Virus

DC38 · 06-05-2008, 06:38 PM

Hi, Thnx to everyone who is taking the time to read my post.
Trojan Vundo is my problem, It keeps slowing down my comp. I have been trying for weeks to get rid of it (and All I have seen to be able to do, is get rid of most of the ad popups...... Everyother day my Symantec Virus detector says it found a new virus with a file in my folder system 32 ( I run Windows 2000).I'm all out of Ideas

can some 1 help me, thanks a mil......
I posted my log below

Logfile of HijackThis v1.99.1
Scan saved at 7:25:41 PM, on 6/5/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mentor\Desktop\yuri\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O20 - Winlogon Notify: cbXrPjIY - cbXrPjIY.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

DC38 · 06-07-2008, 12:54 PM

bump~

tetonbob · 06-10-2008, 06:36 PM

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

DC38 · 06-13-2008, 02:04 AM

Okay... I have gone through the 5 steps.... The only step I had problem was with the second one... It freezed when Only 53% done, But it did remove some trojans, so who knows if my system is clean..... Here is the log...

Deckard's System Scanner v20071014.68
Run by Mentor on 2008-06-13 02:54:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (256 MiB recommended).

-- HijackThis (run as Mentor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:17 AM, on 6/13/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\Documents and Settings\Mentor\Desktop\yuri\dss.exe
C:\PROGRA~1\Mentor.exe
C:\WINNT\system32\WISPTIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O20 - Winlogon Notify: cbXrPjIY - cbXrPjIY.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6426 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 NetAlrt - c:\winnt\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R2 PlatAlrt - c:\winnt\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>

S3 catchme - c:\docume~1\mentor\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 Compatible>
R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
R2 NMSSvc (Intel(R) NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 02:55:09 410 --a------ C:\WINNT\Tasks\Norton Security Scan.job

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 02:55:26 396288 --a------ C:\Program Files\Mentor.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-13 02:38:02 0 d-------- C:\Program Files\SpywareBlaster
2008-06-13 02:37:44 0 d-------- C:\ie-spyad_zo
2008-06-13 02:32:08 396288 --a------ C:\Program Files\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-07 17:12:37 0 d-------- C:\Program Files\Panda Security
2008-06-07 14:22:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-06-01 12:02:44 376906 ---h----- C:\WINNT\ShellIconCache
2008-05-23 16:10:32 90112 --a------ C:\WINNT\system32\bvlrbcys.dll
2008-05-22 16:08:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e0.dat
2008-05-22 15:15:16 0 d-------- C:\VundoFix Backups
2008-05-16 16:04:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_44c.dat
2008-05-16 00:10:54 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-05-15 16:03:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat
2008-05-14 20

34 0 d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

-- Find3M Report ---------------------------------------------------------------

2008-06-13 02:58:17 6427 --a------ C:\Program Files\hijackthis.log
2008-06-11 18:00:03 0 d-------- C:\Program Files\Norton Security Scan
2008-06-07 14:51:33 0 d-------- C:\Documents and Settings\Mentor\Application Data\Move Networks
2008-06-07 14:47:15 0 d-------- C:\Program Files\DivX
2008-05-16 00:15:41 0 d-------- C:\Documents and Settings\Mentor\Application Data\Apple Computer
2008-05-16 00:14:57 0 d-------- C:\Program Files\Trojan Killer
2008-05-12 12:08:57 0 d-------- C:\Program Files\Common Files\AOL
2008-05-12 12:07:05 0 d-------- C:\Documents and Settings\Mentor\Application Data\Uniblue
2008-05-11 22:01:44 0 d-------- C:\Documents and Settings\Mentor\Application Data\AdobeUM
2008-05-11 18:04:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 16:01:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat
2008-05-10 16:01:40 91776 --a------ C:\WINNT\system32\hlghxdrq.dll
2008-05-10 04:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat
2008-05-09 15:53:26 1 --a------ C:\WINNT\system32\kr_done1de
2008-05-09 14:04:27 0 d-------- C:\Documents and Settings\Mentor\Application Data\Adobe
2008-05-09 14:00:49 0 d-------- C:\Documents and Settings\Mentor\Application Data\Mozilla
2008-05-09 13:28:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d8.dat
2008-05-09 12:42:47 0 d-------- C:\Program Files\Enigma Software Group
2008-05-09 12:13:00 0 d-------- C:\Documents and Settings\Mentor\Application Data\Malwarebytes
2008-05-05 19:24:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 08:10:33 86528 --a------ C:\WINNT\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-14 19:24:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_10c.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]
C:\WINNT\system32\cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\SYSTEM32\mobsync.exe]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/04 08:46a]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/19/05 08:59a]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/19/05 08:59a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 10:41a]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/02 11:35a]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/07 05:15a]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []
"9c8c4375"="C:\WINNT\system32\aiimeypi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mavenapp://maven.net/nike/jogatv"="C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe" []
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/29/08 08:13p]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 05:45p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/14/2006 11

42 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINNT\system32\cbXrPjIY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrPjIY]
cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-06-13 02:59:45 ------------

tetonbob · 06-13-2008, 07:35 AM

Deckard's System Scanner should have produced another log, extra.txt

It should be located at C:\Deckard\System Scanner\extra.txt

Please post it.

If it's not there, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"C:\Documents and Settings\Mentor\Desktop\yuri\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

DC38 · 06-16-2008, 09:58 PM

Its Been 4 days BUMP^

tetonbob · 06-16-2008, 10:00 PM

Ummm...

Generally, we post instructions, and you provide the requested information.

Kindly look at my last post.

DC38 · 06-26-2008, 06:00 PM

Hey I finally see what you were talking about. For some reason my computer hasn't been refreshing pages and would post old pages every time i visted a site (examp. if I logged into a sports forum it would show threads from the very last time I visted it). I realized this a couple of days ago and thats why I had wrote bump^ because I had thought no 1 had responded to my ?(that's why I was puzzled at what you had claimed in your last message to me. Sorry for the confusion and for arguring when there was nothing to argue about, if u still want to help me I have posted the rest of the info here....

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 253.99 MiB / 67.5 MiB
Pagefile Memory (total/avail): 753.11 MiB / 445.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1956.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 65.97 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380021A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mentor\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCDKW921
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mentor
LOGONSERVER=\\DCDKW921
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Mentor\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mentor\LOCALS~1\Temp
USERDOMAIN=DCDKW921
USERNAME=Mentor
USERPROFILE=C:\Documents and Settings\Mentor
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

Mentor (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11 --> C:\WINNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Conexant HSF V92 56K Data Fax PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis.exe" /uninstall
hp deskjet 3820 series --> rundll32 hpzcon05.dll,VendorJettison hp deskjet 3820 series
hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=3820 -huninstall
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Deskjet 3840 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3840 Series
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
HyperPen USB Manager --> C:\WINNT\IsUninst.exe -f"C:\Program Files\A_Tablet\USB Tablet Driver\Uninst.isu"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Intel® Pro Alerting Agent, Version 3.0.0 --> MsiExec.exe /I{6797B492-3814-4129-AD07-C727D23FB5BF}
Intel® PRO Network Adapters WMI Provider (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe"
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Maven Application Manager --> regsvr32 /i /u /s "C:\Program Files\Common Files\Maven\Application Manager\appMgrAX.dll"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft IntelliPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ten Thumbs Typing Tutor --> MsiExec.exe /X{5429A733-3BF4-469F-B5DA-4FD3A2B91D38}
Ten Thumbs Typing Tutor --> MsiExec.exe /X{B7B9DBA7-5D6D-4BF9-BF33-137FB6931E04}
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

-- Application Event Log -------------------------------------------------------

Event Record #/Type46789 / Warning
Event Submitted/Written: 06/12/2008 00:37:59 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT [00000003]

Event Record #/Type46788 / Warning
Event Submitted/Written: 06/12/2008 00:37:59 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SYSTEM [00000003]

Event Record #/Type46787 / Warning
Event Submitted/Written: 06/12/2008 00:37:59 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG [00000003]

Event Record #/Type46786 / Warning
Event Submitted/Written: 06/12/2008 00:37:59 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SOFTWARE [00000003]

Event Record #/Type46785 / Warning
Event Submitted/Written: 06/12/2008 00:37:59 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG [00000003]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type5488 / Error
Event Submitted/Written: 06/13/2008 02:59:41 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.

Event Record #/Type5487 / Error
Event Submitted/Written: 06/13/2008 02:59:14 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Norton AntiVirus Server service.

Event Record #/Type5457 / Error
Event Submitted/Written: 05/27/2008 03:25:16 PM
Event ID/Source: 17 / Removable Storage Service
Event Description:
RSM cannot manage library PhysicalDrive1. It encountered an unspecified error.
This can be caused by a number of problems including, but not limited
to, database corruption, failure communicating with the library, or
insufficient system resources.

Event Record #/Type5454 / Error
Event Submitted/Written: 05/26/2008 00:57:55 PM
Event ID/Source: 17 / Removable Storage Service
Event Description:
RSM cannot manage library PhysicalDrive1. It encountered an unspecified error.
This can be caused by a number of problems including, but not limited
to, database corruption, failure communicating with the library, or
insufficient system resources.

Event Record #/Type5451 / Warning
Event Submitted/Written: 05/25/2008 09:56:24 PM
Event ID/Source: 1006 / Dhcp
Event Description:
Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 000874CB739F. The following error occurred
during configuration: %%87.

-- End of Deckard's System Scanner: finished at 2008-06-13 02:59:45 ------------

tetonbob · 06-26-2008, 06:08 PM

Hi again -

I'll be glad to help you. It's why we're here.

However, and please don't take this wrongly, it's been two weeks since those logs were created, so I need a fresh log from which to work.

Running DSS again should only take a few minutes. I'm subscribed to this thread, and will be around most of the evening, so we can begin the cleaning once you post it.

Please double click on DSS.exe once again to run it. A single log will be produced, main.txt

Please post it.

DC38 · 06-26-2008, 10:23 PM

cool, here it's ( I wonder why My comp doesn't refresh and displays outdated pages?)

Deckard's System Scanner v20071014.68
Run by Mentor on 2008-06-26 23:16:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (256 MiB recommended).

-- HijackThis (run as Mentor.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-26 23:19:54
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\WINNT\SYSTEM32\LSASS.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\spoolsv.exe
C:\Program Files\intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\SYSTEM32\NMSSvc.Exe
C:\WINNT\SYSTEM32\mstask.exe
C:\WINNT\SYSTEM32\TCPSVCS.EXE
C:\WINNT\SYSTEM32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\SYSTEM32\MsPMSPSv.exe
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe
C:\WINNT\SYSTEM32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\WINNT\SYSTEM32\wisptis.exe
C:\Documents and Settings\Mentor\Desktop\dss.exe
C:\Program Files\Mentor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} () - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mav-8551 - {5b5f4615-c6ba-4a51-ad3f-c6f3a3d71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: cbXrPjIY - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\SYSTEM32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\SYSTEM32\NMSSvc.Exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7588 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-13 02:55:26 396288 --a------ C:\Program Files\Mentor.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-13 02:38:02 0 d-------- C:\Program Files\SpywareBlaster
2008-06-13 02:37:44 0 d-------- C:\ie-spyad_zo
2008-06-13 02:32:08 396288 --a------ C:\Program Files\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-06-07 17:12:37 0 d-------- C:\Program Files\Panda Security
2008-06-07 14:22:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-06-01 12:02:44 376906 ---h----- C:\WINNT\ShellIconCache

-- Find3M Report ---------------------------------------------------------------

2008-06-26 23:20:20 6490 --a------ C:\Program Files\hijackthis.log
2008-06-25 18:00:02 0 d-------- C:\Program Files\Norton Security Scan
2008-06-07 14:51:33 0 d-------- C:\Documents and Settings\Mentor\Application Data\Move Networks
2008-06-07 14:47:15 0 d-------- C:\Program Files\DivX
2008-05-23 16:10:33 90112 --a------ C:\WINNT\system32\bvlrbcys.dll
2008-05-22 16:08:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e0.dat
2008-05-16 16:04:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_44c.dat
2008-05-16 00:15:41 0 d-------- C:\Documents and Settings\Mentor\Application Data\Apple Computer
2008-05-16 00:14:57 0 d-------- C:\Program Files\Trojan Killer
2008-05-15 16:03:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat
2008-05-12 12:08:57 0 d-------- C:\Program Files\Common Files\AOL
2008-05-12 12:07:05 0 d-------- C:\Documents and Settings\Mentor\Application Data\Uniblue
2008-05-11 22:01:44 0 d-------- C:\Documents and Settings\Mentor\Application Data\AdobeUM
2008-05-11 18:04:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-11 16:01:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat
2008-05-10 16:01:40 91776 --a------ C:\WINNT\system32\hlghxdrq.dll
2008-05-10 04:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat
2008-05-09 15:53:26 1 --a------ C:\WINNT\system32\kr_done1de
2008-05-09 14:04:27 0 d-------- C:\Documents and Settings\Mentor\Application Data\Adobe
2008-05-09 14:00:49 0 d-------- C:\Documents and Settings\Mentor\Application Data\Mozilla
2008-05-09 13:28:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d8.dat
2008-05-09 12:42:47 0 d-------- C:\Program Files\Enigma Software Group
2008-05-09 12:13:00 0 d-------- C:\Documents and Settings\Mentor\Application Data\Malwarebytes
2008-05-05 19:24:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 08:10:33 86528 --a------ C:\WINNT\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-14 19:24:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_10c.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]
C:\WINNT\system32\cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\SYSTEM32\mobsync.exe]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/04 08:46a]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/19/05 08:59a]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/19/05 08:59a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 10:41a]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/02 11:35a]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/07 05:15a]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" []
"9c8c4375"="C:\WINNT\system32\aiimeypi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mavenapp://maven.net/nike/jogatv"="C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe" []
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/29/08 08:13p]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 05:45p]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/14/2006 11

42 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINNT\system32\cbXrPjIY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrPjIY]
cbXrPjIY.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-06-26 23:21:04 ------------

tetonbob · 06-26-2008, 10:52 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing)
O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b
O20 - Winlogon Notify: cbXrPjIY - C:\WINNT\system32\cbXrPjIY.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"=-

Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Please go to: VirusTotal

On the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following in BOLD:

C:\WINNT\system32\hlghxdrq.dll
Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.
Please repeat for the following files:
- C:\WINNT\system32\bvlrbcys.dll

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

DC38 · 06-27-2008, 04:49 AM

Okay I have completed all three steps....

----------------------------------------------------------------------First File -------------------------------------------------------

File hlghxdrq.dll received on 05.22.2008 16:55:50 (CET)
Current status: finished

Result: 12/32 (37.50%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Vundo.elk.9
Authentium - - -
Avast - - Win32:Vundo@dll
AVG - - -
BitDefender - - Trojan.Vundo.ELK
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - Win32/Vundo.ZL
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - Win32:Vundo
Ikarus - - Virus.Win32.Rootkit
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Vundo.AO
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - Mal/Generic-A
Sunbelt - - Virtumonde
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Vundo.elk.9
Additional information
MD5: 81614b79cf80a0033ad09be932e50dc8
SHA1: 2795100030563173f682611f21d4a5741314f125
SHA256: 413a3dfd2c7e7d29de4d92f910043c50047f3d33d7ffcddc0397b51ba7c3b257
SHA512: 4aebbf9717f17891fa7b828b2fa7a96156b25d60e3f9407a5771ae1593688c7fa5b5f38ac6db07fc8bbe94cb928bdfc784102c6c611a18e4c5a331550330bc81

------------------------------------------------------------------------------------------------------------2nd File------------------------------

File uhvkdcvg.dll received on 06.21.2008 17:59:31 (CET)
Current status: finished

Result: 21/33 (63.64%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.6.19.0 2008.06.20 Win-Trojan/Vundo.90112.B
AntiVir 7.8.0.59 2008.06.20 ADSPY/Virtumonde.tsd
Authentium 5.1.0.4 2008.06.20 -
Avast 4.8.1195.0 2008.06.20 Win32:Vundo@dll
AVG 7.5.0.516 2008.06.21 Generic10.AEHO
BitDefender 7.2 2008.06.21 Trojan.Vundo.EOD
CAT-QuickHeal 9.50 2008.06.20 AdWare.Virtumonde.tsd (Not a Virus)
ClamAV 0.93.1 2008.06.21 Trojan.Vundo-3398
DrWeb 4.44.0.09170 2008.06.21 Trojan.Virtumod.404
eSafe 7.0.15.0 2008.06.19 -
eTrust-Vet 31.6.5892 2008.06.21 -
Ewido 4.0 2008.06.21 -
F-Prot 4.4.4.56 2008.06.20 W32/Virtumonde.Y.gen!Eldorado
F-Secure 7.60.13501.0 2008.06.20 AdWare.Win32.Virtumonde.tsd
Fortinet 3.14.0.0 2008.06.21 -
GData 2.0.7306.1023 2008.06.21 Trojan.Win32.Monderb.gen
Ikarus T3.1.1.26.0 2008.06.21 Virus.Win32.Vundo@dll
Kaspersky 7.0.0.125 2008.06.21 not-a-virus:AdWare.Win32.Virtumonde.tsd
McAfee 5322 2008.06.20 -
Microsoft 1.3604 2008.06.21 Trojan:Win32/Vundo.gen!E
NOD32v2 3205 2008.06.21 -
Norman 5.80.02 2008.06.20 W32/Virtumonde.XJJ
Panda 9.0.0.4 2008.06.21 -
Prevx1 V2 2008.06.21 Malicious Software
Rising 20.49.52.00 2008.06.21 -
Sophos 4.30.0 2008.06.21 Mal/Generic-A
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.21 -
TheHacker 6.2.92.356 2008.06.20 Adware/Virtumonde.tsd
TrendMicro 8.700.0.1004 2008.06.20 TROJ_VUNDO.CQK
VBA32 3.12.6.7 2008.06.21 AdWare.Win32.Virtumonde.tsd
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.21 Win32.Malware.gen
Additional information
File size: 90112 bytes
MD5...: 188eef14342d0a107c783de4ff4e666b
SHA1..: 1b23343a256177ef5588a3537268c3708d0faea7
SHA256: 8248eb584122a1348dd899cdfc2b5148a66c8c00a81eb9693f19f4d65e70b7ce
SHA512: b3b191613a60b1af175af0fb47de21232c06ee7bdd30ed63b4d98e47bb20666a
86203492b176c198d19afaa09b243f4632111da63c2df79cb4f8e5ba5ed90dd3
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001339
timedatestamp.....: 0x48342ddd (Wed May 21 14:12:45 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x2000 4.87 a24f9141cb9e395f3c893ad62112610b
CRT 0x3000 0x1000 0x800 4.35 31c5098c1d19de1318e19a2dd6745c85
.idata 0x4000 0x2000 0x1a00 7.97 a14c5c765862792cb9574cb418d122cd
.data 0x6000 0x20000 0x10000 7.99 03004b49e644a41f612f5a8052689a58

( 4 imports )
> kernel32.dll: EnterCriticalSection, GetProcAddress, LeaveCriticalSection, LoadLibraryA, VirtualAlloc, VirtualFree, VirtualProtect
> user32.dll: FindWindowExA, GetCapture, GetCursorPos, GetDC, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, ReleaseCapture, ReleaseDC, SendMessageA, SetCursor, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetScrollPos, SetScrollRange, SetSysColors, SetTimer
> gdi32.dll: SelectObject, SetBkColor, SetBkMode, SetBrushOrgEx, SetPixel, SetStretchBltMode, SetTextColor, SetWindowOrgEx
> shell32.dll: DllRegisterServer, DllUnregisterServer, DragFinish, DragQueryFile, DragQueryPoint, Shell_NotifyIcon

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramte...E82A008AA01E73

--------------------------------------------------------------------------------------------------------------------------------------------------

DC38 · 06-27-2008, 05:21 AM

--------------------------------------------------------------------------------------------------------------------------------------------------HiJack File scan Below--------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:12 AM, on 6/27/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\WINNT\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6171 bytes

--------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------

tetonbob · 06-27-2008, 11:38 AM

Using Windows Explorer or Windows Search, locate and delete these files:

C:\WINNT\system32\hlghxdrq.dll
C:\WINNT\system32\bvlrbcys.dll

Let me know if you have any trouble with that.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Are you still receiving infection alerts from your AntiVirus?

DC38 · 06-28-2008, 02:07 AM

kk, i've done both steps...

here's the report..... and my antvirus program deteced 2 mini. threats (Just some tracking cookies I think)

Malwarebytes' Anti-Malware 1.18
Database version: 895

5

19 PM 6/27/2008
mbam-log-6-27-2008 (17-06-12).txt

Scan type: Quick Scan
Objects scanned: 45610
Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21bc9dfa-3e14-4753-9cbd-16a009ae1144} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\cookies.ini (Malware.Trace) -> No action taken.
C:\WINNT\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> No action taken.

tetonbob · 06-28-2008, 08:13 AM

Quote:

-> No action taken.

Was this log saved before you applied the action "click Remove Selected."?

DC38 · 07-01-2008, 12:50 AM

Quote:

Originally Posted by tetonbob

Was this log saved before you applied the action "click Remove Selected."?

I did it again just to make sure.l..... Results below

( after looking at it, thaz what prob. happen)

Malwarebytes' Anti-Malware 1.18
Database version: 895

1:48:28 AM 7/1/2008
mbam-log-7-1-2008 (01-48-28).txt

Scan type: Quick Scan
Objects scanned: 46618
Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tetonbob · 07-01-2008, 08:12 AM

Looks much better. A few more tasks.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

How is the machine behaving now?

DC38 · 07-02-2008, 05:18 AM

Hey! I've replaced my old Java Time as u said....
The Scan shows that I have still have 28 Viruses on my comp :(.........Here's the report. Its pretty lengthy, but here it's...
My Machine Had been behaving better, but still freezes up everyonce in a while....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 02, 2008 6:14:25 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/07/2008
Kaspersky Anti-Virus database records: 905106
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 68630
Number of viruses found: 28
Number of infected objects: 49
Number of suspicious objects: 0
Duration of the scan process: 01:32:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR0.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR1.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: Trojan-Downloader.Win32.ConHook.oo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03980000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.voi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80000.VBN/backups/fvowketqftn.dll Infected: Trojan.Win32.Vapsup.eyq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80002.VBN Infected: Trojan.Win32.Vapsup.eyq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80004.VBN Infected: Trojan.Win32.Vapsup.eyq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80006.VBN Infected: Trojan.Win32.Agent.lsr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80000.VBN Infected: Trojan-Downloader.Win32.ConHook.oo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380000.VBN Infected: Trojan-Downloader.Win32.Zlob.muu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.muu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN Infected: Trojan-Downloader.Win32.Zlob.muu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05440000.VBN Infected: Trojan-Downloader.Win32.Zlob.muu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05740000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tgm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05740001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tgm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05740002.VBN Infected: Trojan-Downloader.Win32.ConHook.oo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05740003.VBN Infected: Trojan.Win32.Monderb.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05740005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\13C00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vgt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\13C00002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tgn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\13C00004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.trx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1D8C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.voi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1D8C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vlu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1D8C0002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vlu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\21B40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.voi skipped
C:\Documents and Settings\Mentor\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mentor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mentor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mentor\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mentor\Local Settings\History\History.IE5\MSHist012008070220080703\index.dat Object is locked skipped
C:\Documents and Settings\Mentor\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mentor\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mentor\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\acctres.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\accwiz.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\acgenral.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\aclayers.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\acpi.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\acpiec.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\acspecfc.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\adpu160m.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\afd.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\agp440.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\asyncmac.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\atapi.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\atmlane.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\atmuni.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\au.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\avtapi.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\basicsv.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\basicwk.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\cafixweb.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\callcont.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\catsrv.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\catsrvut.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\cdfs.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\cdrom.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\cimwin32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\classpnp.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\clbcatex.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\clbcatq.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\colbact.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\comadmin.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\comrepl.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\comsvcs.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\comuid.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\conf.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\csapi3t1.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dao360.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\directdb.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\disk.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\diskdump.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\diskperf.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dlc.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dmboot.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dmio.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dmload.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dnary.mdb Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dssenh.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dsup.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dtcsetup.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dwup.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\dxmasf.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\efs.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\encinst.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fastfat.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fastprox.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fdc.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\flpydisk.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fp4autl.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fp4awec.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\framedyn.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\fs_rec.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ftdisk.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hccoin.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hidclass.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hidparse.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hticons.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\htrn_jis.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hypertrm.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\hypertrm.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\i8042prt.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\icwconn1.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ieaccess.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\iefiles5.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ieinfo5.ocx Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\imgedit.ocx Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\inetcomm.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\inetres.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instdss5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instips5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instlsa5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instndi5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instrsa5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\instsch5.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\intelide.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipnat.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0002.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0004.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0005.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0006.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0007.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0008.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0009.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0010.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0011.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0012.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_0016.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipp_util.inc Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ipsec.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\irda.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\irenum.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\irsir.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\isapnp.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\isign32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kb817606.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kb822679.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kbdclass.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kdcsvc.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kernel32.dll.000 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kernel32.dll.001 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\kmixer.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ksecdd.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mdmirmdm.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mf.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\modem.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mofcomp.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mofd.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mouclass.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mouhid.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mplayer2.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mrxsmb.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadce.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadcf.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadco.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadcs.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadds.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msado15.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadomd.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msador15.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadox.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msadrh15.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdadc.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaenum.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaer.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaipp.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaora.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaosp.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaprsr.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaprst.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaps.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdarem.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdasc.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdasql.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdatl2.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdatt.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdaurl.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdfmap.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdtclog.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdtcprx.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdtctm.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdtcui.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msdxm.ocx Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msgpc.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msimain.sdb Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msimn.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msinfo32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msinfo32.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msircomm.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msisip.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msjro.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msoe.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msoeacct.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msoert2.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mspaint.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mst120.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mst123.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mstask.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mstask.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\msxactps.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mtxdm.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mtxoci.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\mup.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ndis.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ndistapi.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ndiswan.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\netbt.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nmas.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nmcom.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nmft.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nmnt.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nmwb.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\npdsplay.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nt5inf.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nt5prtx.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntdll.dll.000 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntevt.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntfs.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntkrnlmp.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntkrpamp.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nwlnkipx.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nwlnknb.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\nwrdr.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oeaccess.inf Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oeimport.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oemig50.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oemiglib.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oieng400.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oiui400.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oledb32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\oledb32x.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\packager.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\page1.asp Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\parallel.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\parport.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\partmgr.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\pci.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\pciide.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\pciidex.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\pcmcia.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\phone.icw Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\phone.ver Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\portcls.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\psched.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\ptilink.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\pubplace.htt Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q323172.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q323255.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q324096.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q324380.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q326830.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q326886.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q328310.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q329115.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q329170.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q329553.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q329834.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q331953.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q810030.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q810649.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q810833.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q811493.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q811630.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q814033.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\q815021.cat Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\qmgr.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\qmgrprxy.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\rasirda.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\rasl2tp.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\raspptp.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\rdbss.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\redbook.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\rsaenh.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\scrcons.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\scrdenrl.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\scrdx86.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\scsiport.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\serenum.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\serial.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\setup50.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sfloppy.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sfmatalk.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sfmpsprt.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\shcmn.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\slayerui.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\smtpcons.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sndrec32.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sonydcam.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sp2res.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\spiisupd.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\srv.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\stdprov.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\storprop.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\swmidi.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sysaudio.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\sysmain.sdb Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\tape.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\tcpip.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\tdi.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\txfaux.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\udfs.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\uhcd.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\unsecapp.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\update.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbd.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbehci.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbhub.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbhub20.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbport.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\usbstor.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\vfwwdm32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\videoprt.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wab.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wab32.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wab32res.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wabfind.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wabimp.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wabmig.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wanarp.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemcntl.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemcomn.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemcore.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemdisp.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemess.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemperf.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemprox.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemsvc.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wbemtest.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wdmaud.drv Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wdmaud.sys Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\win32k.sys.000 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\win32k.sys.001 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\winhttp.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\winmgmt.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\winsrv.dll.000 Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wmiprov.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wuau.adm Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wuauclt.exe Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wuaucpl.cpl Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wuaueng.dll Object is locked skipped
C:\WINNT\$NtServicePackUninstall$\wuauserv.dll Object is locked skipped
C:\WINNT\$NtUninstallKB817606$\srv.sys Object is locked skipped
C:\WINNT\$NtUninstallKB822679$\sp3res.dll Object is locked skipped
C:\WINNT\$NtUninstallKB823559$\html32.cnv Object is locked skipped
C:\WINNT\$NtUninstallKB823559$\msconv97.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\basesrv.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\gdi32.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\kernel32.dll.000 Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\msgina.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\user32.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\userenv.dll Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\win32k.sys.000 Object is locked skipped
C:\WINNT\$NtUninstallQ328310$\winlogon.exe Object is locked skipped
C:\WINNT\$NtUninstallQ329115$\ksecdd.sys Object is locked skipped
C:\WINNT\$NtUninstallQ329115$\sp3res.dll Object is locked skipped
C:\WINNT\$NtUninstallQ329170$\srv.sys Object is locked skipped
C:\WINNT\$NtUninstallQ329553$\iuctl.dll Object is locked skipped
C:\WINNT\$NtUninstallQ329553$\iuengine.dll Object is locked skipped
C:\WINNT\$NtUninstallQ329834$\raspptp.sys Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\basesrv.dll.000 Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\gdi32.dll.000 Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\mountmgr.sys Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\ntdll.dll.000 Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\ntkrnlpa.exe Object is locked skipped
C:\WINNT\$NtUninstallQ811493$\sp3res.dll Object is locked skipped
C:\WINNT\$NtUninstallQ818043$\ipsec.sys Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Installer\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}\NewShortcut1.65874DDB_39D7_4CC2_B88D_55A29EFDA9F4.cpl Object is locked skipped
C:\WINNT\Installer\{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}\ARPPRODUCTICON.exe Object is locked skipped
C:\WINNT\Installer\{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}\english.MST Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{EDDDE203-B403-4D19-99EE-DD8A986FF194}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT Object is locked skipped
C:\WINNT\SYSTEM32\pnc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\WINNT\SYSTEM32\psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 skipped
C:\WINNT\SYSTEM32\RegUID.exe/bnc.dll Infected: Backdoor.IRC.Bnc.m skipped
C:\WINNT\SYSTEM32\RegUID.exe/Explored.exe Infected: Backdoor.Win32.mIRC-based skipped
C:\WINNT\SYSTEM32\RegUID.exe/Flood.dll Infected: Backdoor.IRC.Flood.ao skipped
C:\WINNT\SYSTEM32\RegUID.exe/v32driver.bat Infected: Trojan.BAT.Passer.a skipped
C:\WINNT\SYSTEM32\RegUID.exe/mirc.ini Infected: Backdoor.IRC.Zcrew skipped
C:\WINNT\SYSTEM32\RegUID.exe/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\WINNT\SYSTEM32\RegUID.exe/Secure.bat Infected: Net-Worm.Win32.Randon.r skipped
C:\WINNT\SYSTEM32\RegUID.exe/wget.dll Infected: Backdoor.IRC.Bnc.i skipped
C:\WINNT\SYSTEM32\RegUID.exe/dev.dll Infected: Backdoor.IRC.Zcrew skipped
C:\WINNT\SYSTEM32\RegUID.exe/javaclient.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINNT\SYSTEM32\RegUID.exe Instyler: infected - 10 skipped
C:\WINNT\SYSTEM32\shelldll.exe/abc2.dll Infected: Backdoor.IRC.Cloner.v skipped
C:\WINNT\SYSTEM32\shelldll.exe/abc.bat Infected: Backdoor.IRC.Cloner.k skipped
C:\WINNT\SYSTEM32\shelldll.exe/abcd.jpg Infected: Backdoor.IRC.Cloner.k skipped
C:\WINNT\SYSTEM32\shelldll.exe/adobea.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
C:\WINNT\SYSTEM32\shelldll.exe/adobes.exe Infected: Backdoor.Win32.mIRC-based skipped
C:\WINNT\SYSTEM32\shelldll.exe/ntdll.bat Infected: Trojan.BAT.NoShare.a skipped
C:\WINNT\SYSTEM32\shelldll.exe/ntsys.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINNT\SYSTEM32\shelldll.exe/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 skipped
C:\WINNT\SYSTEM32\shelldll.exe/remote.ini Infected: Backdoor.IRC.Cloner.v skipped
C:\WINNT\SYSTEM32\shelldll.exe CAB: infected - 9 skipped
C:\WINNT\SYSTEM32\WBEM\Repository\CIM.REP Object is locked skipped
C:\WINNT\SYSTEM32\WinOS.hlp Infected: Backdoor.IRC.Cloner skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

DC38 · 07-02-2008, 05:45 AM

O and here's the HiJack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:54 AM, on 7/2/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6205 bytes

06-05-2008, 06:38 PM	#1 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Virus Hi, Thnx to everyone who is taking the time to read my post. Trojan Vundo is my problem, It keeps slowing down my comp. I have been trying for weeks to get rid of it (and All I have seen to be able to do, is get rid of most of the ad popups...... Everyother day my Symantec Virus detector says it found a new virus with a file in my folder system 32 ( I run Windows 2000).I'm all out of Ideas can some 1 help me, thanks a mil...... I posted my log below Logfile of HijackThis v1.99.1 Scan saved at 7:25:41 PM, on 6/5/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\System32\NMSSvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe C:\WINNT\system32\rundll32.exe C:\WINNT\explorer.exe C:\WINNT\System32\msdtc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mentor\Desktop\yuri\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing) O20 - Winlogon Notify: cbXrPjIY - cbXrPjIY.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

06-07-2008, 12:54 PM	#2 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus bump~

06-13-2008, 02:04 AM	#4 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus Okay... I have gone through the 5 steps.... The only step I had problem was with the second one... It freezed when Only 53% done, But it did remove some trojans, so who knows if my system is clean..... Here is the log... Deckard's System Scanner v20071014.68 Run by Mentor on 2008-06-13 02:54:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. Total Physical Memory: 254 MiB (256 MiB recommended). -- HijackThis (run as Mentor.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:58:17 AM, on 6/13/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\System32\NMSSvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe C:\Documents and Settings\Mentor\Desktop\yuri\dss.exe C:\PROGRA~1\Mentor.exe C:\WINNT\system32\WISPTIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing) O20 - Winlogon Notify: cbXrPjIY - cbXrPjIY.dll (file missing) O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6426 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 omci (OMCI WDM Device Driver) - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 NetAlrt - c:\winnt\system32\drivers\netalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2> R2 PlatAlrt - c:\winnt\system32\drivers\platalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2> R3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver> S3 catchme - c:\docume~1\mentor\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 Compatible> R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation> R2 NMSSvc (Intel(R) NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-13 02:55:09 410 --a------ C:\WINNT\Tasks\Norton Security Scan.job -- Files created between 2008-05-13 and 2008-06-13 ----------------------------- 2008-06-13 02:55:26 396288 --a------ C:\Program Files\Mentor.exe <Not Verified; Trend Micro Inc.; HijackThis> 2008-06-13 02:38:02 0 d-------- C:\Program Files\SpywareBlaster 2008-06-13 02:37:44 0 d-------- C:\ie-spyad_zo 2008-06-13 02:32:08 396288 --a------ C:\Program Files\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis> 2008-06-07 17:12:37 0 d-------- C:\Program Files\Panda Security 2008-06-07 14:22:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Help 2008-06-01 12:02:44 376906 ---h----- C:\WINNT\ShellIconCache 2008-05-23 16:10:32 90112 --a------ C:\WINNT\system32\bvlrbcys.dll 2008-05-22 16:08:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e0.dat 2008-05-22 15:15:16 0 d-------- C:\VundoFix Backups 2008-05-16 16:04:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_44c.dat 2008-05-16 00:10:54 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2008-05-15 16:03:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat 2008-05-14 2034 0 d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -- Find3M Report --------------------------------------------------------------- 2008-06-13 02:58:17 6427 --a------ C:\Program Files\hijackthis.log 2008-06-11 18:00:03 0 d-------- C:\Program Files\Norton Security Scan 2008-06-07 14:51:33 0 d-------- C:\Documents and Settings\Mentor\Application Data\Move Networks 2008-06-07 14:47:15 0 d-------- C:\Program Files\DivX 2008-05-16 00:15:41 0 d-------- C:\Documents and Settings\Mentor\Application Data\Apple Computer 2008-05-16 00:14:57 0 d-------- C:\Program Files\Trojan Killer 2008-05-12 12:08:57 0 d-------- C:\Program Files\Common Files\AOL 2008-05-12 12:07:05 0 d-------- C:\Documents and Settings\Mentor\Application Data\Uniblue 2008-05-11 22:01:44 0 d-------- C:\Documents and Settings\Mentor\Application Data\AdobeUM 2008-05-11 18:04:28 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-11 16:01:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat 2008-05-10 16:01:40 91776 --a------ C:\WINNT\system32\hlghxdrq.dll 2008-05-10 04:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat 2008-05-09 15:53:26 1 --a------ C:\WINNT\system32\kr_done1de 2008-05-09 14:04:27 0 d-------- C:\Documents and Settings\Mentor\Application Data\Adobe 2008-05-09 14:00:49 0 d-------- C:\Documents and Settings\Mentor\Application Data\Mozilla 2008-05-09 13:28:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d8.dat 2008-05-09 12:42:47 0 d-------- C:\Program Files\Enigma Software Group 2008-05-09 12:13:00 0 d-------- C:\Documents and Settings\Mentor\Application Data\Malwarebytes 2008-05-05 19:24:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_34c.dat 2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-24 08:10:33 86528 --a------ C:\WINNT\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-14 19:24:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_10c.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}] C:\WINNT\system32\cbXrPjIY.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\SYSTEM32\mobsync.exe] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/04 08:46a] "IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/19/05 08:59a] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/19/05 08:59a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 10:41a] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/02 11:35a] "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/07 05:15a] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [] "9c8c4375"="C:\WINNT\system32\aiimeypi.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mavenapp://maven.net/nike/jogatv"="C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe" [] "WebCamRT.exe"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/29/08 08:13p] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 05:45p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "internat.exe"=internat.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/14/2006 1142 PM] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINNT\system32\cbXrPjIY.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrPjIY] cbXrPjIY.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2008-06-13 02:59:45 ------------

06-13-2008, 07:35 AM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,240 OS: 2000 Pro; XP Pro; XP Home	Re: Virus Deckard's System Scanner should have produced another log, extra.txt It should be located at C:\Deckard\System Scanner\extra.txt Please post it. If it's not there, please do this: Please run Deckard's System Scanner once again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "C:\Documents and Settings\Mentor\Desktop\yuri\dss.exe" /config Click on "Check All" Click Scan! When finished, it shall produce two logs for you. Post those logs in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-16-2008, 09:58 PM	#6 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus Its Been 4 days BUMP^

06-16-2008, 10:00 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,240 OS: 2000 Pro; XP Pro; XP Home	Re: Virus Ummm... Generally, we post instructions, and you provide the requested information. Kindly look at my last post. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-26-2008, 06:00 PM	#8 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus Hey I finally see what you were talking about. For some reason my computer hasn't been refreshing pages and would post old pages every time i visted a site (examp. if I logged into a sports forum it would show threads from the very last time I visted it). I realized this a couple of days ago and thats why I had wrote bump^ because I had thought no 1 had responded to my ?(that's why I was puzzled at what you had claimed in your last message to me. Sorry for the confusion and for arguring when there was nothing to argue about, if u still want to help me I have posted the rest of the info here.... Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows 2000 Professional (build 2195) SP 4.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz Percentage of Memory in Use: 73% Physical Memory (total/avail): 253.99 MiB / 67.5 MiB Pagefile Memory (total/avail): 753.11 MiB / 445.96 MiB Virtual Memory (total/avail): 2047.88 MiB / 1956.26 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.47 GiB total, 65.97 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST380021A - 74.53 GiB - 2 partitions \PARTITION0 - Unknown - 62.72 MiB \PARTITION1 (bootable) - Installable File System - 74.47 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Mentor\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DCDKW921 ComSpec=C:\WINNT\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Mentor LOGONSERVER=\\DCDKW921 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Os2LibPath=C:\WINNT\system32\os2\dll; Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0207 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip SystemDrive=C: SystemRoot=C:\WINNT TEMP=C:\DOCUME~1\Mentor\LOCALS~1\Temp TMP=C:\DOCUME~1\Mentor\LOCALS~1\Temp USERDOMAIN=DCDKW921 USERNAME=Mentor USERPROFILE=C:\Documents and Settings\Mentor windir=C:\WINNT -- User Profiles --------------------------------------------------------------- Mentor (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe" Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player 11 --> C:\WINNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Adobe\SHOCKW~1\Install.log Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Conexant HSF V92 56K Data Fax PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0 Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HijackThis 2.0.2 --> "C:\Program Files\HijackThis.exe" /uninstall hp deskjet 3820 series --> rundll32 hpzcon05.dll,VendorJettison hp deskjet 3820 series hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=3820 -huninstall HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96} HP Deskjet 3840 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3840 Series HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1} HyperPen USB Manager --> C:\WINNT\IsUninst.exe -f"C:\Program Files\A_Tablet\USB Tablet Driver\Uninst.isu" Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4} Intel® Pro Alerting Agent, Version 3.0.0 --> MsiExec.exe /I{6797B492-3814-4129-AD07-C727D23FB5BF} Intel® PRO Network Adapters WMI Provider (2.0) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe" J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120} J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA} Maven Application Manager --> regsvr32 /i /u /s "C:\Program Files\Common Files\Maven\Application Manager\appMgrAX.dll" Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft IntelliPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7} Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9} Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07} MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820} MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380} Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211} OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B} Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe" Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe" Security Update for Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe" SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E} System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe Ten Thumbs Typing Tutor --> MsiExec.exe /X{5429A733-3BF4-469F-B5DA-4FD3A2B91D38} Ten Thumbs Typing Tutor --> MsiExec.exe /X{B7B9DBA7-5D6D-4BF9-BF33-137FB6931E04} User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type46789 / Warning Event Submitted/Written: 06/12/2008 00:37:59 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT [00000003] Event Record #/Type46788 / Warning Event Submitted/Written: 06/12/2008 00:37:59 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SYSTEM [00000003] Event Record #/Type46787 / Warning Event Submitted/Written: 06/12/2008 00:37:59 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG [00000003] Event Record #/Type46786 / Warning Event Submitted/Written: 06/12/2008 00:37:59 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SOFTWARE [00000003] Event Record #/Type46785 / Warning Event Submitted/Written: 06/12/2008 00:37:59 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG [00000003] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type5488 / Error Event Submitted/Written: 06/13/2008 02:59:41 AM Event ID/Source: 7031 / Service Control Manager Event Description: The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action. Event Record #/Type5487 / Error Event Submitted/Written: 06/13/2008 02:59:14 AM Event ID/Source: 7011 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for a transaction response from the Norton AntiVirus Server service. Event Record #/Type5457 / Error Event Submitted/Written: 05/27/2008 03:25:16 PM Event ID/Source: 17 / Removable Storage Service Event Description: RSM cannot manage library PhysicalDrive1. It encountered an unspecified error. This can be caused by a number of problems including, but not limited to, database corruption, failure communicating with the library, or insufficient system resources. Event Record #/Type5454 / Error Event Submitted/Written: 05/26/2008 00:57:55 PM Event ID/Source: 17 / Removable Storage Service Event Description: RSM cannot manage library PhysicalDrive1. It encountered an unspecified error. This can be caused by a number of problems including, but not limited to, database corruption, failure communicating with the library, or insufficient system resources. Event Record #/Type5451 / Warning Event Submitted/Written: 05/25/2008 09:56:24 PM Event ID/Source: 1006 / Dhcp Event Description: Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 000874CB739F. The following error occurred during configuration: %%87. -- End of Deckard's System Scanner: finished at 2008-06-13 02:59:45 ------------

06-26-2008, 06:08 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,240 OS: 2000 Pro; XP Pro; XP Home	Re: Virus Hi again - I'll be glad to help you. It's why we're here. However, and please don't take this wrongly, it's been two weeks since those logs were created, so I need a fresh log from which to work. Running DSS again should only take a few minutes. I'm subscribed to this thread, and will be around most of the evening, so we can begin the cleaning once you post it. Please double click on DSS.exe once again to run it. A single log will be produced, main.txt Please post it. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-26-2008, 10:23 PM	#10 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus cool, here it's ( I wonder why My comp doesn't refresh and displays outdated pages?) Deckard's System Scanner v20071014.68 Run by Mentor on 2008-06-26 23:16:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 254 MiB (256 MiB recommended). -- HijackThis (run as Mentor.exe) ---------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-26 23:19:54 Platform: Windows 2000 Service Pack 4 (5.00.2195) MSIE: Internet Explorer (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\SYSTEM32\SMSS.EXE C:\WINNT\SYSTEM32\WINLOGON.EXE C:\WINNT\SYSTEM32\SERVICES.EXE C:\WINNT\SYSTEM32\LSASS.EXE C:\WINNT\SYSTEM32\SVCHOST.EXE C:\WINNT\SYSTEM32\spoolsv.exe C:\Program Files\intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\SYSTEM32\SVCHOST.EXE C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\SYSTEM32\NMSSvc.Exe C:\WINNT\SYSTEM32\mstask.exe C:\WINNT\SYSTEM32\TCPSVCS.EXE C:\WINNT\SYSTEM32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\SYSTEM32\MsPMSPSv.exe C:\WINNT\SYSTEM32\SVCHOST.EXE C:\WINNT\SYSTEM32\SVCHOST.EXE C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe C:\WINNT\explorer.exe C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe C:\WINNT\SYSTEM32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe C:\WINNT\SYSTEM32\wisptis.exe C:\Documents and Settings\Mentor\Desktop\dss.exe C:\Program Files\Mentor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINNT\system32\cbXrPjIY.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [9c8c4375] rundll32.exe "C:\WINNT\system32\aiimeypi.dll",b O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} () - http://fpdownload.macromedia.com/pub...sh/swflash.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: mav-8551 - {5b5f4615-c6ba-4a51-ad3f-c6f3a3d71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing) O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: cbXrPjIY - C:\WINNT\system32\cbXrPjIY.dll (file missing) O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\SYSTEM32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\SYSTEM32\NMSSvc.Exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7588 bytes -- Files created between 2008-05-26 and 2008-06-26 ----------------------------- 2008-06-13 02:55:26 396288 --a------ C:\Program Files\Mentor.exe <Not Verified; Trend Micro Inc.; HijackThis> 2008-06-13 02:38:02 0 d-------- C:\Program Files\SpywareBlaster 2008-06-13 02:37:44 0 d-------- C:\ie-spyad_zo 2008-06-13 02:32:08 396288 --a------ C:\Program Files\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis> 2008-06-07 17:12:37 0 d-------- C:\Program Files\Panda Security 2008-06-07 14:22:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Help 2008-06-01 12:02:44 376906 ---h----- C:\WINNT\ShellIconCache -- Find3M Report --------------------------------------------------------------- 2008-06-26 23:20:20 6490 --a------ C:\Program Files\hijackthis.log 2008-06-25 18:00:02 0 d-------- C:\Program Files\Norton Security Scan 2008-06-07 14:51:33 0 d-------- C:\Documents and Settings\Mentor\Application Data\Move Networks 2008-06-07 14:47:15 0 d-------- C:\Program Files\DivX 2008-05-23 16:10:33 90112 --a------ C:\WINNT\system32\bvlrbcys.dll 2008-05-22 16:08:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e0.dat 2008-05-16 16:04:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_44c.dat 2008-05-16 00:15:41 0 d-------- C:\Documents and Settings\Mentor\Application Data\Apple Computer 2008-05-16 00:14:57 0 d-------- C:\Program Files\Trojan Killer 2008-05-15 16:03:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat 2008-05-12 12:08:57 0 d-------- C:\Program Files\Common Files\AOL 2008-05-12 12:07:05 0 d-------- C:\Documents and Settings\Mentor\Application Data\Uniblue 2008-05-11 22:01:44 0 d-------- C:\Documents and Settings\Mentor\Application Data\AdobeUM 2008-05-11 18:04:28 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-11 16:01:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat 2008-05-10 16:01:40 91776 --a------ C:\WINNT\system32\hlghxdrq.dll 2008-05-10 04:00:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_380.dat 2008-05-09 15:53:26 1 --a------ C:\WINNT\system32\kr_done1de 2008-05-09 14:04:27 0 d-------- C:\Documents and Settings\Mentor\Application Data\Adobe 2008-05-09 14:00:49 0 d-------- C:\Documents and Settings\Mentor\Application Data\Mozilla 2008-05-09 13:28:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_d8.dat 2008-05-09 12:42:47 0 d-------- C:\Program Files\Enigma Software Group 2008-05-09 12:13:00 0 d-------- C:\Documents and Settings\Mentor\Application Data\Malwarebytes 2008-05-05 19:24:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_34c.dat 2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-28 08:03:06 82944 --a------ C:\WINNT\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-24 08:10:33 86528 --a------ C:\WINNT\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-14 19:24:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_10c.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}] C:\WINNT\system32\cbXrPjIY.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\SYSTEM32\mobsync.exe] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [03/04/04 08:46a] "IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/19/05 08:59a] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/19/05 08:59a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 10:41a] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/02 11:35a] "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/07 05:15a] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [] "9c8c4375"="C:\WINNT\system32\aiimeypi.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mavenapp://maven.net/nike/jogatv"="C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe" [] "WebCamRT.exe"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/29/08 08:13p] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 05:45p] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FlashPlayerUpdate"=C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "internat.exe"=internat.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/14/2006 1142 PM] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINNT\system32\cbXrPjIY.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrPjIY] cbXrPjIY.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2008-06-26 23:21:04 ------------ Last edited by DC38; 06-26-2008 at 10:27 PM.

06-27-2008, 04:49 AM	#12 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus Okay I have completed all three steps.... ----------------------------------------------------------------------First File ------------------------------------------------------- File hlghxdrq.dll received on 05.22.2008 16:55:50 (CET) Current status: finished Result: 12/32 (37.50%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - TR/Vundo.elk.9 Authentium - - - Avast - - Win32:Vundo@dll AVG - - - BitDefender - - Trojan.Vundo.ELK CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - Suspicious File eTrust-Vet - - Win32/Vundo.ZL Ewido - - - F-Prot - - - F-Secure - - - Fortinet - - - GData - - Win32:Vundo Ikarus - - Virus.Win32.Rootkit Kaspersky - - - McAfee - - - Microsoft - - Trojan:Win32/Vundo.AO NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - Cloaked Malware Rising - - - Sophos - - Mal/Generic-A Sunbelt - - Virtumonde Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Trojan.Vundo.elk.9 Additional information MD5: 81614b79cf80a0033ad09be932e50dc8 SHA1: 2795100030563173f682611f21d4a5741314f125 SHA256: 413a3dfd2c7e7d29de4d92f910043c50047f3d33d7ffcddc0397b51ba7c3b257 SHA512: 4aebbf9717f17891fa7b828b2fa7a96156b25d60e3f9407a5771ae1593688c7fa5b5f38ac6db07fc8bbe94cb928bdfc784102c6c611a18e4c5a331550330bc81 ------------------------------------------------------------------------------------------------------------2nd File------------------------------ File uhvkdcvg.dll received on 06.21.2008 17:59:31 (CET) Current status: finished Result: 21/33 (63.64%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 2008.6.19.0 2008.06.20 Win-Trojan/Vundo.90112.B AntiVir 7.8.0.59 2008.06.20 ADSPY/Virtumonde.tsd Authentium 5.1.0.4 2008.06.20 - Avast 4.8.1195.0 2008.06.20 Win32:Vundo@dll AVG 7.5.0.516 2008.06.21 Generic10.AEHO BitDefender 7.2 2008.06.21 Trojan.Vundo.EOD CAT-QuickHeal 9.50 2008.06.20 AdWare.Virtumonde.tsd (Not a Virus) ClamAV 0.93.1 2008.06.21 Trojan.Vundo-3398 DrWeb 4.44.0.09170 2008.06.21 Trojan.Virtumod.404 eSafe 7.0.15.0 2008.06.19 - eTrust-Vet 31.6.5892 2008.06.21 - Ewido 4.0 2008.06.21 - F-Prot 4.4.4.56 2008.06.20 W32/Virtumonde.Y.gen!Eldorado F-Secure 7.60.13501.0 2008.06.20 AdWare.Win32.Virtumonde.tsd Fortinet 3.14.0.0 2008.06.21 - GData 2.0.7306.1023 2008.06.21 Trojan.Win32.Monderb.gen Ikarus T3.1.1.26.0 2008.06.21 Virus.Win32.Vundo@dll Kaspersky 7.0.0.125 2008.06.21 not-a-virus:AdWare.Win32.Virtumonde.tsd McAfee 5322 2008.06.20 - Microsoft 1.3604 2008.06.21 Trojan:Win32/Vundo.gen!E NOD32v2 3205 2008.06.21 - Norman 5.80.02 2008.06.20 W32/Virtumonde.XJJ Panda 9.0.0.4 2008.06.21 - Prevx1 V2 2008.06.21 Malicious Software Rising 20.49.52.00 2008.06.21 - Sophos 4.30.0 2008.06.21 Mal/Generic-A Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.21 - TheHacker 6.2.92.356 2008.06.20 Adware/Virtumonde.tsd TrendMicro 8.700.0.1004 2008.06.20 TROJ_VUNDO.CQK VBA32 3.12.6.7 2008.06.21 AdWare.Win32.Virtumonde.tsd VirusBuster 4.3.26:9 2008.06.12 - Webwasher-Gateway 6.6.2 2008.06.21 Win32.Malware.gen Additional information File size: 90112 bytes MD5...: 188eef14342d0a107c783de4ff4e666b SHA1..: 1b23343a256177ef5588a3537268c3708d0faea7 SHA256: 8248eb584122a1348dd899cdfc2b5148a66c8c00a81eb9693f19f4d65e70b7ce SHA512: b3b191613a60b1af175af0fb47de21232c06ee7bdd30ed63b4d98e47bb20666a 86203492b176c198d19afaa09b243f4632111da63c2df79cb4f8e5ba5ed90dd3 PEiD..: Armadillo v1.xx - v2.xx PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10001339 timedatestamp.....: 0x48342ddd (Wed May 21 14:12:45 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2000 0x2000 4.87 a24f9141cb9e395f3c893ad62112610b CRT 0x3000 0x1000 0x800 4.35 31c5098c1d19de1318e19a2dd6745c85 .idata 0x4000 0x2000 0x1a00 7.97 a14c5c765862792cb9574cb418d122cd .data 0x6000 0x20000 0x10000 7.99 03004b49e644a41f612f5a8052689a58 ( 4 imports ) > kernel32.dll: EnterCriticalSection, GetProcAddress, LeaveCriticalSection, LoadLibraryA, VirtualAlloc, VirtualFree, VirtualProtect > user32.dll: FindWindowExA, GetCapture, GetCursorPos, GetDC, GetSystemMetrics, GetWindow, GetWindowDC, GetWindowDC, GetWindowTextA, GetWindowTextLengthA, InvalidateRect, IsWindow, KillTimer, LoadCursorA, LoadIconA, LoadStringA, MessageBoxA, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, ReleaseCapture, ReleaseDC, SendMessageA, SetCursor, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetPropA, SetScrollPos, SetScrollRange, SetSysColors, SetTimer > gdi32.dll: SelectObject, SetBkColor, SetBkMode, SetBrushOrgEx, SetPixel, SetStretchBltMode, SetTextColor, SetWindowOrgEx > shell32.dll: DllRegisterServer, DllUnregisterServer, DragFinish, DragQueryFile, DragQueryPoint, Shell_NotifyIcon ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramte...E82A008AA01E73 -------------------------------------------------------------------------------------------------------------------------------------------------- Last edited by DC38; 06-27-2008 at 05:19 AM.

06-27-2008, 05:21 AM	#13 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus --------------------------------------------------------------------------------------------------------------------------------------------------HiJack File scan Below-------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:52:12 AM, on 6/27/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe C:\WINNT\system32\WISPTIS.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing) O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6171 bytes -------------------------------------------------------------------------------------------------------------------------------- -----------------------------------------------------

06-27-2008, 11:38 AM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,240 OS: 2000 Pro; XP Pro; XP Home	Re: Virus Using Windows Explorer or Windows Search, locate and delete these files: C:\WINNT\system32\hlghxdrq.dll C:\WINNT\system32\bvlrbcys.dll Let me know if you have any trouble with that. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. Are you still receiving infection alerts from your AntiVirus? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-28-2008, 02:07 AM	#15 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus kk, i've done both steps... here's the report..... and my antvirus program deteced 2 mini. threats (Just some tracking cookies I think) Malwarebytes' Anti-Malware 1.18 Database version: 895 519 PM 6/27/2008 mbam-log-6-27-2008 (17-06-12).txt Scan type: Quick Scan Objects scanned: 45610 Time elapsed: 11 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{21bc9dfa-3e14-4753-9cbd-16a009ae1144} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINNT\cookies.ini (Malware.Trace) -> No action taken. C:\WINNT\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> No action taken.

07-01-2008, 08:12 AM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,240 OS: 2000 Pro; XP Pro; XP Home	Re: Virus Looks much better. A few more tasks. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- How is the machine behaving now? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-02-2008, 05:45 AM	#20 (permalink)
DC38 Registered User Join Date: Jun 2008 Posts: 21 OS: WIndows 2000	Re: Virus O and here's the HiJack this file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:43:54 AM, on 7/2/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\System32\NMSSvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [mavenapp://maven.net/nike/jogatv] C:\Program Files\Nike JogaTV\bin\NikeJogaTV.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O18 - Protocol: mav-8551 - {5B5F4615-C6BA-4A51-AD3F-C6F3A3D71621} - C:\Program Files\Nike JogaTV\bin\idsAX.dll (file missing) O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6205 bytes