Thread: Virus
View Single Post
Old 06-26-2008, 10:23 PM   #10 (permalink)
DC38
Registered User
 
Join Date: Jun 2008
Posts: 21
OS: WIndows 2000


Re: Virus
cool, here it's ( I wonder why My comp doesn't refresh and displays outdated pages?)

Deckard's System Scanner v20071014.68
Run by Mentor on 2008-06-26 23:16:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (256 MiB recommended).


-- HijackThis (run as Mentor.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-26 23:19:54
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\WINNT\SYSTEM32\LSASS.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\spoolsv.exe
C:\Program Files\intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\SYSTEM32\NMSSvc.Exe
C:\WINNT\SYSTEM32\mstask.exe
C:\WINNT\SYSTEM32\TCPSVCS.EXE
C:\WINNT\SYSTEM32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\SYSTEM32\MsPMSPSv.exe
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe
C:\WINNT\SYSTEM32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\WINNT\SYSTEM32\wisptis.exe
C:\Documents and Settings\Mentor\Desktop\dss.exe
C:\Program Files\Mentor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} () - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mav-8551 - {5b5f4615-c6ba-4a51-ad3f-c6f3a3d71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: cbXrPjIY - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\SYSTEM32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\SYSTEM32\NMSSvc.Exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 7588 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-13 02:55:26 396288 --a------ C:\Program Files\Mentor.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-13 02:38:02 0 d-------- C:\Program Files\SpywareBlaster
2008-06-13 02:37:44 0 d-------- C:\ie-spyad_zo
2008-06-13 02:32:08 396288 --a------ C:\Program Files\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-07 17:12:37 0 d-------- C:\Program Files\Panda Security
2008-06-07 14:22:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-06-01 12:02:44 376906 ---h----- C:\WINNT\ShellIconCache


-- Find3M Report ---------------------------------------------------------------

2008-06-26 23:20:20 6490 --a------ C:\Program Files\hijackthis.log
2008-06-25 18:00:02 0 d-------- C:\Program Files\Norton Security Scan
2008-06-07 14:51:33 0 d-------- C:\Documents and Settings\Mentor\Application Data\Move Networks
2008-06-07 14:47:15 0 d-------- C:\Program Files\DivX
2008-05-23 16:10:33 90112 --a------ C:\WINNT\system32\bvlrbcys.dll
2008-05-22 16:08:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e0.dat
2008-05-16 16:04:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_44c.dat
2008-05-16 00:15:41 0 d-------- C:\Documents and Settings\Mentor\Application Data\Apple Computer
2008-05-16 00:14:57 0 d-------- C:\Program Files\Trojan Killer
2008-05-15 16:03:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat
2008-05-12 12:08:57 0 d-------- C:\Program Files\Common Files\AOL
2008-05-12 12:07:05 0 d-------- C:\Documents and Settings\Mentor\Application Data\Uniblue
2008-05-11 22:01:44 0 d-------- C:\Documents and Settings\Mentor\Application Data\AdobeUM
2008-05-11 18:04:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 16:01:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat
2008-05-10 16:01:40 91776 --a------ C:\WINNT\system32\hlghxdrq.dll
2008-05-10 04:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat
2008-05-09 15:53:26 1 --a------ C:\WINNT\system32\kr_done1de
2008-05-09 14:04:27 0 d-------- C:\Documents and Settings\Mentor\Application Data\Adobe
2008-05-09 14:00:49 0 d-------- C:\Documents and Settings\Mentor\Application Data\Mozilla
2008-05-09 13:28:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d8.dat
2008-05-09 12:42:47 0 d-------- C:\Program Files\Enigma Software Group
2008-05-09 12:13:00 0 d-------- C:\Documents and Settings\Mentor\Application Data\Malwarebytes
2008-05-05 19:24:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 08:10:33 86528 --a------ C:\WINNT\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-14 19:24:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_10c.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]
C:\WINNT\system32\cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\SYSTEM32\mobsync.exe]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/04 08:46a]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/19/05 08:59a]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/19/05 08:59a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 10:41a]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/02 11:35a]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/07 05:15a]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []
"9c8c4375"="C:\WINNT\system32\aiimeypi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mavenapp://maven.net/nike/jogatv"="C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe" []
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/29/08 08:13p]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 05:45p]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/14/2006 1142 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINNT\system32\cbXrPjIY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrPjIY]
cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-06-26 23:21:04 ------------
Last edited by DC38; 06-26-2008 at 10:27 PM.
DC38 is offline