Sponsored By

Rick210468

Members
  • Content Count

    12
  • Joined

  • Last visited

About Rick210468

  • Rank
    Member
  1. Rick210468

    Spyware Removal <ab>

    I folllowed the instruction that you kindly provided. Here are the follwing results: About buster log: Scanned at: 18:46:45 on: 12/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\KB885835.log:azuht C:\WINDOWS\opt_5030.ini:vgqlz C:\WINDOWS\Q323183.log:abzru C:\WINDOWS\SLSPTLNO.INI:pdani Removed! : C:\WINDOWS\hswjz.dat Removed! : C:\WINDOWS\system32\ekrge.dat Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\KB885835.log:azuht C:\WINDOWS\opt_5030.ini:vgqlz C:\WINDOWS\Q323183.log:abzru C:\WINDOWS\SLSPTLNO.INI:pdani Attempted Clean Of Temp folder. Pages Reset... Done! Scanned at: 09:36:13 on: 13/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Removed! : C:\WINDOWS\ddndf.dat Removed! : C:\WINDOWS\gzdjs.dat Removed! : C:\WINDOWS\lriyi.dat Removed! : C:\WINDOWS\uylmc.dat Removed! : C:\WINDOWS\system32\bnjdj.dat Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! Scanned at: 10:08:03 on: 13/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! Scanned at: 14:54:59 on: 16/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\njyup.txt:dyhdo Removed 2 Random Key Entries Removed! : C:\WINDOWS\system32\gripi.dat Removed! : C:\WINDOWS\system32\grxxl.dat Removed! : C:\WINDOWS\system32\jhkuo.dat Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\njyup.txt:dyhdo Attempted Clean Of Temp folder. Pages Reset... Done! Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 14:55:29, on 16/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe O1 - Hosts: 84.66.219.98 cfm.zapto.org O1 - Hosts: 70.85.147.68 forum.iamnotageek.com O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com O1 - Hosts: 66.35.253.32 housecall.trendmicro.com O1 - Hosts: 207.246.157.244 oldsexlinks.com O1 - Hosts: 67.138.240.11 primehostreviews.com O1 - Hosts: 66.28.176.86 shadow.atkingdom.com O1 - Hosts: 207.246.157.249 spunkermovies.com O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk O1 - Hosts: 67.43.1.57 www.besttechie.net O1 - Hosts: 213.150.62.120 www.bitdefender.com O1 - Hosts: 66.55.148.147 www.cosmic-cum.com O1 - Hosts: 66.98.132.62 www.emsisoft.com O1 - Hosts: 66.28.176.236 www.erotiqlinks.com O1 - Hosts: 194.60.170.7 www.experian.co.uk O1 - Hosts: 63.105.4.85 www.hsbc.com O1 - Hosts: 66.250.223.113 www.localfoxes.net O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com O1 - Hosts: 193.108.153.116 www.pandasoftware.com O1 - Hosts: 213.233.121.11 www.ravantivirus.com O1 - Hosts: 212.227.253.104 www.safer-networking.org O1 - Hosts: 69.50.130.78 www.snakesworld.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O1 - Hosts: 62.149.140.14 www.spamihilator.com O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {FEDF758B-DA6A-9E13-D256-1A83178C70DC} - C:\WINDOWS\system32\mszc32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe O4 - HKLM\..\Run: [iezf32.exe] C:\WINDOWS\iezf32.exe O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe O4 - HKLM\..\RunOnce: [iplx.exe] C:\WINDOWS\system32\iplx.exe O4 - HKLM\..\RunOnce: [winrc.exe] C:\WINDOWS\system32\winrc.exe O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe O4 - HKLM\..\RunOnce: [iens.exe] C:\WINDOWS\system32\iens.exe O4 - HKLM\..\RunOnce: [mfcaa.exe] C:\WINDOWS\system32\mfcaa.exe O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\system32\iefc32.exe O4 - HKLM\..\RunOnce: [addkg.exe] C:\WINDOWS\system32\addkg.exe O4 - HKLM\..\RunOnce: [d3pa.exe] C:\WINDOWS\system32\d3pa.exe O4 - HKLM\..\RunOnce: [sdkxz.exe] C:\WINDOWS\sdkxz.exe O4 - HKLM\..\RunOnce: [atlcu.exe] C:\WINDOWS\atlcu.exe O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINDOWS\mseq.exe O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe O4 - HKLM\..\RunOnce: [atltg32.exe] C:\WINDOWS\system32\atltg32.exe O4 - HKLM\..\RunOnce: [ipkn32.exe] C:\WINDOWS\system32\ipkn32.exe O4 - HKLM\..\RunOnce: [sysst32.exe] C:\WINDOWS\sysst32.exe O4 - HKLM\..\RunOnce: [javaxn.exe] C:\WINDOWS\system32\javaxn.exe O4 - HKLM\..\RunOnce: [mfccr.exe] C:\WINDOWS\system32\mfccr.exe O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe O4 - HKLM\..\RunOnce: [crly32.exe] C:\WINDOWS\system32\crly32.exe O4 - HKLM\..\RunOnce: [ieqc.exe] C:\WINDOWS\ieqc.exe O4 - HKLM\..\RunOnce: [mszc32.exe] C:\WINDOWS\system32\mszc32.exe O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\d3nz32.exe O4 - HKLM\..\RunOnce: [ipsv32.exe] C:\WINDOWS\ipsv32.exe O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe O4 - HKLM\..\RunOnce: [winsl.exe] C:\WINDOWS\system32\winsl.exe O4 - HKLM\..\RunOnce: [ipwv.exe] C:\WINDOWS\ipwv.exe O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\ipvf32.exe O4 - HKLM\..\RunOnce: [apiof32.exe] C:\WINDOWS\apiof32.exe O4 - HKLM\..\RunOnce: [msla32.exe] C:\WINDOWS\system32\msla32.exe O4 - HKLM\..\RunOnce: [ieti.exe] C:\WINDOWS\system32\ieti.exe O4 - HKLM\..\RunOnce: [ipjm.exe] C:\WINDOWS\system32\ipjm.exe O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\system32\mfcws.exe O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\system32\addep.exe O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\d3jr32.exe O4 - HKLM\..\RunOnce: [sysvh32.exe] C:\WINDOWS\sysvh32.exe O4 - HKLM\..\RunOnce: [crlx32.exe] C:\WINDOWS\system32\crlx32.exe O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe O4 - HKLM\..\RunOnce: [apppw32.exe] C:\WINDOWS\system32\apppw32.exe O4 - HKLM\..\RunOnce: [atlwe.exe] C:\WINDOWS\atlwe.exe O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\system32\appxf.exe O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\ipnu32.exe O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe O4 - HKLM\..\RunOnce: [sdkgn.exe] C:\WINDOWS\system32\sdkgn.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted IP range: http://192.168.0.1 O15 - Trusted IP range: http://81.77.11.109 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) The problem still seems to be there. I think the only solution is to reinstall windows. When rebooting the machine I was informed of a whole load of files that could not be found. I assume by reinstalling windows these files will be restored? Many thanks for your help. Rick
  2. Rick210468

    Spyware Removal <ab>

    OK: here is the last hijackthis lof that I conducted: Logfile of HijackThis v1.99.1 Scan saved at 18:33:30, on 13/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pqxvx.dll/sp.html#37049 R3 - Default URLSearchHook is missing O1 - Hosts: 84.66.219.98 cfm.zapto.org O1 - Hosts: 70.85.147.68 forum.iamnotageek.com O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com O1 - Hosts: 66.35.253.32 housecall.trendmicro.com O1 - Hosts: 207.246.157.244 oldsexlinks.com O1 - Hosts: 67.138.240.11 primehostreviews.com O1 - Hosts: 206.204.52.6 security.symantec.com O1 - Hosts: 66.28.176.86 shadow.atkingdom.com O1 - Hosts: 207.246.157.249 spunkermovies.com O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk O1 - Hosts: 67.43.1.57 www.besttechie.net O1 - Hosts: 213.150.62.120 www.bitdefender.com O1 - Hosts: 66.55.148.147 www.cosmic-cum.com O1 - Hosts: 66.28.176.236 www.erotiqlinks.com O1 - Hosts: 194.60.170.7 www.experian.co.uk O1 - Hosts: 66.249.87.99 www.google.co.uk O1 - Hosts: 63.105.4.85 www.hsbc.com O1 - Hosts: 66.250.223.113 www.localfoxes.net O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com O1 - Hosts: 193.108.153.116 www.pandasoftware.com O1 - Hosts: 213.233.121.11 www.ravantivirus.com O1 - Hosts: 212.227.253.104 www.safer-networking.org O1 - Hosts: 69.50.130.78 www.snakesworld.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O1 - Hosts: 202.27.184.102 www.xtra.co.nz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {FBF77D9B-CA17-A517-257C-C38A16C5AD4F} - C:\WINDOWS\mfcae32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe O4 - HKLM\..\RunOnce: [sysbj.exe] C:\WINDOWS\sysbj.exe O4 - HKLM\..\RunOnce: [appsm.exe] C:\WINDOWS\system32\appsm.exe O4 - HKLM\..\RunOnce: [apiif.exe] C:\WINDOWS\apiif.exe O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe O4 - HKLM\..\RunOnce: [msfq.exe] C:\WINDOWS\system32\msfq.exe O4 - HKLM\..\RunOnce: [ntks32.exe] C:\WINDOWS\system32\ntks32.exe O4 - HKLM\..\RunOnce: [javafp32.exe] C:\WINDOWS\system32\javafp32.exe O4 - HKLM\..\RunOnce: [mfclj.exe] C:\WINDOWS\system32\mfclj.exe O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe O4 - HKLM\..\RunOnce: [apiqf32.exe] C:\WINDOWS\apiqf32.exe O4 - HKLM\..\RunOnce: [winea.exe] C:\WINDOWS\winea.exe O4 - HKLM\..\RunOnce: [d3am.exe] C:\WINDOWS\system32\d3am.exe O4 - HKLM\..\RunOnce: [mfcxm.exe] C:\WINDOWS\system32\mfcxm.exe O4 - HKLM\..\RunOnce: [mslj.exe] C:\WINDOWS\system32\mslj.exe O4 - HKLM\..\RunOnce: [appvf32.exe] C:\WINDOWS\system32\appvf32.exe O4 - HKLM\..\RunOnce: [winql32.exe] C:\WINDOWS\winql32.exe O4 - HKLM\..\RunOnce: [crvn.exe] C:\WINDOWS\crvn.exe O4 - HKLM\..\RunOnce: [appuu.exe] C:\WINDOWS\appuu.exe O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\system32\sdkgr32.exe O4 - HKLM\..\RunOnce: [mfcml.exe] C:\WINDOWS\mfcml.exe O4 - HKLM\..\RunOnce: [javagz.exe] C:\WINDOWS\system32\javagz.exe O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\winkj32.exe O4 - HKLM\..\RunOnce: [crpl32.exe] C:\WINDOWS\system32\crpl32.exe O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe O4 - HKLM\..\RunOnce: [netcv.exe] C:\WINDOWS\system32\netcv.exe O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\system32\ipwh32.exe O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\system32\addcj32.exe O4 - HKLM\..\RunOnce: [ntkj.exe] C:\WINDOWS\system32\ntkj.exe O4 - HKLM\..\RunOnce: [javakx32.exe] C:\WINDOWS\javakx32.exe O4 - HKLM\..\RunOnce: [apipr32.exe] C:\WINDOWS\apipr32.exe O4 - HKLM\..\RunOnce: [sysuv32.exe] C:\WINDOWS\sysuv32.exe O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe O4 - HKLM\..\RunOnce: [ntxk.exe] C:\WINDOWS\system32\ntxk.exe O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe O4 - HKLM\..\RunOnce: [winmn.exe] C:\WINDOWS\system32\winmn.exe O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\system32\crzh32.exe O4 - HKLM\..\RunOnce: [apilj32.exe] C:\WINDOWS\system32\apilj32.exe O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\system32\sysyd.exe O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\ieec32.exe O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\system32\sdkjw.exe O4 - HKLM\..\RunOnce: [atlie32.exe] C:\WINDOWS\system32\atlie32.exe O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\system32\javaxs32.exe O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\appxa.exe O4 - HKLM\..\RunOnce: [sysbe.exe] C:\WINDOWS\system32\sysbe.exe O4 - HKLM\..\RunOnce: [mfcqu32.exe] C:\WINDOWS\mfcqu32.exe O4 - HKLM\..\RunOnce: [ntgb32.exe] C:\WINDOWS\system32\ntgb32.exe O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\system32\netbn.exe O4 - HKLM\..\RunOnce: [mfcfo.exe] C:\WINDOWS\mfcfo.exe O4 - HKLM\..\RunOnce: [ntjs32.exe] C:\WINDOWS\ntjs32.exe O4 - HKLM\..\RunOnce: [netsb.exe] C:\WINDOWS\netsb.exe O4 - HKLM\..\RunOnce: [netyp32.exe] C:\WINDOWS\netyp32.exe O4 - HKLM\..\RunOnce: [netnm32.exe] C:\WINDOWS\system32\netnm32.exe O4 - HKLM\..\RunOnce: [winrj32.exe] C:\WINDOWS\winrj32.exe O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe O4 - HKLM\..\RunOnce: [appft.exe] C:\WINDOWS\appft.exe O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\system32\addpr.exe O4 - HKLM\..\RunOnce: [croh32.exe] C:\WINDOWS\croh32.exe O4 - HKLM\..\RunOnce: [sdkjl.exe] C:\WINDOWS\system32\sdkjl.exe O4 - HKLM\..\RunOnce: [ipeu32.exe] C:\WINDOWS\system32\ipeu32.exe O4 - HKLM\..\RunOnce: [apihy.exe] C:\WINDOWS\apihy.exe O4 - HKLM\..\RunOnce: [wingo32.exe] C:\WINDOWS\wingo32.exe O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe O4 - HKLM\..\RunOnce: [javaaf.exe] C:\WINDOWS\system32\javaaf.exe O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\iewj32.exe O4 - HKLM\..\RunOnce: [crgr.exe] C:\WINDOWS\system32\crgr.exe O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\d3tg32.exe O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe O4 - HKLM\..\RunOnce: [ieiq.exe] C:\WINDOWS\ieiq.exe O4 - HKLM\..\RunOnce: [crxy.exe] C:\WINDOWS\crxy.exe O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINDOWS\system32\nethq32.exe O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe O4 - HKLM\..\RunOnce: [sdkhm32.exe] C:\WINDOWS\sdkhm32.exe O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\ipfh.exe O4 - HKLM\..\RunOnce: [addep32.exe] C:\WINDOWS\addep32.exe O4 - HKLM\..\RunOnce: [winnn32.exe] C:\WINDOWS\system32\winnn32.exe O4 - HKLM\..\RunOnce: [msxo.exe] C:\WINDOWS\msxo.exe O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe O4 - HKLM\..\RunOnce: [apilq.exe] C:\WINDOWS\apilq.exe O4 - HKLM\..\RunOnce: [crbf32.exe] C:\WINDOWS\system32\crbf32.exe O4 - HKLM\..\RunOnce: [winle32.exe] C:\WINDOWS\winle32.exe O4 - HKLM\..\RunOnce: [addtk.exe] C:\WINDOWS\addtk.exe O4 - HKLM\..\RunOnce: [addnd32.exe] C:\WINDOWS\system32\addnd32.exe O4 - HKLM\..\RunOnce: [d3bn32.exe] C:\WINDOWS\d3bn32.exe O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\addkg32.exe O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\system32\javako.exe O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\system32\netoa.exe O4 - HKLM\..\RunOnce: [mfcyy.exe] C:\WINDOWS\mfcyy.exe O4 - HKLM\..\RunOnce: [apphz32.exe] C:\WINDOWS\system32\apphz32.exe O4 - HKLM\..\RunOnce: [appnw.exe] C:\WINDOWS\appnw.exe O4 - HKLM\..\RunOnce: [appbs.exe] C:\WINDOWS\system32\appbs.exe O4 - HKLM\..\RunOnce: [netmr32.exe] C:\WINDOWS\netmr32.exe O4 - HKLM\..\RunOnce: [crwk32.exe] C:\WINDOWS\system32\crwk32.exe O4 - HKLM\..\RunOnce: [mfces32.exe] C:\WINDOWS\mfces32.exe O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\system32\javazd32.exe O4 - HKLM\..\RunOnce: [msdi.exe] C:\WINDOWS\system32\msdi.exe O4 - HKLM\..\RunOnce: [crmi32.exe] C:\WINDOWS\system32\crmi32.exe O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\system32\apigz.exe O4 - HKLM\..\RunOnce: [msak.exe] C:\WINDOWS\system32\msak.exe O4 - HKLM\..\RunOnce: [javaqz.exe] C:\WINDOWS\javaqz.exe O4 - HKLM\..\RunOnce: [msvc.exe] C:\WINDOWS\system32\msvc.exe O4 - HKLM\..\RunOnce: [javazo.exe] C:\WINDOWS\javazo.exe O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\system32\winod32.exe O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\iesm32.exe O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\system32\sysdy.exe O4 - HKLM\..\RunOnce: [atlhc32.exe] C:\WINDOWS\system32\atlhc32.exe O4 - HKLM\..\RunOnce: [addqc.exe] C:\WINDOWS\system32\addqc.exe O4 - HKLM\..\RunOnce: [sdkri.exe] C:\WINDOWS\sdkri.exe O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe O4 - HKLM\..\RunOnce: [ntjw32.exe] C:\WINDOWS\system32\ntjw32.exe O4 - HKLM\..\RunOnce: [sdkci32.exe] C:\WINDOWS\sdkci32.exe O4 - HKLM\..\RunOnce: [apibv32.exe] C:\WINDOWS\system32\apibv32.exe O4 - HKLM\..\RunOnce: [sysyr32.exe] C:\WINDOWS\system32\sysyr32.exe O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\system32\netbd.exe O4 - HKLM\..\RunOnce: [javazy32.exe] C:\WINDOWS\javazy32.exe O4 - HKLM\..\RunOnce: [netmi.exe] C:\WINDOWS\system32\netmi.exe O4 - HKLM\..\RunOnce: [nteq.exe] C:\WINDOWS\nteq.exe O4 - HKLM\..\RunOnce: [crwr32.exe] C:\WINDOWS\system32\crwr32.exe O4 - HKLM\..\RunOnce: [sysmy.exe] C:\WINDOWS\system32\sysmy.exe O4 - HKLM\..\RunOnce: [iewx.exe] C:\WINDOWS\iewx.exe O4 - HKLM\..\RunOnce: [ntum32.exe] C:\WINDOWS\ntum32.exe O4 - HKLM\..\RunOnce: [mfctc32.exe] C:\WINDOWS\system32\mfctc32.exe O4 - HKLM\..\RunOnce: [sdkpe32.exe] C:\WINDOWS\sdkpe32.exe O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe O4 - HKLM\..\RunOnce: [appda.exe] C:\WINDOWS\system32\appda.exe O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\apinb.exe O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\sysmj32.exe O4 - HKLM\..\RunOnce: [netby32.exe] C:\WINDOWS\system32\netby32.exe O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\appsl32.exe O4 - HKLM\..\RunOnce: [d3wh32.exe] C:\WINDOWS\d3wh32.exe O4 - HKLM\..\RunOnce: [atlzt32.exe] C:\WINDOWS\atlzt32.exe O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe O4 - HKLM\..\RunOnce: [netzp32.exe] C:\WINDOWS\netzp32.exe O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\sdkxw.exe O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINDOWS\system32\ieta32.exe O4 - HKLM\..\RunOnce: [crdb.exe] C:\WINDOWS\system32\crdb.exe O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\system32\mfclh.exe O4 - HKLM\..\RunOnce: [iekw32.exe] C:\WINDOWS\system32\iekw32.exe O4 - HKLM\..\RunOnce: [javaam.exe] C:\WINDOWS\javaam.exe O4 - HKLM\..\RunOnce: [apizt32.exe] C:\WINDOWS\apizt32.exe O4 - HKLM\..\RunOnce: [winxj32.exe] C:\WINDOWS\system32\winxj32.exe O4 - HKLM\..\RunOnce: [sysbs.exe] C:\WINDOWS\sysbs.exe O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe O4 - HKLM\..\RunOnce: [wingx.exe] C:\WINDOWS\wingx.exe O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe O4 - HKLM\..\RunOnce: [atlot32.exe] C:\WINDOWS\system32\atlot32.exe O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe O4 - HKLM\..\RunOnce: [msik.exe] C:\WINDOWS\msik.exe O4 - HKLM\..\RunOnce: [addeo32.exe] C:\WINDOWS\system32\addeo32.exe O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe O4 - HKLM\..\RunOnce: [netcd32.exe] C:\WINDOWS\system32\netcd32.exe O4 - HKLM\..\RunOnce: [appgn.exe] C:\WINDOWS\appgn.exe O4 - HKLM\..\RunOnce: [ntsx.exe] C:\WINDOWS\ntsx.exe O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted IP range: http://192.168.0.1 O15 - Trusted IP range: http://81.77.11.109 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaml.exe" /s (file missing) O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) I hope this is getting one step closer to where I need to be, but it doesn't feel like it. Your help and assistance is invaluable, thank you. Now.....It's friday, i'm fed up, irritated and tired. I'm going to drink a beer. Regards Rck
  3. Rick210468

    Spyware Removal <ab>

    Hi, Right then here we go: I ran through the last set of instructions that you provided. Here is a copy of the report that I obtained from the scan that was conducted on the RAV website: started at 13/05/2005 16:13:40 Scanning memory... Scanning boot sectors... Scanning files... C:\WINDOWS\002629_.tmp->ADS:ymwlp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\002629_.tmp->ADS:cxhtcd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\aaxexfg.cfg->ADS:fdnuj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\addad.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addci32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\addep32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addfd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addhj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addhv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addiw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addjn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addjw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addkg32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addkv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addnf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addnk.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addoh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addqw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addrd.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addry32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addsp32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addtk.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addyh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\addzv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apibw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apidt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apidu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apidv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apidw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiee32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apihq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apihy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiif.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apije32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apijh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apilq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apilr.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apipm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apipr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiqf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apirt.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apisy32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiut.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apivt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apixw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiyp.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apiyv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appaj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appav.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appay.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appby32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appdg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appet32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appeu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appft.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appge32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appha.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apphd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apphn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appih32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appkl32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appky.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\applf.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appmm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appnw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appoi.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appra.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\apprz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appsk32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appuu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appwb32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appwv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\appxa.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlbg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlcr.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlcv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlfd.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlfo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlgi.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlhp32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlhw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlin32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atliw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atljn32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlmg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlnd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlnw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlqd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atltc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atlyy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\atzrz.log->ADS:gdxjs - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\aucfg.ini->ADS:hlzmwx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Bclwdde.ini->ADS:kdzkw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Bclwdde.ini->ADS:dteig - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Bclwdde.ini->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Blue Lace 16.bmp->ADS:osukd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Blue Lace 16.bmp->ADS:fqgwr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BlueSpaceNE.INI->ADS:fcamv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BRRBATOM_1430->ADS:fvfbk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BRWMARK.INI->ADS:rsxqq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BRWMARK.INI->ADS:qkymt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BTI.INI->ADS:kzyzte - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\BTI.INI->ADS:gzyzs - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\cmsetacl.log->ADS:sjceh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\crbe32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crdv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crek.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crey32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crgf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crhy32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\crio32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\crle.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crlo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crml.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crne.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\croh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crpo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crtl32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crtm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crto32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crvg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crvn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crxy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\cryi.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\cryu32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crzb32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\crzo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\CTPDB.INI->ADS:hzpnm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPDB.INI->ADS:gsmfo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPDEMO.INI->ADS:ycjfh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPDEMO.INI->ADS:qnepb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPEDI.INI->ADS:xootn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPEDI.INI->ADS:czivw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPEDI.INI->ADS:bectw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\CTPEDI.INI->ADS:adbrx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\cwydf.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\d3ad.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3ao32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3ar.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\d3bn32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3ca32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3ec.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3ep.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3fo32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3he32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3iz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3lf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3mg32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3pb.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3qs32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3qu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3qz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3sr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3sz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3tg32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3tk32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3vg32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3vj.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3vs32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\d3wt.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\dahotfix.log->ADS:kwrcb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\DBNAMES.CFG->ADS:yewue - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\desktop.ini->ADS:cjdvl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\dsmwq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\DtcInstall.log->ADS:cmbrq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\EQIMEX.INI->ADS:bzlsm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\eXInsUtl.ini->ADS:vtzed - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\eXInsUtl.ini->ADS:iirmj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\explorer.scf->ADS:jgqzg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\FaxSetup.log->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\FeatherTexture.bmp->ADS:upwlu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ftbqo.txt->ADS:gvgll - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\gatbn.txt->ADS:zwbws - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\gatbn.txt->ADS:lboua - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Gone Fishing.bmp->ADS:pqbkt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Gone Fishing.bmp->ADS:hcsrw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Gone Fishing.bmp->ADS:gleyq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\gvhpv.txt->ADS:gysfc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\hcmgc.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\IE4 Error Log.txt->ADS:zylkw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\IE4 Error Log.txt->ADS:yxuab - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\IE4 Error Log.txt->ADS:lusxy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\iecc32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iecd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieck32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iecm.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieec32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iegh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iehm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iehu32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iein32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieiq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iekd32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ielh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieli.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ielj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iepe32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iepk.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iepw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieqm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ierl32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\iesm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iesq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieto32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieuu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ievo32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ievy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iewj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iexc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ieyd.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iezh.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\iezx.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iis6.log->ADS:qgcfc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\imsins.BAK->ADS:gjkcb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\imsins.BAK->ADS:dybqf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\intuprof.ini->ADS:ypfoc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\intuprof.ini->ADS:kyghj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\intuprof.ini->ADS:dfyxq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ipam32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipbs32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipcb32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipdf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipfh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipfn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipfu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipgr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iphc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iphy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipiz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipjb.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipjn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iplf.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\iplp.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iptm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipwt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ipxm.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\iuijk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\jautoexp.dat->ADS:snnfj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\javabr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javacf32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaev.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javafx32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaho32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javahw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javajm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javako.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javakq32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaku32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javakx32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javalw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javamc32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaml.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javapl.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaqz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javavo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javawc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaxd.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javayg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javayx32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javaza.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\javazo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\KB810217.log->ADS:eqfiq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB817611.log->ADS:wkdds - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB817611.log->ADS:swmgm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB820291.log->ADS:hfriu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB822603.log->ADS:vgest - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB822603.log->ADS:ialjdj - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\KB822827.log->ADS:jsjuc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB822827.log->ADS:jnfnsq - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\KB823182.log->ADS:olujp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB823182.log->ADS:fmrqy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB823182.log->ADS:erudg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB824105.log->ADS:nhxxn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB824105.log->ADS:clxrp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB824141.log->ADS:ywaeh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB824141.log->ADS:bihro - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB825119.log->ADS:qqsaj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB826942.log->ADS:ueunj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB826942.log->ADS:mpiggd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB828028.log->ADS:tbrhr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB828028.log->ADS:ksldl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB828028.log->ADS:jrdom - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB828028.log->ADS:gbklm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB833987.log->ADS:lepkq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log->ADS:ieunl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB839643-DirectX9.log->ADS:qutzd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB840315.log->ADS:popvyx - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\KB840374.log->ADS:secry - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB840374.log->ADS:clial - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB841356.log->ADS:ujbow - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB841356.log->ADS:fxakk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB841533.log->ADS:txkux - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB873339.log->ADS:dvtoc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB873376.log->ADS:ppton - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB887811.log->ADS:aobmg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log->ADS:jrmrsz - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\kqbvj.log->ADS:iukcy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ktmqz.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\Max75.tsf->ADS:myclj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Maximizer.MIF->ADS:taynu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Maximizer.MIF->ADS:crwxub - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\MaxSelfreg.log->ADS:zxedyv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\MedCtrOC.log->ADS:lbxzp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\MedCtrOC.log->ADS:khcwz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\mfcae32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcej32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfces32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcev.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcfo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcgm.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcjq32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfckb.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcke.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcml.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcmp.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcmv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcqb.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcqu32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mfcyc.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\mfcyy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mlanj.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\mmroa.log->ADS:fleyl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ModemLog_CXT AC-Link Modem for Intel.txt->ADS:lwysq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link.txt->ADS:mqwms - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msan.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msbt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msdfmap.ini->ADS:lmjab - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msdfmap.ini->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msdfmap.ini->ADS:ciuctx - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msfa32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msga32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msge.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msgr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msgt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msgw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mshx32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msjg32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mskv.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\mskx32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\mslw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msmqinst.log->ADS:jtayw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msmqinst.log->ADS:itqrd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msmqinst.log->ADS:iamxh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msmqinst.log->ADS:fqxez - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\msmy.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msnl.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mssz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mstx32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msvq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msvy32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msvz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msxe.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msxi.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msxo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\msyb32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\mszn32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\naxmxtg.dat->ADS:auiwx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\nbupj.txt->ADS:njyupj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\netat.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netau.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netaz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netbz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netbz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netcw.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netdk.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netfxocm.log->ADS:odexm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\netfxocm.log->ADS:mvysr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\netfy32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netij32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netir32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netji32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netkg.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netlz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netmm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netmr32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netmv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netoz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netsb.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netya.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\netyo32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netyp32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netyv.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\netzw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntat32.exe - Trojan:Win32/Agent.BI -> Infected C:\WINDOWS\ntbt.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntbtlog.txt->ADS:zuqql - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ntbtlog.txt->ADS:rapmt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ntde32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntdj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntdn.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntdtcsetup.log->ADS:gzdun - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ntdtcsetup.log->ADS:bqadn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\nteh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntet.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\nthk32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntja.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntjs32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntmh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntmz.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntnu.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntnu32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntpa.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntqt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\nttc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntyh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntym.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\ntzr.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\oaybq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\ocgen.log->ADS:svidf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ocgen.log->ADS:bmmrd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ocmsn.log->ADS:uxjok - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ocmsn.log->ADS:upyfu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ocmsn.log->ADS:rtpzt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ocmsn.log->ADS:gqgcn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ODBC.INI->ADS:mbnmi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ODBC.INI->ADS:jdupw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\ODBCINST.INI->ADS:wzbya - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\OEWABLog.txt->ADS:pnper - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\opt_5030.ini->ADS:ugfoa - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\opt_5030.ini->ADS:kcmqh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\oqdgt.txt->ADS:zorxr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\otqdl.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\PCPCONT.INI->ADS:hpnqxb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\PCPCONT.INI->ADS:hcnhj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\PKFI.INI->ADS:lnkpn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\pqxvx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\psql.MIF->ADS:qajdt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\pvsw.log->ADS:zilbq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\pvsw.log->ADS:xpvwu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\pvsw.log->ADS:evmnb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q307419.log->ADS:uxvfa - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q327979.log->ADS:ukhro - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q327979.log->ADS:ajxjv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q811228.log->ADS:xymwm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q811228.log->ADS:jwyvk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q811789.log->ADS:rktmqz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q811789.log->ADS:nlswi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813818.log->ADS:hknpfy - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\Q813818.log->ADS:hayas - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813818.log->ADS:fvaek - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813862.log->ADS:lckkr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813862.log->ADS:hsbit - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813942.log->ADS:ycdxe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q813942.log->ADS:adnut - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q814995.log->ADS:nporp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q815917.log->ADS:vprcx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q816048.log->ADS:zbiof - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q816048.log->ADS:qwxce - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Q816048.log->ADS:cmwwm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\quicken.lic->ADS:lzztv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\QUOTES.INI->ADS:excqqn - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\qwimp.ini->ADS:lvkpi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\qwimp.ini->ADS:ebtpn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\REGKEYCR.INI->ADS:uugim - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\REGLOCS.OLD->ADS:wquwsx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\REGLOCS.OLD->ADS:jychw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\REGLOCS.OLD->ADS:fribo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Rhododendron.bmp->ADS:mvzca - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\rvtov.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\Santa Fe Stucco.bmp->ADS:nxfwr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sccli.dat->ADS:mwmfn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SchedLgU.Txt->ADS:uhfad - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SchedLgU.Txt->ADS:qgklv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sdkcs32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sdkdm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkfh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkhm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdklh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkoo.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkqh.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkri.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdktj.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdktp32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkwc32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkxh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sdkzb32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sdkzq32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sessmgr.setup.log->ADS:vhdbc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sessmgr.setup.log->ADS:fckni - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\setupact.log->ADS:urmfp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\setupapi.log->ADS:vznrxw - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\setuperr.log->ADS:zazse - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\setuperr.log->ADS:oqyfv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\setuperr.log->ADS:myndo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\setuplog.txt->ADS:fselr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sgdhz.txt->ADS:nzxfrg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sgdhz.txt->ADS:jtzjq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SLS.INI->ADS:vyypf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SLS.INI->ADS:iimeb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SLS.INI->ADS:gpmyj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SLS.INI->ADS:fuopg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\SLSPMODM.INI->ADS:giyiu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\smscfg.ini->ADS:vxutyn - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\smscfg.ini->ADS:owhhn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\smscfg.ini->ADS:fzrta - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\spupdsvc.log->ADS:yrugr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\spupdsvc.log->ADS:nymysy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sysal32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysaz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysbj.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysfc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysix32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\syski.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\syskr.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\syslm.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysls32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\syslv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysnq.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysnt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sysny32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysro32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\system.ini->ADS:lnrnd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\system.ini->ADS:aelxf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\sysuv32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysvq32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\syswt32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\sysxl32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\tabletoc.log->ADS:tyrie - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\tabletoc.log->ADS:atbzb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\tmupdate.ini->ADS:lmukr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\tmupdate.ini->ADS:jzyih - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\tsoc.log->ADS:kujyi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\tsoc.log->ADS:bumiko - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\txllx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\uemhs.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\uoyag.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\uwdeb.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:uvenm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:ggtuh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1280x1024.bmp->ADS:vwpwq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1400x1050.bmp->ADS:fabyz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:ufudc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:lfiom - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:hiqvk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1920x1200.bmp->ADS:qhddlz - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:wzetd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:rfvmp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:jnkvcq - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:akzsn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:zjjam - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:dfsth - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:apkcj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:ihvifj - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:bvjed - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:zyenw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:cgubea - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:jcmif - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:gjitt - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:atzrz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:xegzl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:tiovhm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:tdnak - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:fsdaz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:knjws - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:bdxvz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:xjiwy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:hkkra - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x1024.bmp->ADS:euhba - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x768.bmp->ADS:uatiq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x800.bmp->ADS:vyjnp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ujmdi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ualmq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ftxuw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1600x1200.bmp->ADS:xrdtiz - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:ovavf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:mtxmq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\vbaddin.ini->ADS:vpeifs - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\vbaddin.ini->ADS:qjwyi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\vbaddin.ini->ADS:pswycj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\vbaddin.ini->ADS:igogu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\W32UCADM.INI->ADS:qkbrrk - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\wgvlk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\wiadebug.log->ADS:nixozc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\wiadebug.log->ADS:mwask - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\wiaservc.log->ADS:yoybd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\win.ini->ADS:qirpv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\win.ini->ADS:duxrk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winau.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winco.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\wincz32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\WindowsUpdate.log->ADS:fsesup - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\windx.exe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winea.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winfs32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\wingc32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\wingo32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winib32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winig.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winjw32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winkj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winky32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winle32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winlm32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winmc.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winnt.bmp->ADS:mvsej - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winnt.bmp->ADS:kzpwq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winnt.bmp->ADS:kmfch - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winnt.bmp->ADS:efzbz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\winpl32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winql32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winqt.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winrb32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winrj32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winrx.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winuu32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winxh32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winze.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\winzk32.exe - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\WMPrfCSY.prx->ADS:oigbp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfCSY.prx->ADS:mxraj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfDeu.prx->ADS:ewkkd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFIN.prx->ADS:qiybn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFIN.prx->ADS:fcfjl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFIN.prx->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFRA.prx->ADS:vvvhpt - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\WMPrfFRA.prx->ADS:svyvg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFRA.prx->ADS:sllpj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfFRA.prx->ADS:mfiel - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfITA.prx->ADS:xggdo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfITA.prx->ADS:mlkzul - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfITA.prx->ADS:igjtf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfITA.prx->ADS:gofgz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfNLD.prx->ADS:pnzui - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMPrfPTG.prx->ADS:cuvpa - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\wmsetup10.log->ADS:rlnjc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\wmsetup10.log->ADS:hmlzg - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\wmsetup10.log->ADS:ajbci - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMSysPr9.prx->ADS:oxntx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMSysPr9.prx->ADS:opfei - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMSysPr9.prx->ADS:iqibd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WMSysPrx.prx->ADS:exaehp - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\WUCADMIN.INI->ADS:pjsmy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WUCADMIN.INI->ADS:lsjqq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\WUCADMIN.INI->ADS:lehpn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xaafg.log->ADS:sgvlo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xaafg.log->ADS:epfzj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xaafg.log->ADS:cytga - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xpsp1hfm.log->ADS:vxyfn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xpsp1hfm.log->ADS:fgqfu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xuqfs.txt->ADS:wgrdv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\xuqfs.txt->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\yafyj.log->ADS:tbugzi - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\yhbzq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\Zapotec.bmp->ADS:pgjix - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\Zapotec.bmp->ADS:etcvk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:kduyj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:kbtmdw - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\_default.pif->ADS:jxabgf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jvuem - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:juqqf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jtrlj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jrbsl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jraby - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jqlbi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:joshm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:joljf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jmciy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jlnzb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jjkup - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jjkru - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jeojnu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jccav - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:jbncul - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\_default.pif->ADS:irxke - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:irrdv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:irnkk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:iqqdy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ipnark - Trojan:Win32/Small.DV -> Infected C:\WINDOWS\_default.pif->ADS:iowsj - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:imlnu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:iihea - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ifhah - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ieffq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:iduoy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hzxok - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hozbd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hizqa - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hiqrl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hbxqk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:hblrn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gzuur - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gywkb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gyvog - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gufgp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gmyra - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gjkgz - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ghxzo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ghfxm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ghaeq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gefqa - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gbtin - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:gatbnh - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ftoor - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ftndx - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ftbqog - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:fkylq - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:fcflw - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:fauspc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ezwgk - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ezpzwi - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\_default.pif->ADS:ewhvr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ewdcm - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:embuu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ekvjy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ejouzl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:efhxu - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:eekbd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:ebcmv - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:eaaosd - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dyris - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dwzvxy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dwsyr - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dtwpnc - TrojanDownloader:Win32/WinShow.AK -> Suspicious C:\WINDOWS\_default.pif->ADS:dphcs - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dnkps - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dnjqi - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dmsbo - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dfgtzb - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:dcqmn - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cxxke - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cwfjp - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cukyl - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cjhtc - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cinya - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:chtln - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cehoqf - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cdrbe - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cblrfy - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_default.pif->ADS:cbgza - TrojanDownloader:Win32/Agent.BX -> Infected C:\WINDOWS\_defaul
  4. Rick210468

    Spyware Removal <ab>

    Alan, Just at home now and trying to go through your instructions again. However when I got to section 5 of your instructions and typed services.msc. I looked for Workstation NetLog services it was not there. What was there was Workstation . I just thought this might be relevant. I am not going to do anything until I hear from you. Regards Rick
  5. Rick210468

    Spyware Removal <ab>

    Alan, Just to let you know that I have also just noticed that there has appeared a folder on my desk top called backups. The folder has two file in there which have been modified on today date. I have checked the other four computers in my office and after checking the history on all of them is one other that has been surfing porn sites today. I noticed from the hijack this log that my laptop has been surfing pornsites today. I assume that this is how this stuff intalls itself on the system? Please advise in order for me to investigate this internally with my staff.
  6. Rick210468

    Spyware Removal <ab>

    Alan, I have followed the intructions that you provided. At point 5 the instruction stated to delete the following files C:\WINDOWS\system32\appvy.exe C:\WINDOWS\system32\ipju32.exe C:\WINDOWS\system32\ntsg32.exe I did this by going to search under start and searched for each file. The last one did not appear. I checked for it three times in order to be sure. Also, in point 4 the only files that appeared and that I checked were: 04 - HKLM\..\Run:[appvy.exe]C:\WINDOWS\system32\appvy.exe 04 - HKLM\..\RunOnce[ipju32.exe]C:\WINDOWS\system32\ipju.exe So I checked the boxes and clicked on fix checked. Here is the about blaster log: Scanned at: 18:46:45 on: 12/05/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\KB885835.log:azuht C:\WINDOWS\opt_5030.ini:vgqlz C:\WINDOWS\Q323183.log:abzru C:\WINDOWS\SLSPTLNO.INI:pdani Removed! : C:\WINDOWS\hswjz.dat Removed! : C:\WINDOWS\system32\ekrge.dat Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINDOWS\KB885835.log:azuht C:\WINDOWS\opt_5030.ini:vgqlz C:\WINDOWS\Q323183.log:abzru C:\WINDOWS\SLSPTLNO.INI:pdani Attempted Clean Of Temp folder. Pages Reset... Done! Here is the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 18:50:34, on 12/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe O1 - Hosts: 84.66.219.98 cfm.zapto.org O1 - Hosts: 70.85.147.68 forum.iamnotageek.com O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com O1 - Hosts: 66.35.253.32 housecall.trendmicro.com O1 - Hosts: 207.246.157.244 oldsexlinks.com O1 - Hosts: 67.138.240.11 primehostreviews.com O1 - Hosts: 66.28.176.86 shadow.atkingdom.com O1 - Hosts: 207.246.157.249 spunkermovies.com O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk O1 - Hosts: 67.43.1.57 www.besttechie.net O1 - Hosts: 66.55.148.147 www.cosmic-cum.com O1 - Hosts: 66.28.176.236 www.erotiqlinks.com O1 - Hosts: 194.60.170.7 www.experian.co.uk O1 - Hosts: 63.105.4.85 www.hsbc.com O1 - Hosts: 66.250.223.113 www.localfoxes.net O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com O1 - Hosts: 212.227.253.104 www.safer-networking.org O1 - Hosts: 69.50.130.78 www.snakesworld.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O1 - Hosts: 69.50.130.77 www.sonofsnake.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe O4 - HKLM\..\RunOnce: [addjw32.exe] C:\WINDOWS\addjw32.exe O4 - HKLM\..\RunOnce: [appsk32.exe] C:\WINDOWS\appsk32.exe O4 - HKLM\..\RunOnce: [mfcgm.exe] C:\WINDOWS\mfcgm.exe O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\system32\ielg32.exe O4 - HKLM\..\RunOnce: [d3os.exe] C:\WINDOWS\system32\d3os.exe O4 - HKLM\..\RunOnce: [iptm32.exe] C:\WINDOWS\iptm32.exe O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\apixw.exe O4 - HKLM\..\RunOnce: [ipod.exe] C:\WINDOWS\system32\ipod.exe O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe O4 - HKLM\..\RunOnce: [netat.exe] C:\WINDOWS\netat.exe O4 - HKLM\..\RunOnce: [javaev.exe] C:\WINDOWS\javaev.exe O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\system32\mfcfj32.exe O4 - HKLM\..\RunOnce: [ntyh32.exe] C:\WINDOWS\ntyh32.exe O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\system32\appdk.exe O4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS\system32\ntqp32.exe O4 - HKLM\..\RunOnce: [d3xi32.exe] C:\WINDOWS\system32\d3xi32.exe O4 - HKLM\..\RunOnce: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe O4 - HKLM\..\RunOnce: [ipiz.exe] C:\WINDOWS\ipiz.exe O4 - HKLM\..\RunOnce: [appwb32.exe] C:\WINDOWS\appwb32.exe O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe O4 - HKLM\..\RunOnce: [javalw32.exe] C:\WINDOWS\javalw32.exe O4 - HKLM\..\RunOnce: [sdkwc32.exe] C:\WINDOWS\sdkwc32.exe O4 - HKLM\..\RunOnce: [mfcke.exe] C:\WINDOWS\mfcke.exe O4 - HKLM\..\RunOnce: [winar.exe] C:\WINDOWS\system32\winar.exe O4 - HKLM\..\RunOnce: [mfcev.exe] C:\WINDOWS\mfcev.exe O4 - HKLM\..\RunOnce: [ippo32.exe] C:\WINDOWS\system32\ippo32.exe O4 - HKLM\..\RunOnce: [apisy32.exe] C:\WINDOWS\apisy32.exe O4 - HKLM\..\RunOnce: [ipmj.exe] C:\WINDOWS\system32\ipmj.exe O4 - HKLM\..\RunOnce: [crin32.exe] C:\WINDOWS\system32\crin32.exe O4 - HKLM\..\RunOnce: [ntrv.exe] C:\WINDOWS\system32\ntrv.exe O4 - HKLM\..\RunOnce: [sdkfk32.exe] C:\WINDOWS\system32\sdkfk32.exe O4 - HKLM\..\RunOnce: [sdklh32.exe] C:\WINDOWS\sdklh32.exe O4 - HKLM\..\RunOnce: [atlqd32.exe] C:\WINDOWS\atlqd32.exe O4 - HKLM\..\RunOnce: [sdktp32.exe] C:\WINDOWS\sdktp32.exe O4 - HKLM\..\RunOnce: [d3yt.exe] C:\WINDOWS\system32\d3yt.exe O4 - HKLM\..\RunOnce: [crzb32.exe] C:\WINDOWS\crzb32.exe O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe O4 - HKLM\..\RunOnce: [crtn.exe] C:\WINDOWS\system32\crtn.exe O4 - HKLM\..\RunOnce: [mfchr.exe] C:\WINDOWS\system32\mfchr.exe O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\system32\d3bd.exe O4 - HKLM\..\RunOnce: [sdkqk.exe] C:\WINDOWS\system32\sdkqk.exe O4 - HKLM\..\RunOnce: [sysgf32.exe] C:\WINDOWS\system32\sysgf32.exe O4 - HKLM\..\RunOnce: [ipgf.exe] C:\WINDOWS\system32\ipgf.exe O4 - HKLM\..\RunOnce: [mfckr32.exe] C:\WINDOWS\system32\mfckr32.exe O4 - HKLM\..\RunOnce: [winig.exe] C:\WINDOWS\winig.exe O4 - HKLM\..\RunOnce: [javahw32.exe] C:\WINDOWS\javahw32.exe O4 - HKLM\..\RunOnce: [netxe32.exe] C:\WINDOWS\system32\netxe32.exe O4 - HKLM\..\RunOnce: [ipfu.exe] C:\WINDOWS\ipfu.exe O4 - HKLM\..\RunOnce: [netgu.exe] C:\WINDOWS\system32\netgu.exe O4 - HKLM\..\RunOnce: [d3vj.exe] C:\WINDOWS\d3vj.exe O4 - HKLM\..\RunOnce: [sdkly32.exe] C:\WINDOWS\system32\sdkly32.exe O4 - HKLM\..\RunOnce: [javaej.exe] C:\WINDOWS\system32\javaej.exe O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted IP range: http://192.168.0.1 O15 - Trusted IP range: http://81.77.11.109 O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) I tried to follow the steps that you provided in section 8 however when trying to launch internet explorer my system had to search for the interent explorer. It then asked if I wanted to fix the problem as it could locate it. I said to fix it which it did and I was then able to get onto the interent as eplorer reactivated. However, the webpage set itself to about:blank and al of the favourates that had intalled themselves had not been removed from the favourates list. I then trid to log onto the free trendmicro housecall site and was initally able to do this. I disambled all of the pop up blockers and when trying to install the relevant software from the site (which I assume was the active x controls it experienced difficulties and asked if I wanted to send a report to Msoft. I clicked on no and explorer closed itself down. I tried to follow the same steps twice but to no avail. This is really worrying, what do you think? Thanks for your time and help, it is much appreciated. I will await your next guidance. Rick
  7. Rick210468

    Spyware Removal <ab>

    Hi all, I have recently experienced spyware intalling itself on my machine. Quite frankly I need help. I have downloaded spybot search and destroy, paid for adaware se pro and spyware eliminator (something like £80 in all) all of which have not been able remove anything from my laptop. My symptoms are: 1 Sites automatically added to my favourites. 2 My browser resetting itself to : about:blank After scanning my laptop with the relevant spyware software the results are: Cooolwwwsearch.aff.winshow URLSearchHook.Atlpz Startpage-EH I have printed off and read through the the case that was resolved for cultchie_girl but am not too sure if I am doing the right trhing firstly and secondly am slightly worried about deletingthings from the registry that could eally damage my system. I have conducted a hijackthis scan and the results are: Logfile of HijackThis v1.99.1 Scan saved at 21:23:40, on 10/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALURIA~1\asKernel.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\TightVNC\WinVNC.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\appvy.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe C:\Program Files\Maximizer\Mxalarm.exe C:\Program Files\Maximizer\Mxfinder.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted IP range: http://192.168.0.1 O15 - Trusted IP range: http://81.77.11.109 O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing) O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) I really do not know what the hell I am doing and need step by step guidance in plane english as to how to get rid of this stuff off my laptop. I have to say I did not know that services / forums like this existed. I am really impressed. Thank you in advance. Regards Rick
  8. Rick210468

    Spyware Removal

    Thank you for your calma. Very helpful. It's just not knowing how this all works.
  9. Rick210468

    Spyware Trouble?

    down loaded adaware today. se pro. does rectify the difficulty. I have noticed that someone else has had the same issues as I have. Will my hijackthis logs have the same results?
  10. Rick210468

    Spyware Removal

    Matt, sorry to be really thick but this is the first time I have used this kind of forum. How do i place this information into the hijackthis section?
  11. Rick210468

    Spyware Removal

    Dear All, I have had some spyware intalled onto my laptop. My home page resets itself to about:blank the scan from spybot search and destroy provides confirms the following: confirmation of Coolwwwsearch.aff.winshow URL.SearchHook.Atlpz Startpage-EH is installed on my laptop. I have run a hijackthis scan on my system and this is the result: Logfile of HijackThis v1.99.1 Scan saved at 21:23:40, on 10/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALURIA~1\asKernel.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\TightVNC\WinVNC.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\appvy.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe C:\Program Files\Maximizer\Mxalarm.exe C:\Program Files\Maximizer\Mxfinder.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted IP range: http://192.168.0.1 O15 - Trusted IP range: http://81.77.11.109 O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing) O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) Could someone please help me find my way through this maze and help me resolve this trouble. Thank you. R.
  12. Rick210468

    Spyware Trouble?

    I wonder if someone could help me? I have had an issue with my system in my browser. I have had things added to my favourites along with pop ups. Apart from being slightly irritating it's totally embarrasing having porn pop up on my screen when sitting with clients! I have down loaded spybot and purchased spyware eliminator but they do not seem to be ridding my machine of these troubles. On the spyware scan it has revealed the following: CoolWWWsearch.Aff.Winshow Startpage-EH Url.SearchHook.Atlpz How the hell does this stuff get on my machine and how the hell do I get it off. I would really appreciate someones help. Rick, Kingston Surrey UK