Sadly, I just re-booted and AVG came straight up with a warning of "Worm/Lovsa.A" in C:\Windows\system32\TFTP2024. The system then tried to shut down, I aborted the shutdown with a "shutdown.exe -a" command.
This is the latest log. Any ideas?
Logfile of HijackThis v1.98.0
Scan saved at 16:32:19, on 25/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\BT Digital Access USB\gsyno.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.oneview.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.oneview.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.oneview.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Oneview.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GazelDisplay] "C:\Program Files\BT Digital Access USB\gsyno.exe" -h
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.oneview.net
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{517A7010-78D0-4FCE-8BF7-A27BEA4F725F}: NameServer = 195.92.195.94 195.92.195.95
Cheers
TeeS