Hi Guy's back at work again..

Have this one on my bench at this moment..

Win XP he.. with SP1 installed.. not sure of patches installed .. I know we have rpc-dcom covered but not sure since..
removed a little from the system sofar

nachi
d/l swizzer
spybot.worm
Randex.gen


have some crap random that look like a Bugbear type infection.. but are not fitting the information available..

did a netstat -a while connected to a test network..

and had ports listening in the 3000-3039, 4000.. 13000...

btw: whle NOT connected to a lan or internet I deleted the random named entries in the registry aswell as the same named in the system32 only for a different named file to return..
Also a quick HJT scan returned a few regular crap.. trying to remove them is interesting.. besides being denied access to the hosts file (now empty) ,
one is "Hijacked Internet access by New.Net
and "Broken Internet access because of LSP provider ösmim.dll"missing

ticking these to allow hjt to do its stuff results in a message box with three lines of "boxes" then the message "to fix these items will require a restart" needless they remain..

next step is to scann the hdd in another machine and see what it finds..

but first I recheck the cleans I have done.. just in case..

Cheers