[JohnRucker]

hello guys, i am having some problems getting rid of some infected objects my bitdefender9 program has picked up.

below is the report from the scan i just did

Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Folders : 12455
Files : 944628
Archives : 11284
Packed files : 102287
Identified viruses : 4
Infected files : 4
Warnings : 0
Suspect files : 2
Disinfected files : 0
Deleted files : 0
Copied files : 1
Moved files : 1
Renamed files : 0
I/O errors : 38
Scan time : 02:08:07
Scan speed (files/sec) : 122

Spyware Statistics

Memory processes scanned : 10
Memory processes infected : 0
Registry keys scanned : 1898
Registry keys infected : 0
Cookies scanned : 146
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 342363
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1163498155.log

Spyware scan options

[X] Memory Processes
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Infected: Trojan.Exploit.JS.B
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Disinfection failed
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Moved
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html Suspect: Exploit.JS.CVE.2006.3730
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html Copied
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Suspect: Exploit.JS.CVE.2006.3730
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Copy failed
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Copy failed
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Detected: Adware.AWS.A
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Move failed
J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Detected: Adware.AWS.A
J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Disinfection failed
J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Move failed
J:\Web Design\PHP and Misc...Scripts\300+ PHP Scripts (Super Pack 2006)\200+ ADDITIONAL PHP AND CGI SCRIPTS.zip=>2PHP.zip=>gallery_maker_pro_1.5.zip=>patch.exe Detected: Application.Crack.PCV
J:\Web Design\PHP and Misc...Scripts\300+ PHP Scripts (Super Pack 2006)\200+ ADDITIONAL PHP AND CGI SCRIPTS.zip=>2PHP.zip=>gallery_maker_pro_1.5.zip=>patch.exe Disinfection failed


i manually tried to delte these files and when trying it says cannot readf from source file or disk

any help would be very very helpful, and i am very thankful as well.

your friend from new orleans,
John Rucker

[JohnRucker]

Logfile of HijackThis v1.99.1
Scan saved at 10:02:34 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
c:\program files\softwin\bitdefender9\bdlite.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT5056
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT5056
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[JohnRucker]

did i post this in the wrong forum ?

[JohnRucker]

bump?

[cybertech]

C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Infected: Trojan.Exploit.JS.B
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Disinfection failed
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06AR3.html Moved
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html Suspect: Exploit.JS.CVE.2006.3730
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html Copied
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Suspect: Exploit.JS.CVE.2006.3730
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Copy failed
C:\Documents and Settings\Owner\Application Data\Opera\Opera\profile\cache4\opr06ARJ.html=>(JAVASCRIPT 1) Copy failed

Empty your opera\profile\cache4 folder to remove those

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Detected: Adware.AWS.A
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Move failed

J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Detected: Adware.AWS.A
J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Disinfection failed
J:\My Documents\Applications\aim553595.exe=>wise0038=>wise0008 Move failed

These files are part of AIM

J:\Web Design\PHP and Misc...Scripts\300+ PHP Scripts (Super Pack 2006)\200+ ADDITIONAL PHP AND CGI SCRIPTS.zip=>2PHP.zip=>gallery_maker_pro_1.5.zip=>patch.exe Detected: Application.Crack.PCV
J:\Web Design\PHP and Misc...Scripts\300+ PHP Scripts (Super Pack 2006)\200+ ADDITIONAL PHP AND CGI SCRIPTS.zip=>2PHP.zip=>gallery_maker_pro_1.5.zip=>patch.exe Disinfection failed

I'm not sure what those are but probably related to something you had open. If not reboot to safe mode and delete them.