Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Anti Virus Pro


  • Please log in to reply
2 replies to this topic

#1 Mike_UK

Mike_UK

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 09 May 2009 - 04:55 PM

Hi everyone.

I better point out that these infections havnt been on my computers, they were on friends and family pc's and I dont live near them so it might take me a few hours to get access to log files ect if I'm asked to..

In the last week Ive seen 2 infections from "Internet Anti Virus Pro"

I also should tell you a few problems that I've had recently with this nice little malware program.

The first computer didnt cause any real problems, I'm thinking the lack of RAM this system had, helped as when the neasty program tried to pop up it just froze the system and needed to be rebooted....

I easily removed this infection with a free copy of MBAM and the scan only found 32 files and removed all of them first time with ease...

Now, the second pc had been running slow for about a month I didnt think anything of it at first.. I knew something was wrong because "ctrl - alt - del" would be met by a pop up explaining that task manager had been disabled by the administrator which wasnt possible as I'm the only person with administrator permissions.

Over the next few days I had messages telling me that Norton Antivirus was disabled and a few other errors pop ups about Norton, so I unistalled 2008 and reinstalled it with 2009 but its still showing as disabled but it is actually working which is a start.

I ran a copy of thr free MBAM and on this computer it picked up 68 files, it deleted 66 of these and needed to reboot to remove the rest "Kwave.sys, Mrxdavv.sys"

I rescanned after the reboot but they were still showing up on the system, with the same note that they would be deleted on reboot.. I tried this about 4 times before running MBAM in safe mode to see if that made any difference and even though it found 1 trojan which it removed, when I loaded up XP normally the 2 files were still there.

I've had a look to find the file manually and all I come across is "mrxdav.sys" and not "mrxdavv.sys", I've read that these files are hidden and that I need to reveal them before I can manually find and remove them but as I've nearly exhausted my knowledge I thought I better ask before I fry my brain anymore.

--- PS ---- The other thing I've noticed is that upon removal of the 66 files, I can no longer connect to the wired internet or to the wireless router via network cable. I can ping the router fine but when I open Internet explorer I get the "page cannot be displayed error", even when trying to access the router and every other website I tried.

Any idea's??

I've got a few log files and I have a MBAM log if needed but for now I'll just post the HJT log..

Thanks in advance everyone

Mike

Edited by Mike_UK, 09 May 2009 - 06:01 PM.


BC AdBot (Login to Remove)

 


#2 Mike_UK

Mike_UK
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 09 May 2009 - 06:02 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:56, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 www.online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 www.ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 www.new.egg.com
O1 - Hosts: 82.146.46.170 moneybookers.com
O1 - Hosts: 82.146.46.170 www.moneybookers.com
O1 - Hosts: 82.146.46.170 inscape.com
O1 - Hosts: 82.146.46.170 www.inscape.com
O1 - Hosts: 82.146.46.170 bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 www.bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 cahoot.com
O1 - Hosts: 82.146.46.170 www.cahoot.com
O1 - Hosts: 82.146.46.170 icicibank.co.uk
O1 - Hosts: 82.146.46.170 www.icicibank.co.uk
O1 - Hosts: 82.146.46.170 natwest.com
O1 - Hosts: 82.146.46.170 www.natwest.com
O1 - Hosts: 82.146.46.170 nwolb.com
O1 - Hosts: 82.146.46.170 www.nwolb.com
O1 - Hosts: 82.146.46.170 mbna.co.uk
O1 - Hosts: 82.146.46.170 www.mbna.co.uk
O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 www.businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 www.capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 service.citicards.co.uk
O1 - Hosts: 82.146.46.170 www.service.citicards.co.uk
O1 - Hosts: 82.146.46.170 citibank.co.uk
O1 - Hosts: 82.146.46.170 www.citibank.co.uk
O1 - Hosts: 82.146.46.170 scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.scotwest.co.uk
O1 - Hosts: 82.146.46.170 secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 www.partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 www.esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 firstdirect.com
O1 - Hosts: 82.146.46.170 www.firstdirect.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [340607513] "C:\Documents and Settings\All Users\Application Data\660603019\340607513.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11482 bytes

#3 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:05 AM

Posted 17 May 2009 - 07:26 AM

your log is several days old. if you still need help, post back.

to get connectivity back in IE you can do this:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 www.online-business.lloydstsb.co.uk
O1 - Hosts: 82.146.46.170 online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 www.online-offshore.lloydstsb.com
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 www.ibank.internationalbanking.barclays.com
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 www.new.egg.com
O1 - Hosts: 82.146.46.170 moneybookers.com
O1 - Hosts: 82.146.46.170 www.moneybookers.com
O1 - Hosts: 82.146.46.170 inscape.com
O1 - Hosts: 82.146.46.170 www.inscape.com
O1 - Hosts: 82.146.46.170 bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 www.bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 cahoot.com
O1 - Hosts: 82.146.46.170 www.cahoot.com
O1 - Hosts: 82.146.46.170 icicibank.co.uk
O1 - Hosts: 82.146.46.170 www.icicibank.co.uk
O1 - Hosts: 82.146.46.170 natwest.com
O1 - Hosts: 82.146.46.170 www.natwest.com
O1 - Hosts: 82.146.46.170 nwolb.com
O1 - Hosts: 82.146.46.170 www.nwolb.com
O1 - Hosts: 82.146.46.170 mbna.co.uk
O1 - Hosts: 82.146.46.170 www.mbna.co.uk
O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 www.businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 www.capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 service.citicards.co.uk
O1 - Hosts: 82.146.46.170 www.service.citicards.co.uk
O1 - Hosts: 82.146.46.170 citibank.co.uk
O1 - Hosts: 82.146.46.170 www.citibank.co.uk
O1 - Hosts: 82.146.46.170 scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.scotwest.co.uk
O1 - Hosts: 82.146.46.170 secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 www.partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 www.esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 firstdirect.com
O1 - Hosts: 82.146.46.170 www.firstdirect.com
O4 - HKLM\..\Run: [340607513] "C:\Documents and Settings\All Users\Application Data\660603019\340607513.exe"

reboot machine.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users