-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, August 02, 2005 20:17:23
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/08/2005
Kaspersky Anti-Virus database records: 133452
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: false
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 51032
Number of viruses found: 4
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 2438 sec
Infected Object Name - Virus Name
C:\WINDOWS\explorer.scf:aioup:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\explorer.scf:hlzxh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ieov32.exe:kbrnl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\LGICC.DLL:hpjsw:$DATA Infected: Backdoor.Win32.Small.dc
C:\WINDOWS\msdfmap.ini:pczgza:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\notepad.exe:ejnqn:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\ODBCINST.INI:pkraj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z
C:\WINDOWS\uninNMP.exe:dpmpb:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\uninNMP.exe:zfskc:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\vbaddin.ini:gjpay:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
Scan process completed.
Here's my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 21:37:57, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8CE634-736D-4EFA-A44E-42EF3C0F5833}: NameServer = 80.225.249.178 80.225.255.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C8CE634-736D-4EFA-A44E-42EF3C0F5833}: NameServer = 80.225.249.178 80.225.255.58
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I've ran AVG/Adaware and Search and Destroy off, but still nothing. Can anyone help with getting rid of the Trojans. Any help gratefully received. Oh, have also ran CWS Shredder.
Thanks in advance!
Mandy