Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vista Antivirus


  • This topic is locked This topic is locked
2 replies to this topic

#1 crustiebob

crustiebob

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 25 July 2008 - 12:03 AM

Hello there. I come home to see a big anti virus pop-up on my computer from vista. I immediately know something is fishy so i download hijack this and look for a malware removal forum site to help me. I read the read this before you post thread and was unable to get the kaspersky scan as mid-way it stoped and said i needed to be connected to the internet to proced. so i just have the DSS files.

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-07-24 21:50:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-25 04:50:37 UTC - RP6 - Deckard's System Scanner Restore Point
1: 2008-07-25 04:30:11 UTC - RP5 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:05 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphct5pj0el0e.exe
C:\Program Files\rhcp5pj0el0e\rhcp5pj0el0e.exe
C:\Program Files\VAV\vav.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\pphct5pj0el0e.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: BHO.toolbar3 - {A4D16645-4149-41FB-B670-E06072E540C1} - C:\WINDOWS\system32\domiebho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphct5pj0el0e] C:\WINDOWS\system32\lphct5pj0el0e.exe
O4 - HKLM\..\Run: [SMrhcp5pj0el0e] C:\Program Files\rhcp5pj0el0e\rhcp5pj0el0e.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7816 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 21:34:37 0 d-------- C:\Program Files\Trend Micro
2008-07-24 21:29:57 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\rhcp5pj0el0e
2008-07-24 17:46:34 0 d-------- C:\Program Files\IEAntiVirus
2008-07-24 17:35:49 106496 --a------ C:\WINDOWS\Sys14.exe
2008-07-24 17:35:48 30720 --a------ C:\WINDOWS\Sys13.exe
2008-07-24 17:35:48 30208 --a------ C:\WINDOWS\Sys12.exe
2008-07-24 17:35:48 31744 --a------ C:\WINDOWS\Sys11.exe
2008-07-24 17:35:48 32256 --a------ C:\WINDOWS\Sys10.exe
2008-07-24 17:35:48 0 d-------- C:\Program Files\VAV
2008-07-24 17:35:47 0 d-------- C:\Program Files\PCHealthCenter
2008-07-24 17:29:43 18944 --a------ C:\WINDOWS\system32\sofiebho.dll
2008-07-24 17:29:43 18944 --a------ C:\WINDOWS\system32\sofie.dll
2008-07-24 17:29:38 18944 --a------ C:\WINDOWS\system32\domie.dll
2008-07-24 17:29:19 18944 --a------ C:\WINDOWS\system32\hombho.dll
2008-07-24 17:29:15 18944 --a------ C:\WINDOWS\system32\domiebho.dll
2008-07-24 17:23:50 18944 --a------ C:\WINDOWS\system32\homie.dll
2008-07-24 17:20:34 94208 --a------ C:\WINDOWS\system32\pphct5pj0el0e.exe
2008-07-24 17:20:34 0 d-------- C:\Documents and Settings\Evar\Application Data\rhcp5pj0el0e
2008-07-24 17:20:24 0 d-------- C:\Program Files\rhcp5pj0el0e
2008-07-24 17:20:05 60928 --a------ C:\WINDOWS\system32\blphct5pj0el0e.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-24 17:19:59 128512 --a------ C:\WINDOWS\system32\lphct5pj0el0e.exe
2008-07-17 17:08:42 1747 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-07-15 20:34:55 0 d-------- C:\Documents and Settings\Compaq_Administrator\Logs
2008-07-12 15:24:29 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-06 13:42:36 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2008-06-27 10:33:27 0 d---s---- C:\Documents and Settings\Michele\UserData
2008-06-27 10:29:11 0 d-------- C:\Documents and Settings\Michele\Application Data\HPQ
2008-06-26 10:01:53 0 d-------- C:\Documents and Settings\Michele\Application Data\OpenOffice.org2
2008-06-26 07:13:08 0 d-------- C:\Documents and Settings\Michele\Application Data\Sun
2008-06-26 06:46:18 0 d-------- C:\Documents and Settings\Michele\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2008-07-23 20:22:17 0 d-------- C:\Program Files\Warcraft III
2008-07-15 19:15:28 0 d-------- C:\Program Files\World of Warcraft
2008-07-05 21:08:11 0 d-------- C:\Program Files\Soulseek
2008-06-30 20:51:13 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-06-30 16:19:36 23498 --a------ C:\WINDOWS\War3Unin.dat
2008-06-19 16:49:15 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-19 16:49:15 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-17 12:37:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org2
2008-06-15 14:09:53 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2008-06-15 14:09:24 0 d-------- C:\Program Files\VideoLAN
2008-06-14 10:08:31 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
2008-06-14 10:08:30 0 d-------- C:\Program Files\Octoshape Streaming Services
2008-06-13 15:39:39 187 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-06-09 14:15:11 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-09 14:14:41 0 d-------- C:\Program Files\Java
2008-06-08 21:23:52 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
2008-05-29 22:48:07 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
2008-05-29 22:48:06 0 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-05-29 20:22:38 0 d-------- C:\Program Files\Kiran's Typing Tutor
2008-05-27 07:17:55 112981 --a------ C:\WINDOWS\hpoins07.dat
2008-05-27 07:16:12 0 d-------- C:\Program Files\HP
2008-05-27 07:15:03 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-27 07:14:20 0 d-------- C:\Program Files\Common Files
2008-05-27 07:14:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-27 07:11:20 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\HP
2008-05-26 15:28:52 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Ventrilo
2008-05-26 15:27:44 0 d-------- C:\Program Files\Ventrilo
2008-05-26 15:27:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 14:10:01 0 d-------- C:\Program Files\MSBuild
2008-05-26 14:09:52 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 14:07:29 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 13:01:27 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer
2008-05-26 13:01:08 0 d-------- C:\Program Files\QuickTime
2008-05-26 13:00:15 0 d-------- C:\Program Files\iTunes
2008-05-26 12:58:53 0 d-------- C:\Program Files\iPod
2008-05-26 12:44:59 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
2008-05-26 09:57:23 0 d-------- C:\Program Files\Viewpoint
2008-05-26 03:04:06 0 d-------- C:\Program Files\MSXML 4.0
2008-05-25 23:35:23 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-25 23:20:07 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim
2008-05-25 23:20:05 0 d-------- C:\Program Files\AIM
2008-05-25 23:19:40 0 d-------- C:\Program Files\AOD
2008-05-25 22:33:34 0 d-------- C:\Program Files\Symantec
2008-05-25 22:33:34 0 d-------- C:\Program Files\Google
2008-05-25 22:31:16 0 d-------- C:\Program Files\Windows NT
2008-05-25 22:25:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-25 22:25:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-25 22:24:16 0 d-------- C:\Program Files\Sonic
2008-05-25 22:22:19 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2008-05-25 22:21:56 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-25 22:21:27 0 d-------- C:\Program Files\Common Files\Real
2008-05-25 22:21:15 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2008-05-25 22:20:24 0 d-------- C:\Program Files\Quicken
2008-05-25 22:09:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 22:08:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-25 22:07:52 0 d-------- C:\Program Files\GemMaster
2008-05-25 21:32:06 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4D16645-4149-41FB-B670-E06072E540C1}]
07/24/2008 05:29 PM 18944 --a------ C:\WINDOWS\system32\domiebho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 09:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 07:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/26/2008 01:01 PM]
"lphct5pj0el0e"="C:\WINDOWS\system32\lphct5pj0el0e.exe" [07/24/2008 05:20 PM]
"SMrhcp5pj0el0e"="C:\Program Files\rhcp5pj0el0e\rhcp5pj0el0e.exe" [07/24/2008 04:20 AM]
"Antivirus"="C:\Program Files\VAV\vav.exe" [07/17/2008 08:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"="C:\Program Files\VAV\vav.exe" [07/17/2008 08:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\Compaq_Administrator\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-24 21:52:36 ------------

here is the extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3800+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 958.48 MiB / 448.82 MiB
Pagefile Memory (total/avail): 2312.49 MiB / 1877.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.57 MiB

C: is Fixed (NTFS) - 224.68 GiB total, 176.96 GiB free.
D: is Fixed (FAT32) - 8.18 GiB total, 0.51 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250824AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.68 GiB - C:
\PARTITION1 - Unknown - 8.2 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\slsk.exe"="C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Octoshape Streaming Services\\Compaq_Administrator\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Compaq_Administrator\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Administrator\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=Compaq_Administrator
USERPROFILE=C:\Documents and Settings\Compaq_Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Administrator (admin)
Evar (admin)
Michele
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
AntivirXP08 --> "C:\Program Files\rhcp5pj0el0e\uninstall.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IE AntiVirus --> C:\Program Files\IEAntiVirus\Uninstall.exe
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kiran's Typing Tutor 1.0 --> "C:\Program Files\Kiran's Typing Tutor\unins000.exe"
Microsoft Away Mode -->
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Compaq_Administrator\uninst.exe
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2119 / Error
Event Submitted/Written: 07/24/2008 08:49:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001016.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2117 / Error
Event Submitted/Written: 07/24/2008 08:49:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module , version 5.1.2600.2180, fault address 0x0003426d.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2116 / Error
Event Submitted/Written: 07/24/2008 08:49:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426f.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2115 / Error
Event Submitted/Written: 07/24/2008 08:48:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application antivir.exe, version 3.3.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2106 / Error
Event Submitted/Written: 07/24/2008 05:47:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application antivir.exe, version 3.3.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8116 / Warning
Event Submitted/Written: 07/24/2008 05:09:22 PM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "NVSVCPMMWindowClass"

Event Record #/Type8115 / Warning
Event Submitted/Written: 07/24/2008 05:09:21 PM
Event ID/Source: 257 / PlugPlayManager
Event Description:
Timed out sending notification of target device change to window of "NVSVCPMMWindowClass"

Event Record #/Type8068 / Warning
Event Submitted/Written: 07/24/2008 10:41:48 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8010 / Error
Event Submitted/Written: 07/23/2008 07:19:37 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type8008 / Warning
Event Submitted/Written: 07/23/2008 06:53:31 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001731B0DF90. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-07-24 21:52:36 ------------

please help and thank you for your time

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 25 July 2008 - 08:17 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please uninstall the following programs from your computer..

AntivirXP08
IE AntiVirus
Viewpoint Media Player





NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\Viewpoint
    C:\Documents and Settings\Compaq_Administrator\Application Data\rhcp5pj0el0e
    C:\Program Files\IEAntiVirus
    C:\WINDOWS\Sys1?.exe
    C:\Program Files\VAV
    C:\Program Files\PCHealthCenter
    C:\WINDOWS\system32\sofiebho.dll
    C:\WINDOWS\system32\sofie.dll
    C:\WINDOWS\system32\domie.dll
    C:\WINDOWS\system32\hombho.dll
    C:\WINDOWS\system32\domiebho.dll
    C:\WINDOWS\system32\homie.dll
    C:\WINDOWS\system32\pphct5pj0el0e.exe
    C:\Documents and Settings\Evar\Application Data\rhcp5pj0el0e
    C:\Program Files\rhcp5pj0el0e
    C:\WINDOWS\system32\blphct5pj0el0e.scr
    C:\WINDOWS\system32\lphct5pj0el0e.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D16645-4149-41FB-B670-E06072E540C1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphct5pj0el0e
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SMrhcp5pj0el0e
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Antivirus
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Antivirus
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply..

1, OTMoveIt2
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)
4. Tell me about your computer condition...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 06 August 2008 - 08:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users