Monday, July 11, 2005 12:28:09
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/07/2005
Kaspersky Anti-Virus database records: 130065
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 58327
Number of viruses found 16
Number of infected objects 78
Number of suspicious objects 4
Duration of the scan process 1873 sec
Infected Object Name Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip/125439.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS6.zip/125439.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS6.zip Suspicious: Password-protected-EXE
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\QMem0628200523253563234.asw Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:xtfex:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP266\A0063746.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064024.exe Infected: Trojan.Win32.Small.i
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064135.lrs:fdehpw:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064140.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064140.ico:xtfex:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064141.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064141.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064156.prx:spdqh:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064766.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064767.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP269\A0065410.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\WINDOWS\bysites.dat:wapqu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Directx.log:jmnzui:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\IIS6.LOG:icojhv:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB821557Uninst.log:tgtse:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB823980.log:ilqur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB828035.log:zrdxke:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\KB835732.log:dwbdp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB867282.log:bdekrd:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\KB873333.log:evlce:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB873339.log:rqhkpe:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB873376.log:lhwnw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893066.log:mzclb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893066.log:uqtlgm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\lu.dat:utmuz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\MSGSOCM.LOG:iuixu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntdtcsetup.log:dmvut:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntdtcsetup.log:nkrkf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_gpopaw.log:zwywo:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_ivmadt.dat:egiwf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_ivmadt.dat:jwfsj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_kyuvgo.dat:rvwfq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_nzxrdu.dat Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\n_ooqaax.log Infected: Trojan-Downloader.Win32.Agent.ap
C:\WINDOWS\n_pawvbv.dat Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_uqurvs.log Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\n_wkgnob.dat:fmzjn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_xtdrwz.log Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\OCMSN.LOG:etpuo:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\OCMSN.LOG:lvgwr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ojbov.log:sltkpv:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\ojbov.log:yvchj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q327979.log:aeqmgo:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\Q329834.log:eaqjy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q331060.log:piouq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q817287.log:sxagd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\QTFont.for:vgllt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\REGLOCS.OLD:nhwqv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\SETUPERR.LOG:eozbu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setupod.exe Infected: Trojan-Dropper.Win32.Agent.av
C:\WINDOWS\SYSTEM32\eliteerror32.dat Infected: Trojan.Win32.StartPage.nk
C:\WINDOWS\SYSTEM32\nvwqn.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\WINDOWS\SYSTEM32\temperror32.dat Infected: Trojan.Win32.StartPage.nk
C:\WINDOWS\SYSTEM32\wuwntry.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\WINDOWS\TSOC.LOG:fhpmci:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\TSOC.LOG:hrvzl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\WIASERVC.LOG:lqndj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\WIASERVC.LOG:qhrhzw:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\WindowsUpdate.log:horfk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xmotb.log:tpqml:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xpsp1hfm.log:lguvw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
Scan process completed.
-----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:34:53 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\FixforDrWatson\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~2.0\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------
Scan was COMPLETED SUCCESSFULLY at 2:05:36 PM
AboutBuster 5.0 reference file 30
Scan started on [7/10/2005] at [8:26:00 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:26:20 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [10:05:37 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:05:57 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [10:13:54 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:14:15 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [10:19:58 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:20:10 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [11:04:02 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:04:16 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [11:16:01 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:16:22 AM
AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [11:22:38 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:22:58 AM
-----------------------------------
Ran the AboutBuster, Shredder and CleanUp for all userID's under SafeMode (administrater, myself, and my husband). Then ran the VirusScan again. Above are the logs. Still doesn't answer how I get that Domains thing to work though.
Edited by frustratedmom, 11 July 2005 - 10:26 AM.