Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
No-Subject
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > No-Subject  
Forum Quick Jump
 
New Topic Post reply to : No-Subject Printable version of : No-Subject
[ << Previous Thread | Next Thread >> ]

Bakkenaliah
New Member


Date Joined Dec 2004
Total Posts : 2
  		   Posted 12-19-2004 4:28 (GMT +1)    Quote: No-SubjectAlert an admin about: No-Subject
I am not extremely well versed in the pc world Just to get that up on the board now , I have a trojan and i have no idea what the next steps to do are except that i have scanned with hijackthis..Her are the results and if anyone can help I would greatly appreciate it..Please make it idiot proof!!! you are welcome to email the help to bakkenaliah@hotmail.com
Scan Results:
scan start:
12/19/2004 8:47:29 AM
scan stop:
12/19/2004 8:49:42 AM
scanned items:
51349
found items:
37
found and ignored:
0
tools used:
General Scanner, Process Scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Scanner, Disk Scanner
 
 
 
 
 
 
Infection Name
Location
Risk
 
Xupiter/OrbitExplorer
multiple
High
 
Comet Cursor
HKCR\CLSID\{1678F7E1-C422-11D0-AD7D-00400515CAAA}
High
 
Tracking Cookie
shannonbakken@indextools[2].txt
Medium
 
Tracking Cookie
shannonbakken@apmebf[2].txt
Medium
 
Tracking Cookie
shannonbakken@tribalfusion[1].txt
Medium
 
Tracking Cookie
shannonbakken@bfast[1].txt
Medium
 
Tracking Cookie
shannonbakken@z1.adserver[1].txt
Medium
 
Tracking Cookie
shannonbakken@servedby.advertising[2].txt
Medium
 
Tracking Cookie
shannonbakken@counter16.sextracker[2].txt
Medium
 
Tracking Cookie
shannonbakken@zedo[1].txt
Medium
 
Tracking Cookie
shannonbakken@sexlist[1].txt
Medium
 
Tracking Cookie
shannonbakken@paycounter[1].txt
Medium
 
Tracking Cookie
shannonbakken@bluestreak[2].txt
Medium
 
Tracking Cookie
shannonbakken@citi.bridgetrack[1].txt
Medium
 
Tracking Cookie
shannonbakken@counter3.sextracker[1].txt
Medium
 
Tracking Cookie
shannonbakken@counter2.hitslink[2].txt
Medium
 
Tracking Cookie
shannonbakken@sextracker[1].txt
Medium
 
Tracking Cookie
shannonbakken@lop[1].txt
Medium
 
Tracking Cookie
shannonbakken@counter14.sextracker[1].txt
Medium
 
Tracking Cookie
shannonbakken@atdmt[2].txt
Medium
 
Tracking Cookie
shannonbakken@counter4.sextracker[1].txt
Medium
 
Tracking Cookie
shannonbakken@doubleclick[1].txt
Medium
 
Tracking Cookie
shannonbakken@perf.overture[1].txt
Medium
 
Tracking Cookie
shannonbakken@19495311[1].txt
Medium
 
Tracking Cookie
shannonbakken@2o7[2].txt
Medium
 
Tracking Cookie
shannonbakken@ehg-sonypictures.hitbox[2].txt
Medium
 
Tracking Cookie
shannonbakken@mediaplex[1].txt
Medium
 
Tracking Cookie
shannonbakken@server.iad.liveperson[1].txt
Medium
 
Tracking Cookie
shannonbakken@questionmarket[1].txt
Medium
 
Tracking Cookie
shannonbakken@hitbox[1].txt
Medium
 
Tracking Cookie
shannonbakken@ads.pointroll[2].txt
Medium
 
Tracking Cookie
shannonbakken@cgi-bin[1].txt
Medium
 
Tracking Cookie
shannonbakken@advertising[1].txt
Medium
 
Tracking Cookie
shannonbakken@atwola[1].txt
Medium
 
Tracking Cookie
shannonbakken@counter15.sextracker[1].txt
Medium
 
Comet Cursor
{1678F7E1-C422-11D0-AD7D-00400515CAAA}
High
 
Xupiter/OrbitExplorer
{1678f7e1-c422-11d0-ad7d-00400515caaa}
High
 
YIKES HUH?
It scares me to see this is what the fam has created for me!!! yet another mess to be cleaned by mom!!! Thanks to all ahead of time for any help....
Shannon
 
Back to Top
 

pesko
Senior Member




Date Joined Dec 2004
Total Posts : 633
  		   Posted 12-20-2004 12:13 (GMT +1)    Quote: No-SubjectAlert an admin about: No-Subject
Hi Bakkenaliah and welcome!
Please download hijackthis from this server
http://www.spywarefri.dk/downloads1/hijackthis.exe

and post a hijackthislog

-Pesko ;)

Better safe than sorry.

Back to Top
 

Bakkenaliah
New Member


Date Joined Dec 2004
Total Posts : 2
  		   Posted 12-20-2004 2:34 (GMT +1)    Quote: No-SubjectAlert an admin about: No-Subject
the log posted below the first post is the log from hijackthis!!! I copy and pasted it into the post.. Is there something wrong with it?
Back to Top
 

Butters
New Member


Date Joined Dec 2004
Total Posts : 13
  		   Posted 12-20-2004 2:41 (GMT +1)    Quote: No-SubjectAlert an admin about: No-Subject
Hi Bakkenaliah

Look at my recent hijackthis log.. Then you will see how i should look..


START OF LOG:

Logfile of HijackThis v1.99.0
Scan saved at 14:31:08, on 20-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system\lsass.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programmer\Softwin\BitDefender8\bdoesrv.exe
C:\Programmer\Softwin\BitDefender8\bdswitch.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Hrxtzy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komogvind.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccpApps] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programmer\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programmer\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programmer\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmer\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Games\steam\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94ADDC7E-3B7A-419F-8C01-55B604C0F1EF}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Programmer\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe


:END OF LOG
Back to Top
 
New Topic Post reply to : No-Subject Printable version of : No-Subject
 
Forum Information
Currently it is Tuesday, January 06, 2009 2:05 PM (GMT +1)
There are a total of 65.861 posts in 16.164 threads.
In the last 3 days there were 21 new threads and 85 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
51 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Have I a machine infection? (8)06-01-2009 12:42:25 (Geekguy)
How to restore missing control panel and properties (0)06-01-2009 12:30:09 (Nards)
Google Redirect Virus - Stubborn Version!!! (11)06-01-2009 12:24:11 (DaveWales)
Please help with my Hijackthis log (6)06-01-2009 12:13:33 (iwanttofly4)
Trouble accessing ColdFusion pages!? (3)06-01-2009 10:35:35 (Alin Vlad)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard