//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 10/10/2005 16:44:10
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
C:\WINDOWS\SYSBCKUP
C:\WINDOWS\SYSTEM
Folders : 1089
Files : 79482
Archives : 5388
Packed files : 3867
Identified viruses : 8
Infected files : 13
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 9
Renamed files : 0
I/O errors : 4
Scan time : 01:31:51
Scan speed (files/sec) : 14
Virus definitions : 219560
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0002 Infected Trojan.Clicker.Vb.DN
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0002 Disinfection failed
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0002 Move failed
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0003 Infected Trojan.Vb.SY
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0003 Disinfection failed
C:\WINDOWS\System32\nxscript.exe=>(NSIS o)=>zlib_nsis0003 Move failed
C:\WINDOWS\System32\winaspi32.exe Infected Trojan.Vb.QV
C:\WINDOWS\System32\winaspi32.exe Disinfection failed
C:\WINDOWS\System32\winaspi32.exe Moved
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\15IJKLA5\download[1].htm Infected Exploit.Html.Codebase.Exec.Gen
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\15IJKLA5\download[1].htm Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\15IJKLA5\download[1].htm Moved
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\RQ58TNR7\TRACK31[1].CHM=>/track31.htm Infected Exploit.ADODB.Stream.Gen
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\RQ58TNR7\TRACK31[1].CHM=>/track31.htm Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\RQ58TNR7\TRACK31[1].CHM=>/track31.htm Move failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\FPOKG3ZZ\trk_0031[1].exe Infected Trojan.Downloader.BYN
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\FPOKG3ZZ\trk_0031[1].exe Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\FPOKG3ZZ\trk_0031[1].exe Moved
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\WHUB0DYJ\TRACK30[1].CHM=>/track30.htm Infected Exploit.ADODB.Stream.Gen
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\WHUB0DYJ\TRACK30[1].CHM=>/track30.htm Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\WHUB0DYJ\TRACK30[1].CHM=>/track30.htm Move failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MP5EZQ94\download[1].htm Infected Exploit.Html.Codebase.Exec.Gen
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MP5EZQ94\download[1].htm Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MP5EZQ94\download[1].htm Moved
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MXRGDSBY\trk_0030[1].exe Infected Trojan.Downloader.BYN
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MXRGDSBY\trk_0030[1].exe Disinfection failed
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\MXRGDSBY\trk_0030[1].exe Moved
C:\WINDOWS\ssgdskj.dll Infected Trojan.Downloader.Qoologic.AC
C:\WINDOWS\ssgdskj.dll Disinfection failed
C:\WINDOWS\ssgdskj.dll Moved
C:\WINDOWS\jabka.dll Infected Trojan.Downloader.Qoologic.AC
C:\WINDOWS\jabka.dll Disinfection failed
C:\WINDOWS\jabka.dll Moved
C:\WINDOWS\cfgmgr52.dll Detected: Adware.BookedSpace.E
C:\WINDOWS\cfgmgr52.dll Disinfection failed
C:\WINDOWS\cfgmgr52.dll Moved
C:\Program Files\Windows Media Player\wmplayer.exe Infected Trojan.Downloader.BYN
C:\Program Files\Windows Media Player\wmplayer.exe Disinfection failed
C:\Program Files\Windows Media Player\wmplayer.exe Moved
New hijack:
Logfile of HijackThis v1.99.1
Scan saved at 6:29:30 PM, on 10/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender8\bdinit.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)