Hey Kool808
thanks again for helping out on this, so far so good...i followed your instructions and was able to use internet explorer to get onto Kaspersky without IE crashing, the virus scan found 10 viruses and 71 suspicious objects.
Logfile of HijackThis v1.99.1
Scan saved at 15:12:01, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Leigh\My Documents\My Received Files\av software\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.ukR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.philrees.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Remote_Agent] "D:\Program Files\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"
O4 - HKCU\..\Run: [SpeedswitchXP] D:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...83/mcinsctl.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://us.mcafee.com...ScannerCtrl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,20/mcgdmgr.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...514/mcfscan.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://D:\Program Files\OpenCube\Visual QuickMenu Pro\program\comdlg32.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE
AboutBuster 5.0 reference file 31
Scan started on [30/08/2005] at [14:03:28]
------------------------------------------------
Removed Stream! D:\WINDOWS\cdplayer.ini:zdhsho
Removed Stream! D:\WINDOWS\control.ini:kwkcdj
Removed Stream! D:\WINDOWS\KB828035.log:bgtnod
Removed Stream! D:\WINDOWS\KB835732.log:thmsin
Removed Stream! D:\WINDOWS\KB839645.log:miegly
Removed Stream! D:\WINDOWS\Rhododendron.bmp:gvosen
Removed Stream! D:\WINDOWS\_default.pif:izrabj
Removed Stream! D:\WINDOWS\_default.pif:lausxe
Removed Stream! D:\WINDOWS\_default.pif:uerhmv
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:03:47
AboutBuster 5.0 reference file 31
Scan started on [30/08/2005] at [14:06:16]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:06:35
AboutBuster 5.0 reference file 31
Scan started on [30/08/2005] at [14:06:46]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:06:57
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 30, 2005 15:09:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/08/2005
Kaspersky Anti-Virus database records: 137582
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 82329
Number of viruses found: 10
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 3026 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032130.exe Infected: Trojan-Downloader.Win32.Small.gl
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP193\A0031532.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032064.exe Infected: Trojan.Win32.Small.ev
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032067.pif:xxopew:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032071.exe Infected: Backdoor.Win32.Agent.bg
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032080.pif:nninj:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032080.pif:xxopew:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032103.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032104.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032105.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032106.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032107.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032108.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032109.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032110.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032111.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032112.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032113.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032114.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032115.exe Infected: Trojan.Win32.Small.ev
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032118.ini:wxulsg:$DATA Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032118.ini:zdhsh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032119.ini:kwkcd:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:dmgudr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:fmtmc:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:kewta:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:ksaav:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:nninj:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:vgzmo:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:vldtr:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032120.pif:xxopew:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032131.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032132.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032133.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032134.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032135.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032136.ini:qnwfy:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032137.ini:wxulsg:$DATA Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032137.ini:zdhsh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032138.ini:kwkcd:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032140.INI:qfqcsq:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032141.exe Infected: Trojan-Downloader.Win32.Small.bju
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032142.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032143.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032144.INI:vjacj:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032145.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032146.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032147.dll Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032148.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032151.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032152.dll Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032153.exe Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032154.dll Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032155.dll Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032156.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032157.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032158.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032159.exe Infected: Trojan.Win32.Agent.bi
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032160.ini:novuo:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032161.PRX:xpynk:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:dmgudr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:fmtmc:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:kewta:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:ksaav:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:nninj:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:vgzmo:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:vldtr:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032162.pif:xxopew:$DATA Infected: Trojan-Downloader.Win32.Agen.tbq
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP194\A0032164.dll Infected: Trojan.Win32.Small.ev
D:\System Volume Information\_restore{8629F9E5-819D-4952-93D6-711E46FF15CE}\RP196\A0032180.dll Infected: Virus.Win32.Nsag.b
D:\WINDOWS\system32\in8PwrScrMs1086.dll Infected: Trojan-Dropper.Win32.Small.abd
Scan process completed.
I don't think Kaspersky removed any of the infected files so will i have to that manually?
thanks
Scott