Sponsored By

Rick210468

Spyware Removal <ab>

Recommended Posts

Hi all,

I have recently experienced spyware intalling itself on my machine. Quite frankly I need help. I have downloaded spybot search and destroy, paid for adaware se pro and spyware eliminator (something like £80 in all) all of which have not been able remove anything from my laptop.

My symptoms are:

1 Sites automatically added to my favourites.

2 My browser resetting itself to : about:blank

After scanning my laptop with the relevant spyware software the results are:

Cooolwwwsearch.aff.winshow

URLSearchHook.Atlpz

Startpage-EH

I have printed off and read through the the case that was resolved for cultchie_girl

but am not too sure if I am doing the right trhing firstly and secondly am slightly worried about deletingthings from the registry that could eally damage my system.

I have conducted a hijackthis scan and the results are:

Logfile of HijackThis v1.99.1

Scan saved at 21:23:40, on 10/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALURIA~1\asKernel.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\sony\vaio power management\SPMgr.exe

C:\Program Files\sony\vaio update 2\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\WINDOWS\Logi_MwX.Exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\appvy.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe

C:\Program Files\Maximizer\Mxalarm.exe

C:\Program Files\Maximizer\Mxfinder.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe

O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe

O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O15 - Trusted IP range: http://192.168.0.1

O15 - Trusted IP range: http://81.77.11.109

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing)

O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe

O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

I really do not know what the hell I am doing and need step by step guidance in plane english as to how to get rid of this stuff off my laptop. I have to say I did not know that services / forums like this existed. I am really impressed. Thank you in advance.

Regards

Rick

Share this post


Link to post
Share on other sites

Hello Rick and welcome to BestTechie.

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

  1. Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.

[*]Prepare AboutBuster for use:

  • Download AboutBuster.
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update".
  • You should not run the program yet so click "Exit".

[*]Prepare cwsserviceremove.reg for use:

  • Download cwsserviceremove.zip.
  • Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.
  • Delete the cwsserviceremove.zip folder.
  • Please do not do anything with it yet.

[*]Reconfigure Windows XP to show hidden files:

  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Uncheck the "Hide file extensions for known file types" option.
  • Click Yes to confirm. Click OK.

[*]Disable the offending service.

  • Go to Start->Run and type Services.msc then hit Ok
  • Scroll down and find the service called : Workstation NetLogon Service
  • When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

Boot into Safe Mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

  1. Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".

[*]Remove the offending service:

  • Double-click on cwsserviceremove.reg you downloaded earlier.
  • When it asks you to merge the information to the registry click "Yes".

[*]Run AboutBuster and save the logs:

  • Browse to where you saved AboutBuster and run AboutBuster.exe.
  • Click OK at the directions prompt.
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I need a copy of it.

[*]Fix with Hijackthis:

  • Open Hijackthis, Run a scan and check the following:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lhuvy.dll/sp.html#83556
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
    O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe
    O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntsg32.exe (file missing)
  • With all other programs and browsers closed, click fix checked.

[*]Delete the following files:

  • C:\WINDOWS\system32\appvy.exe
    C:\WINDOWS\system32\ipju32.exe
    C:\WINDOWS\system32\ntsg32.exe

[*]Clean out temporary files:

  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.

[*]Restart your computer normally to return to normal mode.

[*]Free TrendMicro Housecall scan:

  • You'll need to use Internet Explorer or Netscape browsers to run this scan.
  • Vist the TrendMicro Housecall website.
  • Select your country from the drop-down list and click "Go".
  • Choose "Yes" at the ActiveX Security Warning prompt.
  • Please wait while the Housecall engine is updated.
  • Select the drives to be scanned by placing a check in their respective boxes.
  • Check the "Auto Clean" box.
  • Click "SCAN" in order to begin scanning your system.
  • Please be patient while Housecall scans your system for malicious files.
  • If not auto-cleaned, remove anything it finds.
  • Click "Close" to exit the Housecall scanner.
  • Choose "Yes" at the HouseCall message prompt.

[*]Prepare your reply:

  • Please post a fresh HijackThis log as a reply to this thread.
  • Please post the AboutBuster log.
  • Please note any complications you had.

Share this post


Link to post
Share on other sites

Alan,

I have followed the intructions that you provided. At point 5 the instruction stated to delete the following files

C:\WINDOWS\system32\appvy.exe

C:\WINDOWS\system32\ipju32.exe

C:\WINDOWS\system32\ntsg32.exe

I did this by going to search under start and searched for each file. The last one did not appear. I checked for it three times in order to be sure.

Also, in point 4 the only files that appeared and that I checked were:

04 - HKLM\..\Run:[appvy.exe]C:\WINDOWS\system32\appvy.exe

04 - HKLM\..\RunOnce[ipju32.exe]C:\WINDOWS\system32\ipju.exe

So I checked the boxes and clicked on fix checked.

Here is the about blaster log:

Scanned at: 18:46:45 on: 12/05/2005

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\KB885835.log:azuht

C:\WINDOWS\opt_5030.ini:vgqlz

C:\WINDOWS\Q323183.log:abzru

C:\WINDOWS\SLSPTLNO.INI:pdani

Removed! : C:\WINDOWS\hswjz.dat

Removed! : C:\WINDOWS\system32\ekrge.dat

Attempted Clean Of Temp folder.

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\KB885835.log:azuht

C:\WINDOWS\opt_5030.ini:vgqlz

C:\WINDOWS\Q323183.log:abzru

C:\WINDOWS\SLSPTLNO.INI:pdani

Attempted Clean Of Temp folder.

Pages Reset... Done!

Here is the hijackthis log:

Logfile of HijackThis v1.99.1

Scan saved at 18:50:34, on 12/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe

O1 - Hosts: 84.66.219.98 cfm.zapto.org

O1 - Hosts: 70.85.147.68 forum.iamnotageek.com

O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com

O1 - Hosts: 66.35.253.32 housecall.trendmicro.com

O1 - Hosts: 207.246.157.244 oldsexlinks.com

O1 - Hosts: 67.138.240.11 primehostreviews.com

O1 - Hosts: 66.28.176.86 shadow.atkingdom.com

O1 - Hosts: 207.246.157.249 spunkermovies.com

O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk

O1 - Hosts: 67.43.1.57 www.besttechie.net

O1 - Hosts: 66.55.148.147 www.cosmic-cum.com

O1 - Hosts: 66.28.176.236 www.erotiqlinks.com

O1 - Hosts: 194.60.170.7 www.experian.co.uk

O1 - Hosts: 63.105.4.85 www.hsbc.com

O1 - Hosts: 66.250.223.113 www.localfoxes.net

O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com

O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com

O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com

O1 - Hosts: 212.227.253.104 www.safer-networking.org

O1 - Hosts: 69.50.130.78 www.snakesworld.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [appvy.exe] C:\WINDOWS\system32\appvy.exe

O4 - HKLM\..\RunOnce: [ipju32.exe] C:\WINDOWS\system32\ipju32.exe

O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe

O4 - HKLM\..\RunOnce: [addjw32.exe] C:\WINDOWS\addjw32.exe

O4 - HKLM\..\RunOnce: [appsk32.exe] C:\WINDOWS\appsk32.exe

O4 - HKLM\..\RunOnce: [mfcgm.exe] C:\WINDOWS\mfcgm.exe

O4 - HKLM\..\RunOnce: [ielg32.exe] C:\WINDOWS\system32\ielg32.exe

O4 - HKLM\..\RunOnce: [d3os.exe] C:\WINDOWS\system32\d3os.exe

O4 - HKLM\..\RunOnce: [iptm32.exe] C:\WINDOWS\iptm32.exe

O4 - HKLM\..\RunOnce: [apixw.exe] C:\WINDOWS\apixw.exe

O4 - HKLM\..\RunOnce: [ipod.exe] C:\WINDOWS\system32\ipod.exe

O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe

O4 - HKLM\..\RunOnce: [netat.exe] C:\WINDOWS\netat.exe

O4 - HKLM\..\RunOnce: [javaev.exe] C:\WINDOWS\javaev.exe

O4 - HKLM\..\RunOnce: [mfcfj32.exe] C:\WINDOWS\system32\mfcfj32.exe

O4 - HKLM\..\RunOnce: [ntyh32.exe] C:\WINDOWS\ntyh32.exe

O4 - HKLM\..\RunOnce: [appdk.exe] C:\WINDOWS\system32\appdk.exe

O4 - HKLM\..\RunOnce: [ntqp32.exe] C:\WINDOWS\system32\ntqp32.exe

O4 - HKLM\..\RunOnce: [d3xi32.exe] C:\WINDOWS\system32\d3xi32.exe

O4 - HKLM\..\RunOnce: [ipdd.exe] C:\WINDOWS\system32\ipdd.exe

O4 - HKLM\..\RunOnce: [ipiz.exe] C:\WINDOWS\ipiz.exe

O4 - HKLM\..\RunOnce: [appwb32.exe] C:\WINDOWS\appwb32.exe

O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe

O4 - HKLM\..\RunOnce: [javalw32.exe] C:\WINDOWS\javalw32.exe

O4 - HKLM\..\RunOnce: [sdkwc32.exe] C:\WINDOWS\sdkwc32.exe

O4 - HKLM\..\RunOnce: [mfcke.exe] C:\WINDOWS\mfcke.exe

O4 - HKLM\..\RunOnce: [winar.exe] C:\WINDOWS\system32\winar.exe

O4 - HKLM\..\RunOnce: [mfcev.exe] C:\WINDOWS\mfcev.exe

O4 - HKLM\..\RunOnce: [ippo32.exe] C:\WINDOWS\system32\ippo32.exe

O4 - HKLM\..\RunOnce: [apisy32.exe] C:\WINDOWS\apisy32.exe

O4 - HKLM\..\RunOnce: [ipmj.exe] C:\WINDOWS\system32\ipmj.exe

O4 - HKLM\..\RunOnce: [crin32.exe] C:\WINDOWS\system32\crin32.exe

O4 - HKLM\..\RunOnce: [ntrv.exe] C:\WINDOWS\system32\ntrv.exe

O4 - HKLM\..\RunOnce: [sdkfk32.exe] C:\WINDOWS\system32\sdkfk32.exe

O4 - HKLM\..\RunOnce: [sdklh32.exe] C:\WINDOWS\sdklh32.exe

O4 - HKLM\..\RunOnce: [atlqd32.exe] C:\WINDOWS\atlqd32.exe

O4 - HKLM\..\RunOnce: [sdktp32.exe] C:\WINDOWS\sdktp32.exe

O4 - HKLM\..\RunOnce: [d3yt.exe] C:\WINDOWS\system32\d3yt.exe

O4 - HKLM\..\RunOnce: [crzb32.exe] C:\WINDOWS\crzb32.exe

O4 - HKLM\..\RunOnce: [javanq.exe] C:\WINDOWS\system32\javanq.exe

O4 - HKLM\..\RunOnce: [crtn.exe] C:\WINDOWS\system32\crtn.exe

O4 - HKLM\..\RunOnce: [mfchr.exe] C:\WINDOWS\system32\mfchr.exe

O4 - HKLM\..\RunOnce: [d3bd.exe] C:\WINDOWS\system32\d3bd.exe

O4 - HKLM\..\RunOnce: [sdkqk.exe] C:\WINDOWS\system32\sdkqk.exe

O4 - HKLM\..\RunOnce: [sysgf32.exe] C:\WINDOWS\system32\sysgf32.exe

O4 - HKLM\..\RunOnce: [ipgf.exe] C:\WINDOWS\system32\ipgf.exe

O4 - HKLM\..\RunOnce: [mfckr32.exe] C:\WINDOWS\system32\mfckr32.exe

O4 - HKLM\..\RunOnce: [winig.exe] C:\WINDOWS\winig.exe

O4 - HKLM\..\RunOnce: [javahw32.exe] C:\WINDOWS\javahw32.exe

O4 - HKLM\..\RunOnce: [netxe32.exe] C:\WINDOWS\system32\netxe32.exe

O4 - HKLM\..\RunOnce: [ipfu.exe] C:\WINDOWS\ipfu.exe

O4 - HKLM\..\RunOnce: [netgu.exe] C:\WINDOWS\system32\netgu.exe

O4 - HKLM\..\RunOnce: [d3vj.exe] C:\WINDOWS\d3vj.exe

O4 - HKLM\..\RunOnce: [sdkly32.exe] C:\WINDOWS\system32\sdkly32.exe

O4 - HKLM\..\RunOnce: [javaej.exe] C:\WINDOWS\system32\javaej.exe

O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O15 - Trusted IP range: http://192.168.0.1

O15 - Trusted IP range: http://81.77.11.109

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe

O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

I tried to follow the steps that you provided in section 8 however when trying to launch internet explorer my system had to search for the interent explorer. It then asked if I wanted to fix the problem as it could locate it. I said to fix it which it did and I was then able to get onto the interent as eplorer reactivated. However, the webpage set itself to about:blank and al of the favourates that had intalled themselves had not been removed from the favourates list.

I then trid to log onto the free trendmicro housecall site and was initally able to do this. I disambled all of the pop up blockers and when trying to install the relevant software from the site (which I assume was the active x controls it experienced difficulties and asked if I wanted to send a report to Msoft. I clicked on no and explorer closed itself down. I tried to follow the same steps twice but to no avail.

This is really worrying, what do you think?

Thanks for your time and help, it is much appreciated. I will await your next guidance.

Rick

Share this post


Link to post
Share on other sites

Alan,

Just to let you know that I have also just noticed that there has appeared a folder on my desk top called backups. The folder has two file in there which have been modified on today date.

I have checked the other four computers in my office and after checking the history on all of them is one other that has been surfing porn sites today. I noticed from the hijack this log that my laptop has been surfing pornsites today. I assume that this is how this stuff intalls itself on the system?

Please advise in order for me to investigate this internally with my staff.

Share this post


Link to post
Share on other sites

Alan,

Just at home now and trying to go through your instructions again. However when I got to section 5 of your instructions and typed services.msc. I looked for Workstation NetLog services it was not there. What was there was Workstation .

I just thought this might be relevant. I am not going to do anything until I hear from you.

Regards

Rick

Share this post


Link to post
Share on other sites

To be honest with you, I am not entirely sure where the infection comes from. Many people have been infected that have not been to porn sites.

The folder called backups on the desktop was created by Hijackthis. It stores everything fixed just in case they may be needed later.

The service in step 5 was successfully removed.

Boot into Safe Mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

  1. Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".

[*]Run AboutBuster and save the logs:

  • Browse to where you saved AboutBuster and run AboutBuster.exe.
  • Click "OK" at the directions Read: Important! prompt.
  • Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
  • Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
  • Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
  • Click "Exit" and "Exit" again to exit AboutBuster.

[*]Clean out temporary files:

  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.

[*]Restart your computer normally to return to normal mode.

[*]Free online antivirus scans:

[*]Prepare your reply:

  • Please post a fresh HijackThis log as a reply to this thread.
  • Please post the AboutBuster log.
  • Please note any complications you had.

Share this post


Link to post
Share on other sites

Hi,

Right then here we go:

I ran through the last set of instructions that you provided. Here is a copy of the report that I obtained from the scan that was conducted on the RAV website:

started at 13/05/2005 16:13:40

Scanning memory...

Scanning boot sectors...

Scanning files...

C:\WINDOWS\002629_.tmp->ADS:ymwlp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\002629_.tmp->ADS:cxhtcd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\aaxexfg.cfg->ADS:fdnuj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\addad.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addci32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\addep32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addfd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addhj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addhv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addiw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addjn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addjw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addkg32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addkv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addnf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addnk.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addoh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addqw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addrd.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addry32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addsp32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addtk.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addyh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\addzv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apibw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apidt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apidu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apidv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apidw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiee32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apihq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apihy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiif.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apije32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apijh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apilq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apilr.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apipm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apipr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiqf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apirt.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apisy32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiut.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apivt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apixw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiyp.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apiyv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appaj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appav.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appay.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appby32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appdg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appet32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appeu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appft.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appge32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appha.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apphd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apphn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appih32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appkl32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appky.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\applf.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appmm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appnw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appoi.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appra.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\apprz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appsk32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appuu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appwb32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appwv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\appxa.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlbg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlcr.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlcv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlfd.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlfo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlgi.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlhp32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlhw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlin32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atliw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atljn32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlmg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlnd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlnw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlqd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atltc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atlyy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\atzrz.log->ADS:gdxjs - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\aucfg.ini->ADS:hlzmwx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Bclwdde.ini->ADS:kdzkw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Bclwdde.ini->ADS:dteig - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Bclwdde.ini->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Blue Lace 16.bmp->ADS:osukd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Blue Lace 16.bmp->ADS:fqgwr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BlueSpaceNE.INI->ADS:fcamv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BRRBATOM_1430->ADS:fvfbk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BRWMARK.INI->ADS:rsxqq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BRWMARK.INI->ADS:qkymt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BTI.INI->ADS:kzyzte - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\BTI.INI->ADS:gzyzs - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\cmsetacl.log->ADS:sjceh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\crbe32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crdv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crek.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crey32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crgf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crhy32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\crio32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\crle.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crlo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crml.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crne.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\croh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crpo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crtl32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crtm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crto32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crvg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crvn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crxy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\cryi.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\cryu32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crzb32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\crzo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\CTPDB.INI->ADS:hzpnm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPDB.INI->ADS:gsmfo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPDEMO.INI->ADS:ycjfh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPDEMO.INI->ADS:qnepb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPEDI.INI->ADS:xootn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPEDI.INI->ADS:czivw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPEDI.INI->ADS:bectw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\CTPEDI.INI->ADS:adbrx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\cwydf.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\d3ad.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3ao32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3ar.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\d3bn32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3ca32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3ec.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3ep.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3fo32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3he32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3iz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3lf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3mg32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3pb.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3qs32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3qu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3qz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3sr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3sz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3tg32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3tk32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3vg32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3vj.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3vs32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\d3wt.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\dahotfix.log->ADS:kwrcb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\DBNAMES.CFG->ADS:yewue - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\desktop.ini->ADS:cjdvl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\dsmwq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\DtcInstall.log->ADS:cmbrq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\EQIMEX.INI->ADS:bzlsm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\eXInsUtl.ini->ADS:vtzed - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\eXInsUtl.ini->ADS:iirmj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\explorer.scf->ADS:jgqzg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\FaxSetup.log->ADS:aicmu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\FeatherTexture.bmp->ADS:upwlu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ftbqo.txt->ADS:gvgll - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\gatbn.txt->ADS:zwbws - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\gatbn.txt->ADS:lboua - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Gone Fishing.bmp->ADS:pqbkt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Gone Fishing.bmp->ADS:hcsrw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Gone Fishing.bmp->ADS:gleyq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\gvhpv.txt->ADS:gysfc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\hcmgc.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\IE4 Error Log.txt->ADS:zylkw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\IE4 Error Log.txt->ADS:yxuab - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\IE4 Error Log.txt->ADS:lusxy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\iecc32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iecd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieck32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iecm.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieec32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iegh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iehm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iehu32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iein32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieiq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iekd32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ielh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieli.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ielj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iepe32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iepk.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iepw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieqm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ierl32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\iesm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iesq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieto32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieuu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ievo32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ievy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iewj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iexc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ieyd.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iezh.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\iezx.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iis6.log->ADS:qgcfc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\imsins.BAK->ADS:gjkcb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\imsins.BAK->ADS:dybqf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\intuprof.ini->ADS:ypfoc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\intuprof.ini->ADS:kyghj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\intuprof.ini->ADS:dfyxq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ipam32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipbs32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipcb32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipdf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipfh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipfn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipfu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipgr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iphc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iphy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipiz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipjb.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipjn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iplf.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\iplp.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iptm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipwt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ipxm.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\iuijk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\jautoexp.dat->ADS:snnfj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\javabr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javacf32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaev.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javafx32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaho32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javahw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javajm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javako.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javakq32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaku32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javakx32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javalw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javamc32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaml.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javapl.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaqz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javavo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javawc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaxd.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javayg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javayx32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javaza.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\javazo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\KB810217.log->ADS:eqfiq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB817611.log->ADS:wkdds - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB817611.log->ADS:swmgm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB820291.log->ADS:hfriu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB822603.log->ADS:vgest - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB822603.log->ADS:ialjdj - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\KB822827.log->ADS:jsjuc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB822827.log->ADS:jnfnsq - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\KB823182.log->ADS:olujp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB823182.log->ADS:fmrqy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB823182.log->ADS:erudg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB824105.log->ADS:nhxxn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB824105.log->ADS:clxrp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB824141.log->ADS:ywaeh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB824141.log->ADS:bihro - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB825119.log->ADS:qqsaj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB826942.log->ADS:ueunj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB826942.log->ADS:mpiggd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB828028.log->ADS:tbrhr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB828028.log->ADS:ksldl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB828028.log->ADS:jrdom - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB828028.log->ADS:gbklm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB833987.log->ADS:lepkq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log->ADS:ieunl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB839643-DirectX9.log->ADS:qutzd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB840315.log->ADS:popvyx - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\KB840374.log->ADS:secry - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB840374.log->ADS:clial - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB841356.log->ADS:ujbow - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB841356.log->ADS:fxakk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB841533.log->ADS:txkux - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB873339.log->ADS:dvtoc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB873376.log->ADS:ppton - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB887811.log->ADS:aobmg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log->ADS:jrmrsz - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\kqbvj.log->ADS:iukcy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ktmqz.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\Max75.tsf->ADS:myclj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Maximizer.MIF->ADS:taynu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Maximizer.MIF->ADS:crwxub - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\MaxSelfreg.log->ADS:zxedyv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\MedCtrOC.log->ADS:lbxzp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\MedCtrOC.log->ADS:khcwz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\mfcae32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcej32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfces32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcev.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcfo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcgm.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcjq32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfckb.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcke.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcml.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcmp.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcmv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcqb.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcqu32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mfcyc.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\mfcyy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mlanj.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\mmroa.log->ADS:fleyl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ModemLog_CXT AC-Link Modem for Intel.txt->ADS:lwysq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link.txt->ADS:mqwms - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msan.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msbt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msdfmap.ini->ADS:lmjab - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msdfmap.ini->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msdfmap.ini->ADS:ciuctx - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msfa32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msga32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msge.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msgr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msgt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msgw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mshx32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msjg32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mskv.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\mskx32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\mslw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msmqinst.log->ADS:jtayw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msmqinst.log->ADS:itqrd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msmqinst.log->ADS:iamxh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msmqinst.log->ADS:fqxez - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\msmy.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msnl.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mssz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mstx32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msvq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msvy32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msvz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msxe.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msxi.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msxo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\msyb32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\mszn32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\naxmxtg.dat->ADS:auiwx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\nbupj.txt->ADS:njyupj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\netat.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netau.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netaz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netbz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netbz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netcw.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netdk.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netfxocm.log->ADS:odexm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\netfxocm.log->ADS:mvysr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\netfy32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netij32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netir32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netji32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netkg.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netlz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netmm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netmr32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netmv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netoz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netsb.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netya.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\netyo32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netyp32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netyv.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\netzw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntat32.exe - Trojan:Win32/Agent.BI -> Infected

C:\WINDOWS\ntbt.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntbtlog.txt->ADS:zuqql - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ntbtlog.txt->ADS:rapmt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ntde32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntdj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntdn.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntdtcsetup.log->ADS:gzdun - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ntdtcsetup.log->ADS:bqadn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\nteh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntet.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\nthk32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntja.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntjs32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntmh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntmz.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntnu.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntnu32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntpa.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntqt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\nttc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntyh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntym.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\ntzr.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\oaybq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\ocgen.log->ADS:svidf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ocgen.log->ADS:bmmrd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ocmsn.log->ADS:uxjok - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ocmsn.log->ADS:upyfu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ocmsn.log->ADS:rtpzt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ocmsn.log->ADS:gqgcn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ODBC.INI->ADS:mbnmi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ODBC.INI->ADS:jdupw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\ODBCINST.INI->ADS:wzbya - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\OEWABLog.txt->ADS:pnper - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\opt_5030.ini->ADS:ugfoa - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\opt_5030.ini->ADS:kcmqh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\oqdgt.txt->ADS:zorxr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\otqdl.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\PCPCONT.INI->ADS:hpnqxb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\PCPCONT.INI->ADS:hcnhj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\PKFI.INI->ADS:lnkpn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\pqxvx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\psql.MIF->ADS:qajdt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\pvsw.log->ADS:zilbq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\pvsw.log->ADS:xpvwu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\pvsw.log->ADS:evmnb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q307419.log->ADS:uxvfa - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q327979.log->ADS:ukhro - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q327979.log->ADS:ajxjv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q811228.log->ADS:xymwm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q811228.log->ADS:jwyvk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q811789.log->ADS:rktmqz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q811789.log->ADS:nlswi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813818.log->ADS:hknpfy - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\Q813818.log->ADS:hayas - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813818.log->ADS:fvaek - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813862.log->ADS:lckkr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813862.log->ADS:hsbit - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813942.log->ADS:ycdxe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q813942.log->ADS:adnut - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q814995.log->ADS:nporp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q815917.log->ADS:vprcx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q816048.log->ADS:zbiof - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q816048.log->ADS:qwxce - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Q816048.log->ADS:cmwwm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\quicken.lic->ADS:lzztv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\QUOTES.INI->ADS:excqqn - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\qwimp.ini->ADS:lvkpi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\qwimp.ini->ADS:ebtpn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\REGKEYCR.INI->ADS:uugim - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\REGLOCS.OLD->ADS:wquwsx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\REGLOCS.OLD->ADS:jychw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\REGLOCS.OLD->ADS:fribo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Rhododendron.bmp->ADS:mvzca - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\rvtov.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\Santa Fe Stucco.bmp->ADS:nxfwr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sccli.dat->ADS:mwmfn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SchedLgU.Txt->ADS:uhfad - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SchedLgU.Txt->ADS:qgklv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sdkcs32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sdkdm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkfh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkhm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdklh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkoo.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkqh.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkri.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdktj.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdktp32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkwc32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkxh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sdkzb32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sdkzq32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sessmgr.setup.log->ADS:vhdbc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sessmgr.setup.log->ADS:fckni - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\setupact.log->ADS:urmfp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\setupapi.log->ADS:vznrxw - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\setuperr.log->ADS:zazse - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\setuperr.log->ADS:oqyfv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\setuperr.log->ADS:myndo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\setuplog.txt->ADS:fselr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sgdhz.txt->ADS:nzxfrg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sgdhz.txt->ADS:jtzjq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SLS.INI->ADS:vyypf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SLS.INI->ADS:iimeb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SLS.INI->ADS:gpmyj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SLS.INI->ADS:fuopg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\SLSPMODM.INI->ADS:giyiu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\smscfg.ini->ADS:vxutyn - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\smscfg.ini->ADS:owhhn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\smscfg.ini->ADS:fzrta - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\spupdsvc.log->ADS:yrugr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\spupdsvc.log->ADS:nymysy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sysal32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysaz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysbj.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysfc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysix32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\syski.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\syskr.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\syslm.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysls32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\syslv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysnq.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysnt32.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sysny32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysro32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\system.ini->ADS:lnrnd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\system.ini->ADS:aelxf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\sysuv32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysvq32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\syswt32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\sysxl32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\tabletoc.log->ADS:tyrie - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\tabletoc.log->ADS:atbzb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\tmupdate.ini->ADS:lmukr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\tmupdate.ini->ADS:jzyih - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\tsoc.log->ADS:kujyi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\tsoc.log->ADS:bumiko - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\txllx.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\uemhs.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\uoyag.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\uwdeb.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:uvenm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1024x768.bmp->ADS:ggtuh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1280x1024.bmp->ADS:vwpwq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1400x1050.bmp->ADS:fabyz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:ufudc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:lfiom - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1600x1200.bmp->ADS:hiqvk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 1920x1200.bmp->ADS:qhddlz - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:wzetd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:rfvmp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:jnkvcq - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\VAIO GrandBlue Wallpaper TrueColor 768x1024.bmp->ADS:akzsn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:zjjam - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:dfsth - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1024x768.bmp->ADS:apkcj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:ihvifj - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x1024.bmp->ADS:bvjed - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:zyenw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x768.bmp->ADS:cgubea - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:jcmif - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:gjitt - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1280x800.bmp->ADS:atzrz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:xegzl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1400x1050.bmp->ADS:tiovhm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:tdnak - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1600x1200.bmp->ADS:fsdaz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:knjws - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 1920x1200.bmp->ADS:bdxvz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:xjiwy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Pattern Wallpaper TrueColor 768x1024.bmp->ADS:hkkra - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x1024.bmp->ADS:euhba - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x768.bmp->ADS:uatiq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1280x800.bmp->ADS:vyjnp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ujmdi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ualmq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1400x1050.bmp->ADS:ftxuw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1600x1200.bmp->ADS:xrdtiz - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:ovavf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\VAIO SLIT Scene Wallpaper TrueColor 1920x1200.bmp->ADS:mtxmq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\vbaddin.ini->ADS:vpeifs - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\vbaddin.ini->ADS:qjwyi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\vbaddin.ini->ADS:pswycj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\vbaddin.ini->ADS:igogu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\W32UCADM.INI->ADS:qkbrrk - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\wgvlk.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\wiadebug.log->ADS:nixozc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\wiadebug.log->ADS:mwask - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\wiaservc.log->ADS:yoybd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\win.ini->ADS:qirpv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\win.ini->ADS:duxrk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winau.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winco.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\wincz32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\WindowsUpdate.log->ADS:fsesup - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\windx.exe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winea.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winfs32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\wingc32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\wingo32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winib32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winig.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winjw32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winkj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winky32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winle32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winlm32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winmc.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winnt.bmp->ADS:mvsej - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winnt.bmp->ADS:kzpwq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winnt.bmp->ADS:kmfch - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winnt.bmp->ADS:efzbz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\winpl32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winql32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winqt.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winrb32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winrj32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winrx.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winuu32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winxh32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winze.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\winzk32.exe - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\WMPrfCSY.prx->ADS:oigbp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfCSY.prx->ADS:mxraj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfDeu.prx->ADS:ewkkd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFIN.prx->ADS:qiybn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFIN.prx->ADS:fcfjl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFIN.prx->ADS:cyzwg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFRA.prx->ADS:vvvhpt - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\WMPrfFRA.prx->ADS:svyvg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFRA.prx->ADS:sllpj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfFRA.prx->ADS:mfiel - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfITA.prx->ADS:xggdo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfITA.prx->ADS:mlkzul - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfITA.prx->ADS:igjtf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfITA.prx->ADS:gofgz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfNLD.prx->ADS:pnzui - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMPrfPTG.prx->ADS:cuvpa - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\wmsetup10.log->ADS:rlnjc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\wmsetup10.log->ADS:hmlzg - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\wmsetup10.log->ADS:ajbci - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMSysPr9.prx->ADS:oxntx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMSysPr9.prx->ADS:opfei - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMSysPr9.prx->ADS:iqibd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WMSysPrx.prx->ADS:exaehp - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\WUCADMIN.INI->ADS:pjsmy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WUCADMIN.INI->ADS:lsjqq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\WUCADMIN.INI->ADS:lehpn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xaafg.log->ADS:sgvlo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xaafg.log->ADS:epfzj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xaafg.log->ADS:cytga - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xpsp1hfm.log->ADS:vxyfn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xpsp1hfm.log->ADS:fgqfu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xuqfs.txt->ADS:wgrdv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\xuqfs.txt->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\yafyj.log->ADS:tbugzi - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\yhbzq.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\Zapotec.bmp->ADS:pgjix - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\Zapotec.bmp->ADS:etcvk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:kduyj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:kbtmdw - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\_default.pif->ADS:jxabgf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jvuem - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:juqqf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jtrlj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jrbsl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jraby - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jqlbi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:joshm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:joljf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jmciy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jlnzb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jkwow - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jjkup - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jjkru - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jeojnu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jccav - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:jbncul - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\_default.pif->ADS:irxke - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:irrdv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:irnkk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:iqqdy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ipnark - Trojan:Win32/Small.DV -> Infected

C:\WINDOWS\_default.pif->ADS:iowsj - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:imlnu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:iihea - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ifhah - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ieffq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:iduoy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hzxok - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hozbd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hizqa - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hiqrl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hbxqk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:hblrn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gzuur - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gywkb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gyvog - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gufgp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gmyra - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gjkgz - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ghxzo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ghfxm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ghaeq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gefqa - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gbtin - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:gatbnh - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ftoor - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ftndx - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ftbqog - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:fkylq - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:fcflw - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:fauspc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ezwgk - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ezpzwi - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\_default.pif->ADS:ewhvr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ewdcm - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:embuu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ekvjy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ejouzl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:efhxu - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:eekbd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:ebcmv - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:eaaosd - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dyris - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dwzvxy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dwsyr - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dtwpnc - TrojanDownloader:Win32/WinShow.AK -> Suspicious

C:\WINDOWS\_default.pif->ADS:dphcs - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dnkps - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dnjqi - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dmsbo - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dfgtzb - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:dcqmn - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cxxke - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cwfjp - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cukyl - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cjhtc - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cinya - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:chtln - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cehoqf - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cdrbe - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cblrfy - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_default.pif->ADS:cbgza - TrojanDownloader:Win32/Agent.BX -> Infected

C:\WINDOWS\_defaul

Share this post


Link to post
Share on other sites

OK:

here is the last hijackthis lof that I conducted:

Logfile of HijackThis v1.99.1

Scan saved at 18:33:30, on 13/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pqxvx.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O1 - Hosts: 84.66.219.98 cfm.zapto.org

O1 - Hosts: 70.85.147.68 forum.iamnotageek.com

O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com

O1 - Hosts: 66.35.253.32 housecall.trendmicro.com

O1 - Hosts: 207.246.157.244 oldsexlinks.com

O1 - Hosts: 67.138.240.11 primehostreviews.com

O1 - Hosts: 206.204.52.6 security.symantec.com

O1 - Hosts: 66.28.176.86 shadow.atkingdom.com

O1 - Hosts: 207.246.157.249 spunkermovies.com

O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk

O1 - Hosts: 67.43.1.57 www.besttechie.net

O1 - Hosts: 213.150.62.120 www.bitdefender.com

O1 - Hosts: 66.55.148.147 www.cosmic-cum.com

O1 - Hosts: 66.28.176.236 www.erotiqlinks.com

O1 - Hosts: 194.60.170.7 www.experian.co.uk

O1 - Hosts: 66.249.87.99 www.google.co.uk

O1 - Hosts: 63.105.4.85 www.hsbc.com

O1 - Hosts: 66.250.223.113 www.localfoxes.net

O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com

O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com

O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com

O1 - Hosts: 193.108.153.116 www.pandasoftware.com

O1 - Hosts: 213.233.121.11 www.ravantivirus.com

O1 - Hosts: 212.227.253.104 www.safer-networking.org

O1 - Hosts: 69.50.130.78 www.snakesworld.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Class - {FBF77D9B-CA17-A517-257C-C38A16C5AD4F} - C:\WINDOWS\mfcae32.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe

O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe

O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe

O4 - HKLM\..\RunOnce: [sysbj.exe] C:\WINDOWS\sysbj.exe

O4 - HKLM\..\RunOnce: [appsm.exe] C:\WINDOWS\system32\appsm.exe

O4 - HKLM\..\RunOnce: [apiif.exe] C:\WINDOWS\apiif.exe

O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe

O4 - HKLM\..\RunOnce: [msfq.exe] C:\WINDOWS\system32\msfq.exe

O4 - HKLM\..\RunOnce: [ntks32.exe] C:\WINDOWS\system32\ntks32.exe

O4 - HKLM\..\RunOnce: [javafp32.exe] C:\WINDOWS\system32\javafp32.exe

O4 - HKLM\..\RunOnce: [mfclj.exe] C:\WINDOWS\system32\mfclj.exe

O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe

O4 - HKLM\..\RunOnce: [apiqf32.exe] C:\WINDOWS\apiqf32.exe

O4 - HKLM\..\RunOnce: [winea.exe] C:\WINDOWS\winea.exe

O4 - HKLM\..\RunOnce: [d3am.exe] C:\WINDOWS\system32\d3am.exe

O4 - HKLM\..\RunOnce: [mfcxm.exe] C:\WINDOWS\system32\mfcxm.exe

O4 - HKLM\..\RunOnce: [mslj.exe] C:\WINDOWS\system32\mslj.exe

O4 - HKLM\..\RunOnce: [appvf32.exe] C:\WINDOWS\system32\appvf32.exe

O4 - HKLM\..\RunOnce: [winql32.exe] C:\WINDOWS\winql32.exe

O4 - HKLM\..\RunOnce: [crvn.exe] C:\WINDOWS\crvn.exe

O4 - HKLM\..\RunOnce: [appuu.exe] C:\WINDOWS\appuu.exe

O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\system32\sdkgr32.exe

O4 - HKLM\..\RunOnce: [mfcml.exe] C:\WINDOWS\mfcml.exe

O4 - HKLM\..\RunOnce: [javagz.exe] C:\WINDOWS\system32\javagz.exe

O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\winkj32.exe

O4 - HKLM\..\RunOnce: [crpl32.exe] C:\WINDOWS\system32\crpl32.exe

O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe

O4 - HKLM\..\RunOnce: [netcv.exe] C:\WINDOWS\system32\netcv.exe

O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\system32\ipwh32.exe

O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\system32\addcj32.exe

O4 - HKLM\..\RunOnce: [ntkj.exe] C:\WINDOWS\system32\ntkj.exe

O4 - HKLM\..\RunOnce: [javakx32.exe] C:\WINDOWS\javakx32.exe

O4 - HKLM\..\RunOnce: [apipr32.exe] C:\WINDOWS\apipr32.exe

O4 - HKLM\..\RunOnce: [sysuv32.exe] C:\WINDOWS\sysuv32.exe

O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe

O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe

O4 - HKLM\..\RunOnce: [ntxk.exe] C:\WINDOWS\system32\ntxk.exe

O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe

O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe

O4 - HKLM\..\RunOnce: [winmn.exe] C:\WINDOWS\system32\winmn.exe

O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\system32\crzh32.exe

O4 - HKLM\..\RunOnce: [apilj32.exe] C:\WINDOWS\system32\apilj32.exe

O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\system32\sysyd.exe

O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\ieec32.exe

O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\system32\sdkjw.exe

O4 - HKLM\..\RunOnce: [atlie32.exe] C:\WINDOWS\system32\atlie32.exe

O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\system32\javaxs32.exe

O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\appxa.exe

O4 - HKLM\..\RunOnce: [sysbe.exe] C:\WINDOWS\system32\sysbe.exe

O4 - HKLM\..\RunOnce: [mfcqu32.exe] C:\WINDOWS\mfcqu32.exe

O4 - HKLM\..\RunOnce: [ntgb32.exe] C:\WINDOWS\system32\ntgb32.exe

O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\system32\netbn.exe

O4 - HKLM\..\RunOnce: [mfcfo.exe] C:\WINDOWS\mfcfo.exe

O4 - HKLM\..\RunOnce: [ntjs32.exe] C:\WINDOWS\ntjs32.exe

O4 - HKLM\..\RunOnce: [netsb.exe] C:\WINDOWS\netsb.exe

O4 - HKLM\..\RunOnce: [netyp32.exe] C:\WINDOWS\netyp32.exe

O4 - HKLM\..\RunOnce: [netnm32.exe] C:\WINDOWS\system32\netnm32.exe

O4 - HKLM\..\RunOnce: [winrj32.exe] C:\WINDOWS\winrj32.exe

O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe

O4 - HKLM\..\RunOnce: [appft.exe] C:\WINDOWS\appft.exe

O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\system32\addpr.exe

O4 - HKLM\..\RunOnce: [croh32.exe] C:\WINDOWS\croh32.exe

O4 - HKLM\..\RunOnce: [sdkjl.exe] C:\WINDOWS\system32\sdkjl.exe

O4 - HKLM\..\RunOnce: [ipeu32.exe] C:\WINDOWS\system32\ipeu32.exe

O4 - HKLM\..\RunOnce: [apihy.exe] C:\WINDOWS\apihy.exe

O4 - HKLM\..\RunOnce: [wingo32.exe] C:\WINDOWS\wingo32.exe

O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe

O4 - HKLM\..\RunOnce: [javaaf.exe] C:\WINDOWS\system32\javaaf.exe

O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\iewj32.exe

O4 - HKLM\..\RunOnce: [crgr.exe] C:\WINDOWS\system32\crgr.exe

O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\d3tg32.exe

O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe

O4 - HKLM\..\RunOnce: [ieiq.exe] C:\WINDOWS\ieiq.exe

O4 - HKLM\..\RunOnce: [crxy.exe] C:\WINDOWS\crxy.exe

O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINDOWS\system32\nethq32.exe

O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe

O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe

O4 - HKLM\..\RunOnce: [sdkhm32.exe] C:\WINDOWS\sdkhm32.exe

O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\ipfh.exe

O4 - HKLM\..\RunOnce: [addep32.exe] C:\WINDOWS\addep32.exe

O4 - HKLM\..\RunOnce: [winnn32.exe] C:\WINDOWS\system32\winnn32.exe

O4 - HKLM\..\RunOnce: [msxo.exe] C:\WINDOWS\msxo.exe

O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe

O4 - HKLM\..\RunOnce: [apilq.exe] C:\WINDOWS\apilq.exe

O4 - HKLM\..\RunOnce: [crbf32.exe] C:\WINDOWS\system32\crbf32.exe

O4 - HKLM\..\RunOnce: [winle32.exe] C:\WINDOWS\winle32.exe

O4 - HKLM\..\RunOnce: [addtk.exe] C:\WINDOWS\addtk.exe

O4 - HKLM\..\RunOnce: [addnd32.exe] C:\WINDOWS\system32\addnd32.exe

O4 - HKLM\..\RunOnce: [d3bn32.exe] C:\WINDOWS\d3bn32.exe

O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\addkg32.exe

O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\system32\javako.exe

O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\system32\netoa.exe

O4 - HKLM\..\RunOnce: [mfcyy.exe] C:\WINDOWS\mfcyy.exe

O4 - HKLM\..\RunOnce: [apphz32.exe] C:\WINDOWS\system32\apphz32.exe

O4 - HKLM\..\RunOnce: [appnw.exe] C:\WINDOWS\appnw.exe

O4 - HKLM\..\RunOnce: [appbs.exe] C:\WINDOWS\system32\appbs.exe

O4 - HKLM\..\RunOnce: [netmr32.exe] C:\WINDOWS\netmr32.exe

O4 - HKLM\..\RunOnce: [crwk32.exe] C:\WINDOWS\system32\crwk32.exe

O4 - HKLM\..\RunOnce: [mfces32.exe] C:\WINDOWS\mfces32.exe

O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\system32\javazd32.exe

O4 - HKLM\..\RunOnce: [msdi.exe] C:\WINDOWS\system32\msdi.exe

O4 - HKLM\..\RunOnce: [crmi32.exe] C:\WINDOWS\system32\crmi32.exe

O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\system32\apigz.exe

O4 - HKLM\..\RunOnce: [msak.exe] C:\WINDOWS\system32\msak.exe

O4 - HKLM\..\RunOnce: [javaqz.exe] C:\WINDOWS\javaqz.exe

O4 - HKLM\..\RunOnce: [msvc.exe] C:\WINDOWS\system32\msvc.exe

O4 - HKLM\..\RunOnce: [javazo.exe] C:\WINDOWS\javazo.exe

O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\system32\winod32.exe

O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\iesm32.exe

O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\system32\sysdy.exe

O4 - HKLM\..\RunOnce: [atlhc32.exe] C:\WINDOWS\system32\atlhc32.exe

O4 - HKLM\..\RunOnce: [addqc.exe] C:\WINDOWS\system32\addqc.exe

O4 - HKLM\..\RunOnce: [sdkri.exe] C:\WINDOWS\sdkri.exe

O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe

O4 - HKLM\..\RunOnce: [ntjw32.exe] C:\WINDOWS\system32\ntjw32.exe

O4 - HKLM\..\RunOnce: [sdkci32.exe] C:\WINDOWS\sdkci32.exe

O4 - HKLM\..\RunOnce: [apibv32.exe] C:\WINDOWS\system32\apibv32.exe

O4 - HKLM\..\RunOnce: [sysyr32.exe] C:\WINDOWS\system32\sysyr32.exe

O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\system32\netbd.exe

O4 - HKLM\..\RunOnce: [javazy32.exe] C:\WINDOWS\javazy32.exe

O4 - HKLM\..\RunOnce: [netmi.exe] C:\WINDOWS\system32\netmi.exe

O4 - HKLM\..\RunOnce: [nteq.exe] C:\WINDOWS\nteq.exe

O4 - HKLM\..\RunOnce: [crwr32.exe] C:\WINDOWS\system32\crwr32.exe

O4 - HKLM\..\RunOnce: [sysmy.exe] C:\WINDOWS\system32\sysmy.exe

O4 - HKLM\..\RunOnce: [iewx.exe] C:\WINDOWS\iewx.exe

O4 - HKLM\..\RunOnce: [ntum32.exe] C:\WINDOWS\ntum32.exe

O4 - HKLM\..\RunOnce: [mfctc32.exe] C:\WINDOWS\system32\mfctc32.exe

O4 - HKLM\..\RunOnce: [sdkpe32.exe] C:\WINDOWS\sdkpe32.exe

O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe

O4 - HKLM\..\RunOnce: [appda.exe] C:\WINDOWS\system32\appda.exe

O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\apinb.exe

O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\sysmj32.exe

O4 - HKLM\..\RunOnce: [netby32.exe] C:\WINDOWS\system32\netby32.exe

O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\appsl32.exe

O4 - HKLM\..\RunOnce: [d3wh32.exe] C:\WINDOWS\d3wh32.exe

O4 - HKLM\..\RunOnce: [atlzt32.exe] C:\WINDOWS\atlzt32.exe

O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe

O4 - HKLM\..\RunOnce: [netzp32.exe] C:\WINDOWS\netzp32.exe

O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\sdkxw.exe

O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINDOWS\system32\ieta32.exe

O4 - HKLM\..\RunOnce: [crdb.exe] C:\WINDOWS\system32\crdb.exe

O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\system32\mfclh.exe

O4 - HKLM\..\RunOnce: [iekw32.exe] C:\WINDOWS\system32\iekw32.exe

O4 - HKLM\..\RunOnce: [javaam.exe] C:\WINDOWS\javaam.exe

O4 - HKLM\..\RunOnce: [apizt32.exe] C:\WINDOWS\apizt32.exe

O4 - HKLM\..\RunOnce: [winxj32.exe] C:\WINDOWS\system32\winxj32.exe

O4 - HKLM\..\RunOnce: [sysbs.exe] C:\WINDOWS\sysbs.exe

O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe

O4 - HKLM\..\RunOnce: [wingx.exe] C:\WINDOWS\wingx.exe

O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe

O4 - HKLM\..\RunOnce: [atlot32.exe] C:\WINDOWS\system32\atlot32.exe

O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe

O4 - HKLM\..\RunOnce: [msik.exe] C:\WINDOWS\msik.exe

O4 - HKLM\..\RunOnce: [addeo32.exe] C:\WINDOWS\system32\addeo32.exe

O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe

O4 - HKLM\..\RunOnce: [netcd32.exe] C:\WINDOWS\system32\netcd32.exe

O4 - HKLM\..\RunOnce: [appgn.exe] C:\WINDOWS\appgn.exe

O4 - HKLM\..\RunOnce: [ntsx.exe] C:\WINDOWS\ntsx.exe

O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O15 - Trusted IP range: http://192.168.0.1

O15 - Trusted IP range: http://81.77.11.109

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaml.exe" /s (file missing)

O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe

O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

I hope this is getting one step closer to where I need to be, but it doesn't feel like it. Your help and assistance is invaluable, thank you.

Now.....It's friday, i'm fed up, irritated and tired. I'm going to drink a beer.

Regards

Rck

Share this post


Link to post
Share on other sites

It appears from the RAV Online Virus Scanner that the trojans you have on your computer have overwritten many valid files. This is one of those case where you may be better off to save what you can and reformat the computer. I will give you a fix but can not guarantee how well/or if the computer will be operational afterwards.

  1. Download the free trojan scanner A2 Squared, update and run a scan with it. Fix anything found then reboot when completed.
  2. Reconfigure Windows XP to show hidden files:
    • Click Start. Open My Computer.
    • Select the Tools menu and click Folder Options. Select the View Tab.
    • Under the Hidden files and folders heading select "Show hidden files and folders".
    • Uncheck the "Hide protected operating system files (recommended)" option.
    • Uncheck the "Hide file extensions for known file types" option.
    • Click Yes to confirm. Click OK.

[*]Disable the offending service.

  • Go to Start->Run and type Services.msc then hit Ok
  • Scroll down and find the service called : Remote Procedure Call (RPC) Helper << There are 2 similar named services, be sure to remove the correct one.
  • When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

Boot into Safe Mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

  1. Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".

[*]Remove the offending service:

  • Double-click on cwsserviceremove.reg you downloaded earlier.
  • When it asks you to merge the information to the registry click "Yes".

[*]Run AboutBuster and save the logs:

  • Browse to where you saved AboutBuster and run AboutBuster.exe.
  • Click OK at the directions prompt.
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I need a copy of it.

[*]Fix with Hijackthis:

  • Open Hijackthis, Run a scan and check the following: (Many of these may have been removed by A2)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pqxvx.dll/sp.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {FBF77D9B-CA17-A517-257C-C38A16C5AD4F} - C:\WINDOWS\mfcae32.dll
    O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe
    O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe
    O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe
    O4 - HKLM\..\RunOnce: [sysbj.exe] C:\WINDOWS\sysbj.exe
    O4 - HKLM\..\RunOnce: [appsm.exe] C:\WINDOWS\system32\appsm.exe
    O4 - HKLM\..\RunOnce: [apiif.exe] C:\WINDOWS\apiif.exe
    O4 - HKLM\..\RunOnce: [winmq.exe] C:\WINDOWS\system32\winmq.exe
    O4 - HKLM\..\RunOnce: [msfq.exe] C:\WINDOWS\system32\msfq.exe
    O4 - HKLM\..\RunOnce: [ntks32.exe] C:\WINDOWS\system32\ntks32.exe
    O4 - HKLM\..\RunOnce: [javafp32.exe] C:\WINDOWS\system32\javafp32.exe
    O4 - HKLM\..\RunOnce: [mfclj.exe] C:\WINDOWS\system32\mfclj.exe
    O4 - HKLM\..\RunOnce: [wingj32.exe] C:\WINDOWS\system32\wingj32.exe
    O4 - HKLM\..\RunOnce: [apiqf32.exe] C:\WINDOWS\apiqf32.exe
    O4 - HKLM\..\RunOnce: [winea.exe] C:\WINDOWS\winea.exe
    O4 - HKLM\..\RunOnce: [d3am.exe] C:\WINDOWS\system32\d3am.exe
    O4 - HKLM\..\RunOnce: [mfcxm.exe] C:\WINDOWS\system32\mfcxm.exe
    O4 - HKLM\..\RunOnce: [mslj.exe] C:\WINDOWS\system32\mslj.exe
    O4 - HKLM\..\RunOnce: [appvf32.exe] C:\WINDOWS\system32\appvf32.exe
    O4 - HKLM\..\RunOnce: [winql32.exe] C:\WINDOWS\winql32.exe
    O4 - HKLM\..\RunOnce: [crvn.exe] C:\WINDOWS\crvn.exe
    O4 - HKLM\..\RunOnce: [appuu.exe] C:\WINDOWS\appuu.exe
    O4 - HKLM\..\RunOnce: [sdkgr32.exe] C:\WINDOWS\system32\sdkgr32.exe
    O4 - HKLM\..\RunOnce: [mfcml.exe] C:\WINDOWS\mfcml.exe
    O4 - HKLM\..\RunOnce: [javagz.exe] C:\WINDOWS\system32\javagz.exe
    O4 - HKLM\..\RunOnce: [winkj32.exe] C:\WINDOWS\winkj32.exe
    O4 - HKLM\..\RunOnce: [crpl32.exe] C:\WINDOWS\system32\crpl32.exe
    O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe
    O4 - HKLM\..\RunOnce: [netcv.exe] C:\WINDOWS\system32\netcv.exe
    O4 - HKLM\..\RunOnce: [ipwh32.exe] C:\WINDOWS\system32\ipwh32.exe
    O4 - HKLM\..\RunOnce: [addcj32.exe] C:\WINDOWS\system32\addcj32.exe
    O4 - HKLM\..\RunOnce: [ntkj.exe] C:\WINDOWS\system32\ntkj.exe
    O4 - HKLM\..\RunOnce: [javakx32.exe] C:\WINDOWS\javakx32.exe
    O4 - HKLM\..\RunOnce: [apipr32.exe] C:\WINDOWS\apipr32.exe
    O4 - HKLM\..\RunOnce: [sysuv32.exe] C:\WINDOWS\sysuv32.exe
    O4 - HKLM\..\RunOnce: [javazp.exe] C:\WINDOWS\system32\javazp.exe
    O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\iesq.exe
    O4 - HKLM\..\RunOnce: [ntxk.exe] C:\WINDOWS\system32\ntxk.exe
    O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe
    O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe
    O4 - HKLM\..\RunOnce: [winmn.exe] C:\WINDOWS\system32\winmn.exe
    O4 - HKLM\..\RunOnce: [crzh32.exe] C:\WINDOWS\system32\crzh32.exe
    O4 - HKLM\..\RunOnce: [apilj32.exe] C:\WINDOWS\system32\apilj32.exe
    O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\system32\sysyd.exe
    O4 - HKLM\..\RunOnce: [ieec32.exe] C:\WINDOWS\ieec32.exe
    O4 - HKLM\..\RunOnce: [sdkjw.exe] C:\WINDOWS\system32\sdkjw.exe
    O4 - HKLM\..\RunOnce: [atlie32.exe] C:\WINDOWS\system32\atlie32.exe
    O4 - HKLM\..\RunOnce: [javaxs32.exe] C:\WINDOWS\system32\javaxs32.exe
    O4 - HKLM\..\RunOnce: [appxa.exe] C:\WINDOWS\appxa.exe
    O4 - HKLM\..\RunOnce: [sysbe.exe] C:\WINDOWS\system32\sysbe.exe
    O4 - HKLM\..\RunOnce: [mfcqu32.exe] C:\WINDOWS\mfcqu32.exe
    O4 - HKLM\..\RunOnce: [ntgb32.exe] C:\WINDOWS\system32\ntgb32.exe
    O4 - HKLM\..\RunOnce: [netbn.exe] C:\WINDOWS\system32\netbn.exe
    O4 - HKLM\..\RunOnce: [mfcfo.exe] C:\WINDOWS\mfcfo.exe
    O4 - HKLM\..\RunOnce: [ntjs32.exe] C:\WINDOWS\ntjs32.exe
    O4 - HKLM\..\RunOnce: [netsb.exe] C:\WINDOWS\netsb.exe
    O4 - HKLM\..\RunOnce: [netyp32.exe] C:\WINDOWS\netyp32.exe
    O4 - HKLM\..\RunOnce: [netnm32.exe] C:\WINDOWS\system32\netnm32.exe
    O4 - HKLM\..\RunOnce: [winrj32.exe] C:\WINDOWS\winrj32.exe
    O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe
    O4 - HKLM\..\RunOnce: [appft.exe] C:\WINDOWS\appft.exe
    O4 - HKLM\..\RunOnce: [addpr.exe] C:\WINDOWS\system32\addpr.exe
    O4 - HKLM\..\RunOnce: [croh32.exe] C:\WINDOWS\croh32.exe
    O4 - HKLM\..\RunOnce: [sdkjl.exe] C:\WINDOWS\system32\sdkjl.exe
    O4 - HKLM\..\RunOnce: [ipeu32.exe] C:\WINDOWS\system32\ipeu32.exe
    O4 - HKLM\..\RunOnce: [apihy.exe] C:\WINDOWS\apihy.exe
    O4 - HKLM\..\RunOnce: [wingo32.exe] C:\WINDOWS\wingo32.exe
    O4 - HKLM\..\RunOnce: [netcx32.exe] C:\WINDOWS\system32\netcx32.exe
    O4 - HKLM\..\RunOnce: [javaaf.exe] C:\WINDOWS\system32\javaaf.exe
    O4 - HKLM\..\RunOnce: [iewj32.exe] C:\WINDOWS\iewj32.exe
    O4 - HKLM\..\RunOnce: [crgr.exe] C:\WINDOWS\system32\crgr.exe
    O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\d3tg32.exe
    O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\system32\crid32.exe
    O4 - HKLM\..\RunOnce: [ieiq.exe] C:\WINDOWS\ieiq.exe
    O4 - HKLM\..\RunOnce: [crxy.exe] C:\WINDOWS\crxy.exe
    O4 - HKLM\..\RunOnce: [nethq32.exe] C:\WINDOWS\system32\nethq32.exe
    O4 - HKLM\..\RunOnce: [syswt32.exe] C:\WINDOWS\syswt32.exe
    O4 - HKLM\..\RunOnce: [syskq32.exe] C:\WINDOWS\system32\syskq32.exe
    O4 - HKLM\..\RunOnce: [sdkhm32.exe] C:\WINDOWS\sdkhm32.exe
    O4 - HKLM\..\RunOnce: [ipfh.exe] C:\WINDOWS\ipfh.exe
    O4 - HKLM\..\RunOnce: [addep32.exe] C:\WINDOWS\addep32.exe
    O4 - HKLM\..\RunOnce: [winnn32.exe] C:\WINDOWS\system32\winnn32.exe
    O4 - HKLM\..\RunOnce: [msxo.exe] C:\WINDOWS\msxo.exe
    O4 - HKLM\..\RunOnce: [ieck32.exe] C:\WINDOWS\ieck32.exe
    O4 - HKLM\..\RunOnce: [apilq.exe] C:\WINDOWS\apilq.exe
    O4 - HKLM\..\RunOnce: [crbf32.exe] C:\WINDOWS\system32\crbf32.exe
    O4 - HKLM\..\RunOnce: [winle32.exe] C:\WINDOWS\winle32.exe
    O4 - HKLM\..\RunOnce: [addtk.exe] C:\WINDOWS\addtk.exe
    O4 - HKLM\..\RunOnce: [addnd32.exe] C:\WINDOWS\system32\addnd32.exe
    O4 - HKLM\..\RunOnce: [d3bn32.exe] C:\WINDOWS\d3bn32.exe
    O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\addkg32.exe
    O4 - HKLM\..\RunOnce: [javako.exe] C:\WINDOWS\system32\javako.exe
    O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\system32\netoa.exe
    O4 - HKLM\..\RunOnce: [mfcyy.exe] C:\WINDOWS\mfcyy.exe
    O4 - HKLM\..\RunOnce: [apphz32.exe] C:\WINDOWS\system32\apphz32.exe
    O4 - HKLM\..\RunOnce: [appnw.exe] C:\WINDOWS\appnw.exe
    O4 - HKLM\..\RunOnce: [appbs.exe] C:\WINDOWS\system32\appbs.exe
    O4 - HKLM\..\RunOnce: [netmr32.exe] C:\WINDOWS\netmr32.exe
    O4 - HKLM\..\RunOnce: [crwk32.exe] C:\WINDOWS\system32\crwk32.exe
    O4 - HKLM\..\RunOnce: [mfces32.exe] C:\WINDOWS\mfces32.exe
    O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\system32\javazd32.exe
    O4 - HKLM\..\RunOnce: [msdi.exe] C:\WINDOWS\system32\msdi.exe
    O4 - HKLM\..\RunOnce: [crmi32.exe] C:\WINDOWS\system32\crmi32.exe
    O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\system32\apigz.exe
    O4 - HKLM\..\RunOnce: [msak.exe] C:\WINDOWS\system32\msak.exe
    O4 - HKLM\..\RunOnce: [javaqz.exe] C:\WINDOWS\javaqz.exe
    O4 - HKLM\..\RunOnce: [msvc.exe] C:\WINDOWS\system32\msvc.exe
    O4 - HKLM\..\RunOnce: [javazo.exe] C:\WINDOWS\javazo.exe
    O4 - HKLM\..\RunOnce: [winod32.exe] C:\WINDOWS\system32\winod32.exe
    O4 - HKLM\..\RunOnce: [iesm32.exe] C:\WINDOWS\iesm32.exe
    O4 - HKLM\..\RunOnce: [sysdy.exe] C:\WINDOWS\system32\sysdy.exe
    O4 - HKLM\..\RunOnce: [atlhc32.exe] C:\WINDOWS\system32\atlhc32.exe
    O4 - HKLM\..\RunOnce: [addqc.exe] C:\WINDOWS\system32\addqc.exe
    O4 - HKLM\..\RunOnce: [sdkri.exe] C:\WINDOWS\sdkri.exe
    O4 - HKLM\..\RunOnce: [mfcqy32.exe] C:\WINDOWS\system32\mfcqy32.exe
    O4 - HKLM\..\RunOnce: [ntjw32.exe] C:\WINDOWS\system32\ntjw32.exe
    O4 - HKLM\..\RunOnce: [sdkci32.exe] C:\WINDOWS\sdkci32.exe
    O4 - HKLM\..\RunOnce: [apibv32.exe] C:\WINDOWS\system32\apibv32.exe
    O4 - HKLM\..\RunOnce: [sysyr32.exe] C:\WINDOWS\system32\sysyr32.exe
    O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\system32\netbd.exe
    O4 - HKLM\..\RunOnce: [javazy32.exe] C:\WINDOWS\javazy32.exe
    O4 - HKLM\..\RunOnce: [netmi.exe] C:\WINDOWS\system32\netmi.exe
    O4 - HKLM\..\RunOnce: [nteq.exe] C:\WINDOWS\nteq.exe
    O4 - HKLM\..\RunOnce: [crwr32.exe] C:\WINDOWS\system32\crwr32.exe
    O4 - HKLM\..\RunOnce: [sysmy.exe] C:\WINDOWS\system32\sysmy.exe
    O4 - HKLM\..\RunOnce: [iewx.exe] C:\WINDOWS\iewx.exe
    O4 - HKLM\..\RunOnce: [ntum32.exe] C:\WINDOWS\ntum32.exe
    O4 - HKLM\..\RunOnce: [mfctc32.exe] C:\WINDOWS\system32\mfctc32.exe
    O4 - HKLM\..\RunOnce: [sdkpe32.exe] C:\WINDOWS\sdkpe32.exe
    O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe
    O4 - HKLM\..\RunOnce: [appda.exe] C:\WINDOWS\system32\appda.exe
    O4 - HKLM\..\RunOnce: [apinb.exe] C:\WINDOWS\apinb.exe
    O4 - HKLM\..\RunOnce: [sysmj32.exe] C:\WINDOWS\sysmj32.exe
    O4 - HKLM\..\RunOnce: [netby32.exe] C:\WINDOWS\system32\netby32.exe
    O4 - HKLM\..\RunOnce: [appsl32.exe] C:\WINDOWS\appsl32.exe
    O4 - HKLM\..\RunOnce: [d3wh32.exe] C:\WINDOWS\d3wh32.exe
    O4 - HKLM\..\RunOnce: [atlzt32.exe] C:\WINDOWS\atlzt32.exe
    O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\system32\netex32.exe
    O4 - HKLM\..\RunOnce: [netzp32.exe] C:\WINDOWS\netzp32.exe
    O4 - HKLM\..\RunOnce: [sdkxw.exe] C:\WINDOWS\sdkxw.exe
    O4 - HKLM\..\RunOnce: [ieta32.exe] C:\WINDOWS\system32\ieta32.exe
    O4 - HKLM\..\RunOnce: [crdb.exe] C:\WINDOWS\system32\crdb.exe
    O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\system32\mfclh.exe
    O4 - HKLM\..\RunOnce: [iekw32.exe] C:\WINDOWS\system32\iekw32.exe
    O4 - HKLM\..\RunOnce: [javaam.exe] C:\WINDOWS\javaam.exe
    O4 - HKLM\..\RunOnce: [apizt32.exe] C:\WINDOWS\apizt32.exe
    O4 - HKLM\..\RunOnce: [winxj32.exe] C:\WINDOWS\system32\winxj32.exe
    O4 - HKLM\..\RunOnce: [sysbs.exe] C:\WINDOWS\sysbs.exe
    O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe
    O4 - HKLM\..\RunOnce: [wingx.exe] C:\WINDOWS\wingx.exe
    O4 - HKLM\..\RunOnce: [sdkpd.exe] C:\WINDOWS\system32\sdkpd.exe
    O4 - HKLM\..\RunOnce: [atlot32.exe] C:\WINDOWS\system32\atlot32.exe
    O4 - HKLM\..\RunOnce: [sysea.exe] C:\WINDOWS\sysea.exe
    O4 - HKLM\..\RunOnce: [msik.exe] C:\WINDOWS\msik.exe
    O4 - HKLM\..\RunOnce: [addeo32.exe] C:\WINDOWS\system32\addeo32.exe
    O4 - HKLM\..\RunOnce: [ipqy32.exe] C:\WINDOWS\system32\ipqy32.exe
    O4 - HKLM\..\RunOnce: [netcd32.exe] C:\WINDOWS\system32\netcd32.exe
    O4 - HKLM\..\RunOnce: [appgn.exe] C:\WINDOWS\appgn.exe
    O4 - HKLM\..\RunOnce: [ntsx.exe] C:\WINDOWS\ntsx.exe
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaml.exe" /s (file missing)
  • With all other programs and browsers closed, click fix checked.

[*]Clean out temporary files:

  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.

[*]Restart your computer normally to return to normal mode.

[*]Free online antivirus scans:

[*]Reset Trusted/Restricted Sites

  • Download DelDomains.inf file to your desktop.
  • Right-click on the deldomains.inf file and select Install.
    Note : Since the Domains are deleted SpywareBlaster protection must be re-enabled, Spybot's Immunize feature must be used again, and you'll also have to re-install IE-SpyAd if installed.

[*]Prepare your reply:

  • Please post a fresh HijackThis log as a reply to this thread.
  • Please post the AboutBuster log.
  • Please note any complications you had.

Share this post


Link to post
Share on other sites

I folllowed the instruction that you kindly provided. Here are the follwing results:

About buster log:

Scanned at: 18:46:45 on: 12/05/2005

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\KB885835.log:azuht

C:\WINDOWS\opt_5030.ini:vgqlz

C:\WINDOWS\Q323183.log:abzru

C:\WINDOWS\SLSPTLNO.INI:pdani

Removed! : C:\WINDOWS\hswjz.dat

Removed! : C:\WINDOWS\system32\ekrge.dat

Attempted Clean Of Temp folder.

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\KB885835.log:azuht

C:\WINDOWS\opt_5030.ini:vgqlz

C:\WINDOWS\Q323183.log:abzru

C:\WINDOWS\SLSPTLNO.INI:pdani

Attempted Clean Of Temp folder.

Pages Reset... Done!

Scanned at: 09:36:13 on: 13/05/2005

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 26

No ADS found on system

Removed! : C:\WINDOWS\ddndf.dat

Removed! : C:\WINDOWS\gzdjs.dat

Removed! : C:\WINDOWS\lriyi.dat

Removed! : C:\WINDOWS\uylmc.dat

Removed! : C:\WINDOWS\system32\bnjdj.dat

Attempted Clean Of Temp folder.

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 26

No ADS found on system

Attempted Clean Of Temp folder.

Pages Reset... Done!

Scanned at: 10:08:03 on: 13/05/2005

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 26

No ADS found on system

Attempted Clean Of Temp folder.

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 26

No ADS found on system

Attempted Clean Of Temp folder.

Pages Reset... Done!

Scanned at: 14:54:59 on: 16/05/2005

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\njyup.txt:dyhdo

Removed 2 Random Key Entries

Removed! : C:\WINDOWS\system32\gripi.dat

Removed! : C:\WINDOWS\system32\grxxl.dat

Removed! : C:\WINDOWS\system32\jhkuo.dat

Attempted Clean Of Temp folder.

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 26

Removed Data Streams:

C:\WINDOWS\njyup.txt:dyhdo

Attempted Clean Of Temp folder.

Pages Reset... Done!

Hijackthis log:

Logfile of HijackThis v1.99.1

Scan saved at 14:55:29, on 16/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Roderick Thorn\Desktop\HijackThis.exe

O1 - Hosts: 84.66.219.98 cfm.zapto.org

O1 - Hosts: 70.85.147.68 forum.iamnotageek.com

O1 - Hosts: 66.197.95.135 gallys.40somethingmag.com

O1 - Hosts: 66.35.253.32 housecall.trendmicro.com

O1 - Hosts: 207.246.157.244 oldsexlinks.com

O1 - Hosts: 67.138.240.11 primehostreviews.com

O1 - Hosts: 66.28.176.86 shadow.atkingdom.com

O1 - Hosts: 207.246.157.249 spunkermovies.com

O1 - Hosts: 195.171.171.21 www.bankofscotland.co.uk

O1 - Hosts: 67.43.1.57 www.besttechie.net

O1 - Hosts: 213.150.62.120 www.bitdefender.com

O1 - Hosts: 66.55.148.147 www.cosmic-cum.com

O1 - Hosts: 66.98.132.62 www.emsisoft.com

O1 - Hosts: 66.28.176.236 www.erotiqlinks.com

O1 - Hosts: 194.60.170.7 www.experian.co.uk

O1 - Hosts: 63.105.4.85 www.hsbc.com

O1 - Hosts: 66.250.223.113 www.localfoxes.net

O1 - Hosts: 64.255.176.12 www.naughtyofficegallery.com

O1 - Hosts: 63.105.4.113 www.offshore.hsbc.com

O1 - Hosts: 205.241.15.113 www.offshore.hsbc.com

O1 - Hosts: 193.108.153.116 www.pandasoftware.com

O1 - Hosts: 213.233.121.11 www.ravantivirus.com

O1 - Hosts: 212.227.253.104 www.safer-networking.org

O1 - Hosts: 69.50.130.78 www.snakesworld.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O1 - Hosts: 69.50.130.77 www.sonofsnake.com

O1 - Hosts: 62.149.140.14 www.spamihilator.com

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O1 - Hosts: 202.27.184.102 www.xtra.co.nz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Class - {FEDF758B-DA6A-9E13-D256-1A83178C70DC} - C:\WINDOWS\system32\mszc32.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe

O4 - HKLM\..\Run: [iezf32.exe] C:\WINDOWS\iezf32.exe

O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe

O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe

O4 - HKLM\..\RunOnce: [iplx.exe] C:\WINDOWS\system32\iplx.exe

O4 - HKLM\..\RunOnce: [winrc.exe] C:\WINDOWS\system32\winrc.exe

O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe

O4 - HKLM\..\RunOnce: [iens.exe] C:\WINDOWS\system32\iens.exe

O4 - HKLM\..\RunOnce: [mfcaa.exe] C:\WINDOWS\system32\mfcaa.exe

O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\system32\iefc32.exe

O4 - HKLM\..\RunOnce: [addkg.exe] C:\WINDOWS\system32\addkg.exe

O4 - HKLM\..\RunOnce: [d3pa.exe] C:\WINDOWS\system32\d3pa.exe

O4 - HKLM\..\RunOnce: [sdkxz.exe] C:\WINDOWS\sdkxz.exe

O4 - HKLM\..\RunOnce: [atlcu.exe] C:\WINDOWS\atlcu.exe

O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe

O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINDOWS\mseq.exe

O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe

O4 - HKLM\..\RunOnce: [atltg32.exe] C:\WINDOWS\system32\atltg32.exe

O4 - HKLM\..\RunOnce: [ipkn32.exe] C:\WINDOWS\system32\ipkn32.exe

O4 - HKLM\..\RunOnce: [sysst32.exe] C:\WINDOWS\sysst32.exe

O4 - HKLM\..\RunOnce: [javaxn.exe] C:\WINDOWS\system32\javaxn.exe

O4 - HKLM\..\RunOnce: [mfccr.exe] C:\WINDOWS\system32\mfccr.exe

O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe

O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe

O4 - HKLM\..\RunOnce: [crly32.exe] C:\WINDOWS\system32\crly32.exe

O4 - HKLM\..\RunOnce: [ieqc.exe] C:\WINDOWS\ieqc.exe

O4 - HKLM\..\RunOnce: [mszc32.exe] C:\WINDOWS\system32\mszc32.exe

O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\d3nz32.exe

O4 - HKLM\..\RunOnce: [ipsv32.exe] C:\WINDOWS\ipsv32.exe

O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe

O4 - HKLM\..\RunOnce: [winsl.exe] C:\WINDOWS\system32\winsl.exe

O4 - HKLM\..\RunOnce: [ipwv.exe] C:\WINDOWS\ipwv.exe

O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\ipvf32.exe

O4 - HKLM\..\RunOnce: [apiof32.exe] C:\WINDOWS\apiof32.exe

O4 - HKLM\..\RunOnce: [msla32.exe] C:\WINDOWS\system32\msla32.exe

O4 - HKLM\..\RunOnce: [ieti.exe] C:\WINDOWS\system32\ieti.exe

O4 - HKLM\..\RunOnce: [ipjm.exe] C:\WINDOWS\system32\ipjm.exe

O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\system32\mfcws.exe

O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\system32\addep.exe

O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\d3jr32.exe

O4 - HKLM\..\RunOnce: [sysvh32.exe] C:\WINDOWS\sysvh32.exe

O4 - HKLM\..\RunOnce: [crlx32.exe] C:\WINDOWS\system32\crlx32.exe

O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe

O4 - HKLM\..\RunOnce: [apppw32.exe] C:\WINDOWS\system32\apppw32.exe

O4 - HKLM\..\RunOnce: [atlwe.exe] C:\WINDOWS\atlwe.exe

O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\system32\appxf.exe

O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\ipnu32.exe

O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe

O4 - HKLM\..\RunOnce: [sdkgn.exe] C:\WINDOWS\system32\sdkgn.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: BlueSpace NE.lnk = C:\Program Files\sony\BlueSpace\BlueSpaceNE.exe

O4 - Startup: Mortgage Brain Scheduler.LNK = C:\MBL\scheduler\MBScheduler.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe

O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\Mxalarm.exe

O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\Mxfinder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O15 - Trusted IP range: http://192.168.0.1

O15 - Trusted IP range: http://81.77.11.109

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA264C7-B389-495F-82BF-939BF9C043C6}: NameServer = 195.92.195.94,195.92.195.95

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe

O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\ALURIA~1\asKernel.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roderick Thorn\Desktop\CWShredder.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

The problem still seems to be there. I think the only solution is to reinstall windows. When rebooting the machine I was informed of a whole load of files that could not be found. I assume by reinstalling windows these files will be restored?

Many thanks for your help.

Rick

Share this post


Link to post
Share on other sites

Step 1

Download this file to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select Install.

Note : Since the Domains are deleted SpywareBlaster protection must be re-enabled, Spybot's Immunize feature must be used again, and you'll also have to re-install IE-SpyAd if installed.

Step 2

Click Here to download Killbox by Option^Explicit.

Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.

In the killbox program, select the Delete on Reboot option.

In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\WINDOWS\system32\mszc32.dll

C:\WINDOWS\system32\netmp32.exe

C:\WINDOWS\iezf32.exe

C:\WINDOWS\javaml.exe

C:\WINDOWS\system32\ipya32.exe

C:\WINDOWS\system32\iplx.exe

C:\WINDOWS\system32\winrc.exe

C:\WINDOWS\mfciq32.exe

C:\WINDOWS\system32\iens.exe

C:\WINDOWS\system32\mfcaa.exe

C:\WINDOWS\system32\iefc32.exe

C:\WINDOWS\system32\addkg.exe

C:\WINDOWS\system32\d3pa.exe

C:\WINDOWS\sdkxz.exe

C:\WINDOWS\atlcu.exe

C:\WINDOWS\system32\ntlu.exe

C:\WINDOWS\mseq.exe

C:\WINDOWS\system32\sdkod.exe

C:\WINDOWS\system32\atltg32.exe

C:\WINDOWS\system32\ipkn32.exe

C:\WINDOWS\sysst32.exe

C:\WINDOWS\system32\javaxn.exe

C:\WINDOWS\system32\mfccr.exe

C:\WINDOWS\system32\javaxp32.exe

C:\WINDOWS\addgv.exe

C:\WINDOWS\system32\crly32.exe

C:\WINDOWS\ieqc.exe

C:\WINDOWS\system32\mszc32.exe

C:\WINDOWS\d3nz32.exe

C:\WINDOWS\ipsv32.exe

C:\WINDOWS\msnh32.exe

C:\WINDOWS\system32\winsl.exe

C:\WINDOWS\ipwv.exe

C:\WINDOWS\ipvf32.exe

C:\WINDOWS\apiof32.exe

C:\WINDOWS\system32\msla32.exe

C:\WINDOWS\system32\ieti.exe

C:\WINDOWS\system32\ipjm.exe

C:\WINDOWS\system32\mfcws.exe

C:\WINDOWS\system32\addep.exe

C:\WINDOWS\d3jr32.exe

C:\WINDOWS\sysvh32.exe

C:\WINDOWS\system32\crlx32.exe

C:\WINDOWS\system32\d3tf32.exe

C:\WINDOWS\system32\apppw32.exe

C:\WINDOWS\atlwe.exe

C:\WINDOWS\system32\appxf.exe

C:\WINDOWS\ipnu32.exe

C:\WINDOWS\crlb32.exe

C:\WINDOWS\system32\sdkgn.exe

Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts.

If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Step 3

Scan with HijackThis and check the following:

O2 - BHO: Class - {FEDF758B-DA6A-9E13-D256-1A83178C70DC} - C:\WINDOWS\system32\mszc32.dll

O4 - HKLM\..\Run: [netmp32.exe] C:\WINDOWS\system32\netmp32.exe

O4 - HKLM\..\Run: [iezf32.exe] C:\WINDOWS\iezf32.exe

O4 - HKLM\..\RunOnce: [javaml.exe] C:\WINDOWS\javaml.exe

O4 - HKLM\..\RunOnce: [ipya32.exe] C:\WINDOWS\system32\ipya32.exe

O4 - HKLM\..\RunOnce: [iplx.exe] C:\WINDOWS\system32\iplx.exe

O4 - HKLM\..\RunOnce: [winrc.exe] C:\WINDOWS\system32\winrc.exe

O4 - HKLM\..\RunOnce: [mfciq32.exe] C:\WINDOWS\mfciq32.exe

O4 - HKLM\..\RunOnce: [iens.exe] C:\WINDOWS\system32\iens.exe

O4 - HKLM\..\RunOnce: [mfcaa.exe] C:\WINDOWS\system32\mfcaa.exe

O4 - HKLM\..\RunOnce: [iefc32.exe] C:\WINDOWS\system32\iefc32.exe

O4 - HKLM\..\RunOnce: [addkg.exe] C:\WINDOWS\system32\addkg.exe

O4 - HKLM\..\RunOnce: [d3pa.exe] C:\WINDOWS\system32\d3pa.exe

O4 - HKLM\..\RunOnce: [sdkxz.exe] C:\WINDOWS\sdkxz.exe

O4 - HKLM\..\RunOnce: [atlcu.exe] C:\WINDOWS\atlcu.exe

O4 - HKLM\..\RunOnce: [ntlu.exe] C:\WINDOWS\system32\ntlu.exe

O4 - HKLM\..\RunOnce: [mseq.exe] C:\WINDOWS\mseq.exe

O4 - HKLM\..\RunOnce: [sdkod.exe] C:\WINDOWS\system32\sdkod.exe

O4 - HKLM\..\RunOnce: [atltg32.exe] C:\WINDOWS\system32\atltg32.exe

O4 - HKLM\..\RunOnce: [ipkn32.exe] C:\WINDOWS\system32\ipkn32.exe

O4 - HKLM\..\RunOnce: [sysst32.exe] C:\WINDOWS\sysst32.exe

O4 - HKLM\..\RunOnce: [javaxn.exe] C:\WINDOWS\system32\javaxn.exe

O4 - HKLM\..\RunOnce: [mfccr.exe] C:\WINDOWS\system32\mfccr.exe

O4 - HKLM\..\RunOnce: [javaxp32.exe] C:\WINDOWS\system32\javaxp32.exe

O4 - HKLM\..\RunOnce: [addgv.exe] C:\WINDOWS\addgv.exe

O4 - HKLM\..\RunOnce: [crly32.exe] C:\WINDOWS\system32\crly32.exe

O4 - HKLM\..\RunOnce: [ieqc.exe] C:\WINDOWS\ieqc.exe

O4 - HKLM\..\RunOnce: [mszc32.exe] C:\WINDOWS\system32\mszc32.exe

O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\d3nz32.exe

O4 - HKLM\..\RunOnce: [ipsv32.exe] C:\WINDOWS\ipsv32.exe

O4 - HKLM\..\RunOnce: [msnh32.exe] C:\WINDOWS\msnh32.exe

O4 - HKLM\..\RunOnce: [winsl.exe] C:\WINDOWS\system32\winsl.exe

O4 - HKLM\..\RunOnce: [ipwv.exe] C:\WINDOWS\ipwv.exe

O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\ipvf32.exe

O4 - HKLM\..\RunOnce: [apiof32.exe] C:\WINDOWS\apiof32.exe

O4 - HKLM\..\RunOnce: [msla32.exe] C:\WINDOWS\system32\msla32.exe

O4 - HKLM\..\RunOnce: [ieti.exe] C:\WINDOWS\system32\ieti.exe

O4 - HKLM\..\RunOnce: [ipjm.exe] C:\WINDOWS\system32\ipjm.exe

O4 - HKLM\..\RunOnce: [mfcws.exe] C:\WINDOWS\system32\mfcws.exe

O4 - HKLM\..\RunOnce: [addep.exe] C:\WINDOWS\system32\addep.exe

O4 - HKLM\..\RunOnce: [d3jr32.exe] C:\WINDOWS\d3jr32.exe

O4 - HKLM\..\RunOnce: [sysvh32.exe] C:\WINDOWS\sysvh32.exe

O4 - HKLM\..\RunOnce: [crlx32.exe] C:\WINDOWS\system32\crlx32.exe

O4 - HKLM\..\RunOnce: [d3tf32.exe] C:\WINDOWS\system32\d3tf32.exe

O4 - HKLM\..\RunOnce: [apppw32.exe] C:\WINDOWS\system32\apppw32.exe

O4 - HKLM\..\RunOnce: [atlwe.exe] C:\WINDOWS\atlwe.exe

O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\system32\appxf.exe

O4 - HKLM\..\RunOnce: [ipnu32.exe] C:\WINDOWS\ipnu32.exe

O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe

O4 - HKLM\..\RunOnce: [sdkgn.exe] C:\WINDOWS\system32\sdkgn.exe

With all other programs and browsers closed, click fix checked.

Step 4

Scan with HijackThis and post a new log as a reply to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.