Rick210468

I folllowed the instruction that you kindly provided. Here are the follwing results: About buster log: Scanned at: 18:46:45 on: 12/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\KB885835.log:azuht C:\WINDOWS\opt_5030.ini:vgqlz C:\WINDOWS\Q323183.log:abzru C:\WINDOWS\SLSPTLNO.INI:pdani Removed! : C:\WINDOWS\hswjz.dat Removed! : C:\WINDOWS\system32\ekrge.dat Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C

OK: here is the last hijackthis lof that I conducted: Logfile of HijackThis v1.99.1 Scan saved at 18:33:30, on 13/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/

Hi, Right then here we go: I ran through the last set of instructions that you provided. Here is a copy of the report that I obtained from the scan that was conducted on the RAV website: started at 13/05/2005 16:13:40 Scanning memory... Scanning boot sectors... Scanning files... C:\WINDOWS\002629_.tmp->ADS:ymwlp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\002629_.tmp->ADS:cxhtcd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\aaxexfg.cfg->ADS:fdnuj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\addad.exe - Trojan:Win32/Small.DV -> Infecte

Alan, Just at home now and trying to go through your instructions again. However when I got to section 5 of your instructions and typed services.msc. I looked for Workstation NetLog services it was not there. What was there was Workstation . I just thought this might be relevant. I am not going to do anything until I hear from you. Regards Rick

Alan, Just to let you know that I have also just noticed that there has appeared a folder on my desk top called backups. The folder has two file in there which have been modified on today date. I have checked the other four computers in my office and after checking the history on all of them is one other that has been surfing porn sites today. I noticed from the hijack this log that my laptop has been surfing pornsites today. I assume that this is how this stuff intalls itself on the system? Please advise in order for me to investigate this internally with my staff.

Alan, I have followed the intructions that you provided. At point 5 the instruction stated to delete the following files C:\WINDOWS\system32\appvy.exe C:\WINDOWS\system32\ipju32.exe C:\WINDOWS\system32\ntsg32.exe I did this by going to search under start and searched for each file. The last one did not appear. I checked for it three times in order to be sure. Also, in point 4 the only files that appeared and that I checked were: 04 - HKLM\..\Run:[appvy.exe]C:\WINDOWS\system32\appvy.exe 04 - HKLM\..\RunOnce[ipju32.exe]C:\WINDOWS\system32\ipju.exe So I checked the boxes and clicked on fix ch

Hi all, I have recently experienced spyware intalling itself on my machine. Quite frankly I need help. I have downloaded spybot search and destroy, paid for adaware se pro and spyware eliminator (something like £80 in all) all of which have not been able remove anything from my laptop. My symptoms are: 1 Sites automatically added to my favourites. 2 My browser resetting itself to : about:blank After scanning my laptop with the relevant spyware software the results are: Cooolwwwsearch.aff.winshow URLSearchHook.Atlpz Startpage-EH I have printed off and read through the the case that was resol

Thank you for your calma. Very helpful. It's just not knowing how this all works.

down loaded adaware today. se pro. does rectify the difficulty. I have noticed that someone else has had the same issues as I have. Will my hijackthis logs have the same results?

Matt, sorry to be really thick but this is the first time I have used this kind of forum. How do i place this information into the hijackthis section?

Dear All, I have had some spyware intalled onto my laptop. My home page resets itself to about:blank the scan from spybot search and destroy provides confirms the following: confirmation of Coolwwwsearch.aff.winshow URL.SearchHook.Atlpz Startpage-EH is installed on my laptop. I have run a hijackthis scan on my system and this is the result: Logfile of HijackThis v1.99.1 Scan saved at 21:23:40, on 10/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\

I wonder if someone could help me? I have had an issue with my system in my browser. I have had things added to my favourites along with pop ups. Apart from being slightly irritating it's totally embarrasing having porn pop up on my screen when sitting with clients! I have down loaded spybot and purchased spyware eliminator but they do not seem to be ridding my machine of these troubles. On the spyware scan it has revealed the following: CoolWWWsearch.Aff.Winshow Startpage-EH Url.SearchHook.Atlpz How the hell does this stuff get on my machine and how the hell do I get it off. I would really