunOnce: [ntkj.exe] C:\WINDOWS\system32\ntkj.exe
O4 - HKLM\..\RunOnce: [javakx32.exe] C:\WINDOWS\javakx32.exe
O4 - HKLM\..\RunOnce: [apipr32.exe] C:\WINDOWS\apipr32.exe
O4 - HKLM\..\RunOnce: [sysuv32.exe] C:\WINDOWS\sysuv32.exe
O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe
O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
O4 - HKLM\..\RunOnce: [ntxk.exe] C:\WINDOWS\system32\ntxk.exe
O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe
O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe
O4 - HKLM\..\RunOnce: [winmn.exe] C:\WINDOWS\system32\winmn.exe
O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\system32\crzh32.exe
O4 - HKLM\..\RunOnce: [apilj32.exe] C:\WINDOWS\system32\apilj32.exe
O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\system32\sysyd.exe
O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\ieec32.exe
O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\system32\sdkjw.exe
O4 - HKLM\..\RunOnce: [atlie32.exe] C:\WINDOWS\system32\atlie32.exe
O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\system32\javaxs32.exe
O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\appxa.exe
O4 - HKLM\..\RunOnce: [sysbe.exe] C:\WINDOWS\system32\sysbe.exe
O4 - HKLM\..\RunOnce: [mfcqu32.exe] C:\WINDOWS\mfcqu32.exe
O4 - HKLM\..\RunOnce: [ntgb32.exe] C:\WINDOWS\system32\ntgb32.exe
O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\system32\netbn.exe
O4 - HKLM\..\RunOnce: [mfcfo.exe] C:\WINDOWS\mfcfo.exe
O4 - HKLM\..\RunOnce: [ntjs32.exe] C:\WINDOWS\ntjs32.exe
O4 - HKLM\..\RunOnce: [netsb.exe] C:\WINDOWS\netsb.exe
O4 - HKLM\..\RunOnce: [netyp32.exe] C:\WINDOWS\netyp32.exe
O4 - HKLM\..\RunOnce: [netnm32.exe] C:\WINDOWS\system32\netnm32.exe
O4 - HKLM\..\RunOnce: [winrj32.exe] C:\WINDOWS\winrj32.exe
O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe
O4 - HKLM\..\RunOnce: [appft.exe] C:\WINDOWS\appft.exe
O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\system32\addpr.exe
O4 - HKLM\..\RunOnce: [croh32.exe] C:\WINDOWS\croh32.exe
O4 - HKLM\..\RunOnce: [sdkjl.exe] C:\WINDOWS\system32\sdkjl.exe
O4 - HKLM\..\RunOnce: [ipeu32.exe] C:\WINDOWS\system32\ipeu32.exe
O4 - HKLM\..\RunOnce: [apihy.exe] C:\WINDOWS\apihy.exe
O4 - HKLM\..\RunOnce: [wingo32.exe] C:\WINDOWS\wingo32.exe
O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe
O4 - HKLM\..\RunOnce: [javaaf.exe] C:\WINDOWS\system32\javaaf.exe
O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\iewj32.exe
O4 - HKLM\..\RunOnce: [crgr.exe] C:\WINDOWS\system32\crgr.exe
O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\d3tg32.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe
O4 - HKLM\..\RunOnce: [ieiq.exe] C:\WINDOWS\ieiq.exe
O4 - HKLM\..\RunOnce: [crxy.exe] C:\WINDOWS\crxy.exe
O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINDOWS\system32\nethq32.exe
O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe
O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe
O4 - HKLM\..\RunOnce: [sdkhm32.exe] C:\WINDOWS\sdkhm32.exe
O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\ipfh.exe
O4 - HKLM\..\RunOnce: [addep32.exe] C:\WINDOWS\addep32.exe
O4 - HKLM\..\RunOnce: [winnn32.exe] C:\WINDOWS\system32\winnn32.exe
O4 - HKLM\..\RunOnce: [msxo.exe] C:\WINDOWS\msxo.exe
O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe
O4 - HKLM\..\RunOnce: [apilq.exe] C:\WINDOWS\apilq.exe
O4 - HKLM\..\RunOnce: [crbf32.exe] C:\WINDOWS\system32\crbf32.exe
O4 - HKLM\..\RunOnce: [winle32.exe] C:\WINDOWS\winle32.exe
O4 - HKLM\..\RunOnce: [addtk.exe] C:\WINDOWS\addtk.exe
O4 - HKLM\..\RunOnce: [addnd32.exe] C:\WINDOWS\system32\addnd32.exe
O4 - HKLM\..\RunOnce: [d3bn32.exe] C:\WINDOWS\d3bn32.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\addkg32.exe
O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\system32\javako.exe
O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\system32\netoa.exe
O4 - HKLM\..\RunOnce: [mfcyy.exe] C:\WINDOWS\mfcyy.exe
O4 - HKLM\..\RunOnce: [apphz32.exe] C:\WINDOWS\system32\apphz32.exe
O4 - HKLM\..\RunOnce: [appnw.exe] C:\WINDOWS\appnw.exe
O4 - HKLM\..\RunOnce: [appbs.exe] C:\WINDOWS\system32\appbs.exe
O4 - HKLM\..\RunOnce: [netmr32.exe] C:\WINDOWS\netmr32.exe
O4 - HKLM\..\RunOnce: [crwk32.exe] C:\WINDOWS\system32\crwk32.exe
O4 - HKLM\..\RunOnce: [mfces32.exe] C:\WINDOWS\mfces32.exe
O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\system32\javazd32.exe
O4 - HKLM\..\RunOnce: [msdi.exe] C:\WINDOWS\system32\msdi.exe
O4 - HKLM\..\RunOnce: [crmi32.exe] C:\WINDOWS\system32\crmi32.exe
O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\system32\apigz.exe
O4 - HKLM\..\RunOnce: [msak.exe] C:\WINDOWS\system32\msak.exe
O4 - HKLM\..\RunOnce: [javaqz.exe] C:\WINDOWS\javaqz.exe
O4 - HKLM\..\RunOnce: [msvc.exe] C:\WINDOWS\system32\msvc.exe
O4 - HKLM\..\RunOnce: [javazo.exe] C:\WINDOWS\javazo.exe
O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\system32\winod32.exe
O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\iesm32.exe
O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\system32\sysdy.exe
O4 - HKLM\..\RunOnce: [atlhc32.exe] C:\WINDOWS\system32\atlhc32.exe
O4 - HKLM\..\RunOnce: [addqc.exe] C:\WINDOWS\system32\addqc.exe
O4 - HKLM\..\RunOnce: [sdkri.exe] C:\WINDOWS\sdkri.exe
O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe
O4 - HKLM\..\RunOnce: [ntjw32.exe] C:\WINDOWS\system32\ntjw32.exe
O4 - HKLM\..\RunOnce: [sdkci32.exe] C:\WINDOWS\sdkci32.exe
O4 - HKLM\..\RunOnce: [apibv32.exe] C:\WINDOWS\system32\apibv32.exe
O4 - HKLM\..\RunOnce: [sysyr32.exe] C:\WINDOWS\system32\sysyr32.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\system32\netbd.exe
O4 - HKLM\..\RunOnce: [javazy32.exe] C:\WINDOWS\javazy32.exe
O4 - HKLM\..\RunOnce: [netmi.exe] C:\WINDOWS\system32\netmi.exe
O4 - HKLM\..\RunOnce: [nteq.exe] C:\WINDOWS\nteq.exe
O4 - HKLM\..\RunOnce: [crwr32.exe] C:\WINDOWS\system32\crwr32.exe
O4 - HKLM\..\RunOnce: [sysmy.exe] C:\WINDOWS\system32\sysmy.exe
O4 - HKLM\..\RunOnce: [iewx.exe] C:\WINDOWS\iewx.exe
O4 - HKLM\..\RunOnce: [ntum32.exe] C:\WINDOWS\ntum32.exe
O4 - HKLM\..\RunOnce: [mfctc32.exe] C:\WINDOWS\system32\mfctc32.exe
O4 - HKLM\..\RunOnce: [sdkpe32.exe] C:\WINDOWS\sdkpe32.exe
O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe
O4 - HKLM\..\RunOnce: [appda.exe] C:\WINDOWS\system32\appda.exe
O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\apinb.exe
O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\sysmj32.exe
O4 - HKLM\..\RunOnce: [netby32.exe] C:\WINDOWS\system32\netby32.exe
O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\appsl32.exe
O4 - HKLM\..\RunOnce: [d3wh32.exe] C:\WINDOWS\d3wh32.exe
O4 - HKLM\..\RunOnce: [atlzt32.exe] C:\WINDOWS\atlzt32.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
O4 - HKLM\..\RunOnce: [netzp32.exe] C:\WINDOWS\netzp32.exe
O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\sdkxw.exe
O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINDOWS\system32\ieta32.exe
O4 - HKLM\..\RunOnce: [crdb.exe] C:\WINDOWS\system32\crdb.exe
O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\system32\mfclh.exe
O4 - HKLM\..\RunOnce: [iekw32.exe] C:\WINDOWS\system32\iekw32.exe
O4 - HKLM\..\RunOnce: [javaam.exe] C:\WINDOWS\javaam.exe
O4 - HKLM\..\RunOnce: [apizt32.exe] C:\WINDOWS\apizt32.exe
O4 - HKLM\..\RunOnce: [winxj32.exe] C:\WINDOWS\system32\winxj32.exe
O4 - HKLM\..\RunOnce: [sysbs.exe] C:\WINDOWS\sysbs.exe
O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe
O4 - HKLM\..\RunOnce: [wingx.exe] C:\WINDOWS\wingx.exe
O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe
O4 - HKLM\..\RunOnce: [atlot32.exe] C:\WINDOWS\system32\atlot32.exe
O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe
O4 - HKLM\..\RunOnce: [msik.exe] C:\WINDOWS\msik.exe
O4 - HKLM\..\RunOnce: [addeo32.exe] C:\WINDOWS\system32\addeo32.exe
O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe
O4 - HKLM\..\RunOnce: [netcd32.exe] C:\WINDOWS\system32\netcd32.exe
O4 - HKLM\..\RunOnce: [appgn.exe] C:\WINDOWS\appgn.exe
O4 - HKLM\..\RunOnce: [ntsx.exe] C:\WINDOWS\ntsx.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: http://192.168.0.1
O15 - Trusted IP range: http://81.77.11.109
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaml.exe" /s (file missing)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
I hope this is getting one step closer to where I need to be, but it doesn't feel like it. Your help and assistance is invaluable, thank you.
Now.....It's friday, i'm fed up, irritated and tired. I'm going to drink a beer.
Regards
Rck
-
Hi,
Right then here we go:
I ran through the last set of instructions that you provided. Here is a copy of the report that I obtained from the scan that was conducted on the RAV website:
started at 13/05/2005 16:13:40
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\002629_.tmp->ADS:ymwlp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\002629_.tmp->ADS:cxhtcd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\aaxexfg.cfg->ADS:fdnuj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\addad.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addci32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\addep32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addfd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addhj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addhv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addiw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addjn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addjw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addkg32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addkv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addnf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addnk.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addoh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addqw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addrd.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addry32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addsp32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addtk.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addyh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\addzv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apibw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apidt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apidu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apidv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apidw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiee32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apihq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apihy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiif.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apije32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apijh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apilq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apilr.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apipm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apipr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiqf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apirt.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apisy32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiut.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apivt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apixw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiyp.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apiyv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appaj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appav.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appay.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appby32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appdg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appet32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appeu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appft.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appge32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appha.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apphd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apphn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appih32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appkl32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appky.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\applf.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appmm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appnw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appoi.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appra.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\apprz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appsk32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appuu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appwb32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appwv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\appxa.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlbg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlcr.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlcv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlfd.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlfo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlgi.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlhp32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlhw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlin32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atliw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atljn32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlmg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlnd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlnw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlqd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atltc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atlyy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\atzrz.log->ADS:gdxjs - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\aucfg.ini->ADS:hlzmwx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Bclwdde.ini->ADS:kdzkw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Bclwdde.ini->ADS:dteig - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Bclwdde.ini->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Blue Lace 16.bmp->ADS:osukd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Blue Lace 16.bmp->ADS:fqgwr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BlueSpaceNE.INI->ADS:fcamv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BRRBATOM_1430->ADS:fvfbk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BRWMARK.INI->ADS:rsxqq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BRWMARK.INI->ADS:qkymt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BTI.INI->ADS:kzyzte - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\BTI.INI->ADS:gzyzs - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\cmsetacl.log->ADS:sjceh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\crbe32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crdv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crek.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crey32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crgf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crhy32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\crio32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\crle.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crlo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crml.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crne.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\croh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crpo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crtl32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crtm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crto32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crvg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crvn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crxy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\cryi.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\cryu32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crzb32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\crzo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\CTPDB.INI->ADS:hzpnm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPDB.INI->ADS:gsmfo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPDEMO.INI->ADS:ycjfh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPDEMO.INI->ADS:qnepb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPEDI.INI->ADS:xootn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPEDI.INI->ADS:czivw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPEDI.INI->ADS:bectw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\CTPEDI.INI->ADS:adbrx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\cwydf.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\d3ad.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3ao32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3ar.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\d3bn32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3ca32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3ec.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3ep.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3fo32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3he32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3iz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3lf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3mg32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3pb.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3qs32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3qu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3qz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3sr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3sz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3tg32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3tk32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3vg32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3vj.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3vs32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\d3wt.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\dahotfix.log->ADS:kwrcb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\DBNAMES.CFG->ADS:yewue - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\desktop.ini->ADS:cjdvl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\dsmwq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\DtcInstall.log->ADS:cmbrq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\EQIMEX.INI->ADS:bzlsm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\eXInsUtl.ini->ADS:vtzed - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\eXInsUtl.ini->ADS:iirmj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\explorer.scf->ADS:jgqzg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\FaxSetup.log->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\FeatherTexture.bmp->ADS:upwlu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ftbqo.txt->ADS:gvgll - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\gatbn.txt->ADS:zwbws - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\gatbn.txt->ADS:lboua - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Gone Fishing.bmp->ADS:pqbkt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Gone Fishing.bmp->ADS:hcsrw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Gone Fishing.bmp->ADS:gleyq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\gvhpv.txt->ADS:gysfc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\hcmgc.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\IE4 Error Log.txt->ADS:zylkw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\IE4 Error Log.txt->ADS:yxuab - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\IE4 Error Log.txt->ADS:lusxy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\iecc32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iecd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieck32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iecm.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieec32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iegh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iehm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iehu32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iein32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieiq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iekd32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ielh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieli.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ielj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iepe32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iepk.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iepw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieqm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ierl32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\iesm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iesq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieto32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieuu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ievo32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ievy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iewj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iexc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ieyd.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iezh.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\iezx.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iis6.log->ADS:qgcfc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\imsins.BAK->ADS:gjkcb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\imsins.BAK->ADS:dybqf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\intuprof.ini->ADS:ypfoc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\intuprof.ini->ADS:kyghj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\intuprof.ini->ADS:dfyxq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ipam32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipbs32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipcb32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipdf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipfh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipfn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipfu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipgr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iphc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iphy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipiz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipjb.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipjn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iplf.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\iplp.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iptm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipwt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ipxm.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\iuijk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\jautoexp.dat->ADS:snnfj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\javabr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javacf32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaev.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javafx32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaho32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javahw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javajm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javako.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javakq32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaku32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javakx32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javalw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javamc32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaml.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javapl.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaqz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javavo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javawc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaxd.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javayg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javayx32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javaza.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\javazo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\KB810217.log->ADS:eqfiq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB817611.log->ADS:wkdds - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB817611.log->ADS:swmgm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB820291.log->ADS:hfriu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB822603.log->ADS:vgest - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB822603.log->ADS:ialjdj - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\KB822827.log->ADS:jsjuc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB822827.log->ADS:jnfnsq - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\KB823182.log->ADS:olujp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB823182.log->ADS:fmrqy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB823182.log->ADS:erudg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB824105.log->ADS:nhxxn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB824105.log->ADS:clxrp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB824141.log->ADS:ywaeh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB824141.log->ADS:bihro - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB825119.log->ADS:qqsaj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB826942.log->ADS:ueunj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB826942.log->ADS:mpiggd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB828028.log->ADS:tbrhr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB828028.log->ADS:ksldl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB828028.log->ADS:jrdom - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB828028.log->ADS:gbklm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB833987.log->ADS:lepkq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log->ADS:ieunl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB839643-DirectX9.log->ADS:qutzd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB840315.log->ADS:popvyx - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\KB840374.log->ADS:secry - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB840374.log->ADS:clial - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB841356.log->ADS:ujbow - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB841356.log->ADS:fxakk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB841533.log->ADS:txkux - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB873339.log->ADS:dvtoc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB873376.log->ADS:ppton - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB887811.log->ADS:aobmg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log->ADS:jrmrsz - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\kqbvj.log->ADS:iukcy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ktmqz.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Max75.tsf->ADS:myclj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Maximizer.MIF->ADS:taynu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Maximizer.MIF->ADS:crwxub - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\MaxSelfreg.log->ADS:zxedyv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\MedCtrOC.log->ADS:lbxzp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\MedCtrOC.log->ADS:khcwz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\mfcae32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcej32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfces32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcev.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcfo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcgm.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcjq32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfckb.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcke.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcml.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcmp.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcmv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcqb.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcqu32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mfcyc.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\mfcyy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mlanj.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\mmroa.log->ADS:fleyl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ModemLog_CXT AC-Link Modem for Intel.txt->ADS:lwysq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link.txt->ADS:mqwms - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msan.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msbt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msdfmap.ini->ADS:lmjab - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msdfmap.ini->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msdfmap.ini->ADS:ciuctx - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msfa32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msga32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msge.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msgr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msgt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msgw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mshx32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msjg32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mskv.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\mskx32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\mslw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msmqinst.log->ADS:jtayw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msmqinst.log->ADS:itqrd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msmqinst.log->ADS:iamxh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msmqinst.log->ADS:fqxez - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\msmy.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msnl.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mssz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mstx32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msvq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msvy32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msvz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msxe.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msxi.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msxo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\msyb32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\mszn32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\naxmxtg.dat->ADS:auiwx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\nbupj.txt->ADS:njyupj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\netat.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netau.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netaz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netbz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netbz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netcw.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netdk.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netfxocm.log->ADS:odexm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\netfxocm.log->ADS:mvysr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\netfy32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netij32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netir32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netji32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netkg.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netlz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netmm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netmr32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netmv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netoz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netsb.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netya.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\netyo32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netyp32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netyv.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\netzw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntat32.exe - Trojan:Win32/Agent.BI -> Infected
C:\WINDOWS\ntbt.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntbtlog.txt->ADS:zuqql - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ntbtlog.txt->ADS:rapmt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ntde32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntdj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntdn.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntdtcsetup.log->ADS:gzdun - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ntdtcsetup.log->ADS:bqadn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\nteh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntet.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\nthk32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntja.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntjs32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntmh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntmz.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntnu.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntnu32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntpa.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntqt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\nttc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntyh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntym.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\ntzr.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\oaybq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\ocgen.log->ADS:svidf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ocgen.log->ADS:bmmrd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ocmsn.log->ADS:uxjok - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ocmsn.log->ADS:upyfu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ocmsn.log->ADS:rtpzt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ocmsn.log->ADS:gqgcn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ODBC.INI->ADS:mbnmi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ODBC.INI->ADS:jdupw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\ODBCINST.INI->ADS:wzbya - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\OEWABLog.txt->ADS:pnper - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\opt_5030.ini->ADS:ugfoa - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\opt_5030.ini->ADS:kcmqh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\oqdgt.txt->ADS:zorxr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\otqdl.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\PCPCONT.INI->ADS:hpnqxb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\PCPCONT.INI->ADS:hcnhj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\PKFI.INI->ADS:lnkpn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\pqxvx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\psql.MIF->ADS:qajdt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\pvsw.log->ADS:zilbq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\pvsw.log->ADS:xpvwu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\pvsw.log->ADS:evmnb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q307419.log->ADS:uxvfa - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q327979.log->ADS:ukhro - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q327979.log->ADS:ajxjv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q811228.log->ADS:xymwm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q811228.log->ADS:jwyvk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q811789.log->ADS:rktmqz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q811789.log->ADS:nlswi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813818.log->ADS:hknpfy - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\Q813818.log->ADS:hayas - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813818.log->ADS:fvaek - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813862.log->ADS:lckkr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813862.log->ADS:hsbit - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813942.log->ADS:ycdxe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q813942.log->ADS:adnut - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q814995.log->ADS:nporp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q815917.log->ADS:vprcx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q816048.log->ADS:zbiof - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q816048.log->ADS:qwxce - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Q816048.log->ADS:cmwwm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\quicken.lic->ADS:lzztv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\QUOTES.INI->ADS:excqqn - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\qwimp.ini->ADS:lvkpi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\qwimp.ini->ADS:ebtpn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\REGKEYCR.INI->ADS:uugim - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\REGLOCS.OLD->ADS:wquwsx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\REGLOCS.OLD->ADS:jychw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\REGLOCS.OLD->ADS:fribo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Rhododendron.bmp->ADS:mvzca - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\rvtov.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Santa Fe Stucco.bmp->ADS:nxfwr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sccli.dat->ADS:mwmfn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SchedLgU.Txt->ADS:uhfad - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SchedLgU.Txt->ADS:qgklv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sdkcs32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sdkdm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkfh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkhm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdklh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkoo.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkqh.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkri.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdktj.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdktp32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkwc32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkxh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sdkzb32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sdkzq32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sessmgr.setup.log->ADS:vhdbc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sessmgr.setup.log->ADS:fckni - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\setupact.log->ADS:urmfp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\setupapi.log->ADS:vznrxw - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\setuperr.log->ADS:zazse - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\setuperr.log->ADS:oqyfv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\setuperr.log->ADS:myndo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\setuplog.txt->ADS:fselr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sgdhz.txt->ADS:nzxfrg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sgdhz.txt->ADS:jtzjq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SLS.INI->ADS:vyypf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SLS.INI->ADS:iimeb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SLS.INI->ADS:gpmyj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SLS.INI->ADS:fuopg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\SLSPMODM.INI->ADS:giyiu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\smscfg.ini->ADS:vxutyn - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\smscfg.ini->ADS:owhhn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\smscfg.ini->ADS:fzrta - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\spupdsvc.log->ADS:yrugr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\spupdsvc.log->ADS:nymysy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sysal32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysaz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysbj.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysfc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysix32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\syski.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\syskr.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\syslm.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysls32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\syslv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysnq.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysnt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sysny32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysro32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\system.ini->ADS:lnrnd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\system.ini->ADS:aelxf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\sysuv32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysvq32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\syswt32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\sysxl32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\tabletoc.log->ADS:tyrie - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\tabletoc.log->ADS:atbzb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\tmupdate.ini->ADS:lmukr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\tmupdate.ini->ADS:jzyih - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\tsoc.log->ADS:kujyi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\tsoc.log->ADS:bumiko - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\txllx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\uemhs.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\uoyag.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\uwdeb.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:uvenm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:ggtuh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1280x1024.bmp->ADS:vwpwq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1400x1050.bmp->ADS:fabyz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:ufudc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:lfiom - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:hiqvk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1920x1200.bmp->ADS:qhddlz - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:wzetd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:rfvmp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:jnkvcq - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:akzsn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:zjjam - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:dfsth - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:apkcj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:ihvifj - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:bvjed - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:zyenw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:cgubea - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:jcmif - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:gjitt - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:atzrz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:xegzl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:tiovhm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:tdnak - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:fsdaz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:knjws - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:bdxvz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:xjiwy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:hkkra - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x1024.bmp->ADS:euhba - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x768.bmp->ADS:uatiq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x800.bmp->ADS:vyjnp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ujmdi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ualmq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ftxuw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1600x1200.bmp->ADS:xrdtiz - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:ovavf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:mtxmq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\vbaddin.ini->ADS:vpeifs - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\vbaddin.ini->ADS:qjwyi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\vbaddin.ini->ADS:pswycj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\vbaddin.ini->ADS:igogu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\W32UCADM.INI->ADS:qkbrrk - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\wgvlk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\wiadebug.log->ADS:nixozc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\wiadebug.log->ADS:mwask - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\wiaservc.log->ADS:yoybd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\win.ini->ADS:qirpv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\win.ini->ADS:duxrk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winau.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winco.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\wincz32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\WindowsUpdate.log->ADS:fsesup - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\windx.exe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winea.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winfs32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\wingc32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\wingo32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winib32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winig.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winjw32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winkj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winky32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winle32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winlm32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winmc.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winnt.bmp->ADS:mvsej - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winnt.bmp->ADS:kzpwq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winnt.bmp->ADS:kmfch - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winnt.bmp->ADS:efzbz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\winpl32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winql32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winqt.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winrb32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winrj32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winrx.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winuu32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winxh32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winze.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\winzk32.exe - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\WMPrfCSY.prx->ADS:oigbp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfCSY.prx->ADS:mxraj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfDeu.prx->ADS:ewkkd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFIN.prx->ADS:qiybn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFIN.prx->ADS:fcfjl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFIN.prx->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFRA.prx->ADS:vvvhpt - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\WMPrfFRA.prx->ADS:svyvg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFRA.prx->ADS:sllpj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfFRA.prx->ADS:mfiel - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfITA.prx->ADS:xggdo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfITA.prx->ADS:mlkzul - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfITA.prx->ADS:igjtf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfITA.prx->ADS:gofgz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfNLD.prx->ADS:pnzui - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMPrfPTG.prx->ADS:cuvpa - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\wmsetup10.log->ADS:rlnjc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\wmsetup10.log->ADS:hmlzg - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\wmsetup10.log->ADS:ajbci - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMSysPr9.prx->ADS:oxntx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMSysPr9.prx->ADS:opfei - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMSysPr9.prx->ADS:iqibd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WMSysPrx.prx->ADS:exaehp - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\WUCADMIN.INI->ADS:pjsmy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WUCADMIN.INI->ADS:lsjqq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\WUCADMIN.INI->ADS:lehpn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xaafg.log->ADS:sgvlo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xaafg.log->ADS:epfzj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xaafg.log->ADS:cytga - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xpsp1hfm.log->ADS:vxyfn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xpsp1hfm.log->ADS:fgqfu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xuqfs.txt->ADS:wgrdv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\xuqfs.txt->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\yafyj.log->ADS:tbugzi - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\yhbzq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\Zapotec.bmp->ADS:pgjix - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\Zapotec.bmp->ADS:etcvk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:kduyj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:kbtmdw - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\_default.pif->ADS:jxabgf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jvuem - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:juqqf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jtrlj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jrbsl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jraby - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jqlbi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:joshm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:joljf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jmciy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jlnzb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jjkup - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jjkru - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jeojnu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jccav - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:jbncul - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_default.pif->ADS:irxke - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:irrdv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:irnkk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:iqqdy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ipnark - Trojan:Win32/Small.DV -> Infected
C:\WINDOWS\_default.pif->ADS:iowsj - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:imlnu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:iihea - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ifhah - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ieffq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:iduoy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hzxok - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hozbd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hizqa - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hiqrl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hbxqk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:hblrn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gzuur - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gywkb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gyvog - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gufgp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gmyra - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gjkgz - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ghxzo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ghfxm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ghaeq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gefqa - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gbtin - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:gatbnh - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ftoor - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ftndx - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ftbqog - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:fkylq - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:fcflw - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:fauspc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ezwgk - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ezpzwi - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_default.pif->ADS:ewhvr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ewdcm - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:embuu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ekvjy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ejouzl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:efhxu - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:eekbd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:ebcmv - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:eaaosd - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dyris - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dwzvxy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dwsyr - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dtwpnc - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\WINDOWS\_default.pif->ADS:dphcs - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dnkps - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dnjqi - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dmsbo - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dfgtzb - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:dcqmn - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cxxke - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cwfjp - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cukyl - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cjhtc - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cinya - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:chtln - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cehoqf - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cdrbe - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cblrfy - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_default.pif->ADS:cbgza - TrojanDownloader:Win32/Agent.BX -> Infected
C:\WINDOWS\_defaul
-
Alan,
Just at home now and trying to go through your instructions again. However when I got to section 5 of your instructions and typed services.msc. I looked for Workstation NetLog services it was not there. What was there was Workstation .
I just thought this might be relevant. I am not going to do anything until I hear from you.
Regards
Rick
-
Alan,
Just to let you know that I have also just noticed that there has appeared a folder on my desk top called backups. The folder has two file in there which have been modified on today date.
I have checked the other four computers in my office and after checking the history on all of them is one other that has been surfing porn sites today. I noticed from the hijack this log that my laptop has been surfing pornsites today. I assume that this is how this stuff intalls itself on the system?
Please advise in order for me to investigate this internally with my staff.
-
Alan,
I have followed the intructions that you provided. At point 5 the instruction stated to delete the following files
C:\WINDOWS\system32\appvy.exe
C:\WINDOWS\system32\ipju32.exe
C:\WINDOWS\system32\ntsg32.exe
I did this by going to search under start and searched for each file. The last one did not appear. I checked for it three times in order to be sure.
Also, in point 4 the only files that appeared and that I checked were:
04 - HKLM\..\Run:[appvy.exe]C:\WINDOWS\system32\appvy.exe
04 - HKLM\..\RunOnce[ipju32.exe]C:\WINDOWS\system32\ipju.exe
So I checked the boxes and clicked on fix checked.
Here is the about blaster log:
Scanned at: 18:46:45 on: 12/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\KB885835.log:azuht
C:\WINDOWS\opt_5030.ini:vgqlz
C:\WINDOWS\Q323183.log:abzru
C:\WINDOWS\SLSPTLNO.INI:pdani
Removed! : C:\WINDOWS\hswjz.dat
Removed! : C:\WINDOWS\system32\ekrge.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\KB885835.log:azuht
C:\WINDOWS\opt_5030.ini:vgqlz
C:\WINDOWS\Q323183.log:abzru
C:\WINDOWS\SLSPTLNO.INI:pdani
Attempted Clean Of Temp folder.
Pages Reset... Done!
Here is the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 18:50:34, on 12/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe
O1 - Hosts: 84.66.219.98 cfm.zapto.org
O1 - Hosts: 70.85.147.68 forum.iamnotageek.com
O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com
O1 - Hosts: 66.35.253.32 housecall.trendmicro.com
O1 - Hosts: 207.246.157.244 oldsexlinks.com
O1 - Hosts: 67.138.240.11 primehostreviews.com
O1 - Hosts: 66.28.176.86 shadow.atkingdom.com
O1 - Hosts: 207.246.157.249 spunkermovies.com
O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk
O1 - Hosts: 67.43.1.57 www.besttechie.net
O1 - Hosts: 66.55.148.147 www.cosmic-cum.com
O1 - Hosts: 66.28.176.236 www.erotiqlinks.com
O1 - Hosts: 194.60.170.7 www.experian.co.uk
O1 - Hosts: 63.105.4.85 www.hsbc.com
O1 - Hosts: 66.250.223.113 www.localfoxes.net
O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com
O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com
O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 69.50.130.78 www.snakesworld.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe
O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe
O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe
O4 - HKLM\..\RunOnce: [addjw32.exe] C:\WINDOWS\addjw32.exe
O4 - HKLM\..\RunOnce: [appsk32.exe] C:\WINDOWS\appsk32.exe
O4 - HKLM\..\RunOnce: [mfcgm.exe] C:\WINDOWS\mfcgm.exe
O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\system32\ielg32.exe
O4 - HKLM\..\RunOnce: [d3os.exe] C:\WINDOWS\system32\d3os.exe
O4 - HKLM\..\RunOnce: [iptm32.exe] C:\WINDOWS\iptm32.exe
O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\apixw.exe
O4 - HKLM\..\RunOnce: [ipod.exe] C:\WINDOWS\system32\ipod.exe
O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe
O4 - HKLM\..\RunOnce: [netat.exe] C:\WINDOWS\netat.exe
O4 - HKLM\..\RunOnce: [javaev.exe] C:\WINDOWS\javaev.exe
O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\system32\mfcfj32.exe
O4 - HKLM\..\RunOnce: [ntyh32.exe] C:\WINDOWS\ntyh32.exe
O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\system32\appdk.exe
O4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS\system32\ntqp32.exe
O4 - HKLM\..\RunOnce: [d3xi32.exe] C:\WINDOWS\system32\d3xi32.exe
O4 - HKLM\..\RunOnce: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe
O4 - HKLM\..\RunOnce: [ipiz.exe] C:\WINDOWS\ipiz.exe
O4 - HKLM\..\RunOnce: [appwb32.exe] C:\WINDOWS\appwb32.exe
O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe
O4 - HKLM\..\RunOnce: [javalw32.exe] C:\WINDOWS\javalw32.exe
O4 - HKLM\..\RunOnce: [sdkwc32.exe] C:\WINDOWS\sdkwc32.exe
O4 - HKLM\..\RunOnce: [mfcke.exe] C:\WINDOWS\mfcke.exe
O4 - HKLM\..\RunOnce: [winar.exe] C:\WINDOWS\system32\winar.exe
O4 - HKLM\..\RunOnce: [mfcev.exe] C:\WINDOWS\mfcev.exe
O4 - HKLM\..\RunOnce: [ippo32.exe] C:\WINDOWS\system32\ippo32.exe
O4 - HKLM\..\RunOnce: [apisy32.exe] C:\WINDOWS\apisy32.exe
O4 - HKLM\..\RunOnce: [ipmj.exe] C:\WINDOWS\system32\ipmj.exe
O4 - HKLM\..\RunOnce: [crin32.exe] C:\WINDOWS\system32\crin32.exe
O4 - HKLM\..\RunOnce: [ntrv.exe] C:\WINDOWS\system32\ntrv.exe
O4 - HKLM\..\RunOnce: [sdkfk32.exe] C:\WINDOWS\system32\sdkfk32.exe
O4 - HKLM\..\RunOnce: [sdklh32.exe] C:\WINDOWS\sdklh32.exe
O4 - HKLM\..\RunOnce: [atlqd32.exe] C:\WINDOWS\atlqd32.exe
O4 - HKLM\..\RunOnce: [sdktp32.exe] C:\WINDOWS\sdktp32.exe
O4 - HKLM\..\RunOnce: [d3yt.exe] C:\WINDOWS\system32\d3yt.exe
O4 - HKLM\..\RunOnce: [crzb32.exe] C:\WINDOWS\crzb32.exe
O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe
O4 - HKLM\..\RunOnce: [crtn.exe] C:\WINDOWS\system32\crtn.exe
O4 - HKLM\..\RunOnce: [mfchr.exe] C:\WINDOWS\system32\mfchr.exe
O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\system32\d3bd.exe
O4 - HKLM\..\RunOnce: [sdkqk.exe] C:\WINDOWS\system32\sdkqk.exe
O4 - HKLM\..\RunOnce: [sysgf32.exe] C:\WINDOWS\system32\sysgf32.exe
O4 - HKLM\..\RunOnce: [ipgf.exe] C:\WINDOWS\system32\ipgf.exe
O4 - HKLM\..\RunOnce: [mfckr32.exe] C:\WINDOWS\system32\mfckr32.exe
O4 - HKLM\..\RunOnce: [winig.exe] C:\WINDOWS\winig.exe
O4 - HKLM\..\RunOnce: [javahw32.exe] C:\WINDOWS\javahw32.exe
O4 - HKLM\..\RunOnce: [netxe32.exe] C:\WINDOWS\system32\netxe32.exe
O4 - HKLM\..\RunOnce: [ipfu.exe] C:\WINDOWS\ipfu.exe
O4 - HKLM\..\RunOnce: [netgu.exe] C:\WINDOWS\system32\netgu.exe
O4 - HKLM\..\RunOnce: [d3vj.exe] C:\WINDOWS\d3vj.exe
O4 - HKLM\..\RunOnce: [sdkly32.exe] C:\WINDOWS\system32\sdkly32.exe
O4 - HKLM\..\RunOnce: [javaej.exe] C:\WINDOWS\system32\javaej.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: http://192.168.0.1
O15 - Trusted IP range: http://81.77.11.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
I tried to follow the steps that you provided in section 8 however when trying to launch internet explorer my system had to search for the interent explorer. It then asked if I wanted to fix the problem as it could locate it. I said to fix it which it did and I was then able to get onto the interent as eplorer reactivated. However, the webpage set itself to about:blank and al of the favourates that had intalled themselves had not been removed from the favourates list.
I then trid to log onto the free trendmicro housecall site and was initally able to do this. I disambled all of the pop up blockers and when trying to install the relevant software from the site (which I assume was the active x controls it experienced difficulties and asked if I wanted to send a report to Msoft. I clicked on no and explorer closed itself down. I tried to follow the same steps twice but to no avail.
This is really worrying, what do you think?
Thanks for your time and help, it is much appreciated. I will await your next guidance.
Rick
-
Hi all,
I have recently experienced spyware intalling itself on my machine. Quite frankly I need help. I have downloaded spybot search and destroy, paid for adaware se pro and spyware eliminator (something like £80 in all) all of which have not been able remove anything from my laptop.
My symptoms are:
1 Sites automatically added to my favourites.
2 My browser resetting itself to : about:blank
After scanning my laptop with the relevant spyware software the results are:
Cooolwwwsearch.aff.winshow
URLSearchHook.Atlpz
Startpage-EH
I have printed off and read through the the case that was resolved for cultchie_girl
but am not too sure if I am doing the right trhing firstly and secondly am slightly worried about deletingthings from the registry that could eally damage my system.
I have conducted a hijackthis scan and the results are:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:40, on 10/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALURIA~1\asKernel.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\appvy.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
C:\Program Files\Maximizer\Mxalarm.exe
C:\Program Files\Maximizer\Mxfinder.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe
O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: http://192.168.0.1
O15 - Trusted IP range: http://81.77.11.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
I really do not know what the hell I am doing and need step by step guidance in plane english as to how to get rid of this stuff off my laptop. I have to say I did not know that services / forums like this existed. I am really impressed. Thank you in advance.
Regards
Rick
-
Thank you for your calma. Very helpful.
It's just not knowing how this all works.
-
down loaded adaware today. se pro. does rectify the difficulty. I have noticed that someone else has had the same issues as I have. Will my hijackthis logs have the same results?
-
Matt,
sorry to be really thick but this is the first time I have used this kind of forum. How do i place this information into the hijackthis section?
-
Dear All,
I have had some spyware intalled onto my laptop. My home page resets itself to about:blank
the scan from spybot search and destroy provides confirms the following: confirmation of
Coolwwwsearch.aff.winshow
URL.SearchHook.Atlpz
Startpage-EH
is installed on my laptop.
I have run a hijackthis scan on my system and this is the result:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:40, on 10/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALURIA~1\asKernel.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\appvy.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
C:\Program Files\Maximizer\Mxalarm.exe
C:\Program Files\Maximizer\Mxfinder.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe
O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: http://192.168.0.1
O15 - Trusted IP range: http://81.77.11.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Could someone please help me find my way through this maze and help me resolve this trouble.
Thank you.
R.
-
I wonder if someone could help me?
I have had an issue with my system in my browser. I have had things added to my favourites along with pop ups. Apart from being slightly irritating it's totally embarrasing having porn pop up on my screen when sitting with clients!
I have down loaded spybot and purchased spyware eliminator but they do not seem to be ridding my machine of these troubles. On the spyware scan it has revealed the following:
CoolWWWsearch.Aff.Winshow
Startpage-EH
Url.SearchHook.Atlpz
How the hell does this stuff get on my machine and how the hell do I get it off.
I would really appreciate someones help.
Rick, Kingston Surrey UK
Spyware Removal <ab>
in Malware Removal
Posted
I folllowed the instruction that you kindly provided. Here are the follwing results:
About buster log:
Scanned at: 18:46:45 on: 12/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\KB885835.log:azuht
C:\WINDOWS\opt_5030.ini:vgqlz
C:\WINDOWS\Q323183.log:abzru
C:\WINDOWS\SLSPTLNO.INI:pdani
Removed! : C:\WINDOWS\hswjz.dat
Removed! : C:\WINDOWS\system32\ekrge.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\KB885835.log:azuht
C:\WINDOWS\opt_5030.ini:vgqlz
C:\WINDOWS\Q323183.log:abzru
C:\WINDOWS\SLSPTLNO.INI:pdani
Attempted Clean Of Temp folder.
Pages Reset... Done!
Scanned at: 09:36:13 on: 13/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Removed! : C:\WINDOWS\ddndf.dat
Removed! : C:\WINDOWS\gzdjs.dat
Removed! : C:\WINDOWS\lriyi.dat
Removed! : C:\WINDOWS\uylmc.dat
Removed! : C:\WINDOWS\system32\bnjdj.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
Scanned at: 10:08:03 on: 13/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
Scanned at: 14:54:59 on: 16/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\njyup.txt:dyhdo
Removed 2 Random Key Entries
Removed! : C:\WINDOWS\system32\gripi.dat
Removed! : C:\WINDOWS\system32\grxxl.dat
Removed! : C:\WINDOWS\system32\jhkuo.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\njyup.txt:dyhdo
Attempted Clean Of Temp folder.
Pages Reset... Done!
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:55:29, on 16/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe
O1 - Hosts: 84.66.219.98 cfm.zapto.org
O1 - Hosts: 70.85.147.68 forum.iamnotageek.com
O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com
O1 - Hosts: 66.35.253.32 housecall.trendmicro.com
O1 - Hosts: 207.246.157.244 oldsexlinks.com
O1 - Hosts: 67.138.240.11 primehostreviews.com
O1 - Hosts: 66.28.176.86 shadow.atkingdom.com
O1 - Hosts: 207.246.157.249 spunkermovies.com
O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk
O1 - Hosts: 67.43.1.57 www.besttechie.net
O1 - Hosts: 213.150.62.120 www.bitdefender.com
O1 - Hosts: 66.55.148.147 www.cosmic-cum.com
O1 - Hosts: 66.98.132.62 www.emsisoft.com
O1 - Hosts: 66.28.176.236 www.erotiqlinks.com
O1 - Hosts: 194.60.170.7 www.experian.co.uk
O1 - Hosts: 63.105.4.85 www.hsbc.com
O1 - Hosts: 66.250.223.113 www.localfoxes.net
O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com
O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com
O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com
O1 - Hosts: 193.108.153.116 www.pandasoftware.com
O1 - Hosts: 213.233.121.11 www.ravantivirus.com
O1 - Hosts: 212.227.253.104 www.safer-networking.org
O1 - Hosts: 69.50.130.78 www.snakesworld.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O1 - Hosts: 69.50.130.77 www.sonofsnake.com
O1 - Hosts: 62.149.140.14 www.spamihilator.com
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {FEDF758B-DA6A-9E13-D256-1A83178C70DC} - C:\WINDOWS\system32\mszc32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe
O4 - HKLM\..\Run: [iezf32.exe] C:\WINDOWS\iezf32.exe
O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe
O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe
O4 - HKLM\..\RunOnce: [iplx.exe] C:\WINDOWS\system32\iplx.exe
O4 - HKLM\..\RunOnce: [winrc.exe] C:\WINDOWS\system32\winrc.exe
O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe
O4 - HKLM\..\RunOnce: [iens.exe] C:\WINDOWS\system32\iens.exe
O4 - HKLM\..\RunOnce: [mfcaa.exe] C:\WINDOWS\system32\mfcaa.exe
O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\system32\iefc32.exe
O4 - HKLM\..\RunOnce: [addkg.exe] C:\WINDOWS\system32\addkg.exe
O4 - HKLM\..\RunOnce: [d3pa.exe] C:\WINDOWS\system32\d3pa.exe
O4 - HKLM\..\RunOnce: [sdkxz.exe] C:\WINDOWS\sdkxz.exe
O4 - HKLM\..\RunOnce: [atlcu.exe] C:\WINDOWS\atlcu.exe
O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe
O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINDOWS\mseq.exe
O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe
O4 - HKLM\..\RunOnce: [atltg32.exe] C:\WINDOWS\system32\atltg32.exe
O4 - HKLM\..\RunOnce: [ipkn32.exe] C:\WINDOWS\system32\ipkn32.exe
O4 - HKLM\..\RunOnce: [sysst32.exe] C:\WINDOWS\sysst32.exe
O4 - HKLM\..\RunOnce: [javaxn.exe] C:\WINDOWS\system32\javaxn.exe
O4 - HKLM\..\RunOnce: [mfccr.exe] C:\WINDOWS\system32\mfccr.exe
O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe
O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe
O4 - HKLM\..\RunOnce: [crly32.exe] C:\WINDOWS\system32\crly32.exe
O4 - HKLM\..\RunOnce: [ieqc.exe] C:\WINDOWS\ieqc.exe
O4 - HKLM\..\RunOnce: [mszc32.exe] C:\WINDOWS\system32\mszc32.exe
O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\d3nz32.exe
O4 - HKLM\..\RunOnce: [ipsv32.exe] C:\WINDOWS\ipsv32.exe
O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe
O4 - HKLM\..\RunOnce: [winsl.exe] C:\WINDOWS\system32\winsl.exe
O4 - HKLM\..\RunOnce: [ipwv.exe] C:\WINDOWS\ipwv.exe
O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\ipvf32.exe
O4 - HKLM\..\RunOnce: [apiof32.exe] C:\WINDOWS\apiof32.exe
O4 - HKLM\..\RunOnce: [msla32.exe] C:\WINDOWS\system32\msla32.exe
O4 - HKLM\..\RunOnce: [ieti.exe] C:\WINDOWS\system32\ieti.exe
O4 - HKLM\..\RunOnce: [ipjm.exe] C:\WINDOWS\system32\ipjm.exe
O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\system32\mfcws.exe
O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\system32\addep.exe
O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\d3jr32.exe
O4 - HKLM\..\RunOnce: [sysvh32.exe] C:\WINDOWS\sysvh32.exe
O4 - HKLM\..\RunOnce: [crlx32.exe] C:\WINDOWS\system32\crlx32.exe
O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe
O4 - HKLM\..\RunOnce: [apppw32.exe] C:\WINDOWS\system32\apppw32.exe
O4 - HKLM\..\RunOnce: [atlwe.exe] C:\WINDOWS\atlwe.exe
O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\system32\appxf.exe
O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\ipnu32.exe
O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe
O4 - HKLM\..\RunOnce: [sdkgn.exe] C:\WINDOWS\system32\sdkgn.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe
O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: http://192.168.0.1
O15 - Trusted IP range: http://81.77.11.109
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
The problem still seems to be there. I think the only solution is to reinstall windows. When rebooting the machine I was informed of a whole load of files that could not be found. I assume by reinstalling windows these files will be restored?
Many thanks for your help.
Rick