Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

another post but no replies? can anyone have a look?


  • This topic is locked This topic is locked

#1
Babs cabs

Babs cabs

    Member

  • Member
  • PipPip
  • 17 posts
I am using w2k pro

and this is my log and bitdefender log:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:38 PM, on 11/2/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\wuapi.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Documents and Settings\Colomba O'Doherty\Desktop\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\System32\scvhost.exe
C:\WINNT\System32\winIogon.exe
C:\WINNT\Explorer.exe
C:\WINNT\Q29sb21iYSBPJ0RvaGVydHk\command.exe
c:\regular_plugin.exe
C:\PROGRA~1\COMMON~1\oriq\oriqm.exe
C:\PROGRA~1\COMMON~1\oriq\oriqa.exe
c:\windows\sp2update00.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdlite.exe
C:\Documents and Settings\Colomba O'Doherty\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [msresearch] c:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] c:\windows\sp2update00.exe
O4 - HKLM\..\Run: [System service78] C:\WINNT\\\etb\\pokapoka78.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Colomba O'Doherty\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF0D385-2B0B-4C49-A161-5C025E1858CD}: NameServer = 194.74.65.68 194.72.0.114
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\lrrmonui.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\Q29sb21iYSBPJ0RvaGVydHk\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 02/11/2005 13:28:52
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 3648
Files : 269063
Archives : 8906
Packed files : 27007
Identified viruses : 16
Infected files : 25
Warnings : 0
Suspect files : 1
Disinfected files : 0
Deleted files : 13
Copied files : 0
Moved files : 11
Renamed files : 0
I/O errors : 19
Scan time : 00:55:54
Scan speed (files/sec) : 80

Virus definitions : 232371
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Deleted
C:\113_dollarrevenue_4_0_3_9.exe Update failed
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part)=>thank_you.pif Infected Win32.Sobig.F@mm
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part)=>thank_you.pif Deleted
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part) Update
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2) Update
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx Update failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Infected Trojan.Downloader.VB.RI
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Disinfection failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Moved
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Deleted
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe Update failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Infected Trojan.Downloader.Vb.NH
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Disinfection failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Moved
C:\drsmartload.exe Infected Trojan.Downloader.VB.RI
C:\drsmartload.exe Disinfection failed
C:\drsmartload.exe Moved
C:\hsis32.exe Suspect Trojan.Downloader.Win32.Adload.J
C:\hsis32.exe Disinfection failed
C:\hsis32.exe Moved
C:\Program Files\Common Files\oriq\oriqa.exe Infected Trojan.Downloader.Tsupdate.L
C:\Program Files\Common Files\oriq\oriqa.exe Disinfection failed
C:\Program Files\Common Files\oriq\oriqa.exe Moved
C:\Program Files\Common Files\oriq\oriql.exe Infected Trojan.Downloader.TSUpdate.J
C:\Program Files\Common Files\oriq\oriql.exe Deleted
C:\Program Files\Common Files\oriq\oriqm.exe Infected Trojan.Downloader.TSUpdate.K
C:\Program Files\Common Files\oriq\oriqm.exe Deleted
C:\windows\sp2update00.exe Infected Trojan.Downloader.Vb.NH
C:\windows\sp2update00.exe Disinfection failed
C:\windows\sp2update00.exe Moved
C:\WINNT\etb\nt_hide78.dll Infected Trojan.EliteBar.G
C:\WINNT\etb\nt_hide78.dll Deleted
C:\WINNT\etb\pokapoka78.exe Infected Trojan.EliteBar.G
C:\WINNT\etb\pokapoka78.exe Deleted
C:\WINNT\system32\bleh.exe Infected Backdoor.Gaobot.ABR
C:\WINNT\system32\bleh.exe Disinfection failed
C:\WINNT\system32\bleh.exe Moved
C:\WINNT\system32\lrrmonui.dll Infected Trojan.Candebe.CZ
C:\WINNT\system32\lrrmonui.dll Disinfection failed
C:\WINNT\system32\lrrmonui.dll Moved
C:\WINNT\system32\NeroFilterCheck.EXE Infected Backdoor.RBot.7B8B58AC
C:\WINNT\system32\NeroFilterCheck.EXE Deleted
C:\WINNT\system32\scvhost.exe Infected Backdoor.Gaobot.ABR
C:\WINNT\system32\scvhost.exe Disinfection failed
C:\WINNT\system32\scvhost.exe Moved
C:\WINNT\system32\VSStatmn8.exe Infected Backdoor.SDBot.E7A727AB
C:\WINNT\system32\VSStatmn8.exe Deleted
C:\WINNT\system32\winIogon.exe Infected Trojan.Dropper.Paradrop.A
C:\WINNT\system32\winIogon.exe Disinfection failed
C:\WINNT\system32\winIogon.exe Moved
C:\WINNT\system32\wuapi.exe Infected GenPack:Backdoor.SDBot.C9E1A051
C:\WINNT\system32\wuapi.exe Disinfection failed
C:\WINNT\system32\wuapi.exe Move failed
C:\WINNT\Temp\GLF1CGLF1C.EXE=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\WINNT\Temp\GLF1CGLF1C.EXE=>wise0008 Deleted
C:\WINNT\Temp\GLF1CGLF1C.EXE Update failed
C:\WINNT\Temp\k_36B5.tmp Infected Trojan.EliteBar.F
C:\WINNT\Temp\k_36B5.tmp Disinfection failed
C:\WINNT\Temp\k_36B5.tmp Moved
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Infected Trojan.Downloader.Targetsaver.D
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Disinfection failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Move failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Infected Trojan.Downloader.TSUpdate.K
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Infected Trojan.Downloader.TSUpdate.J
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Infected Trojan.Downloader.TSUpdate.L
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP