1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

OMG It is bad

Discussion in 'Malware and Virus Removal Archive' started by Ranger SVO, 2008/07/14.

  1. 2008/07/14
    Ranger SVO

    Ranger SVO Inactive Thread Starter

    Joined:
    2006/05/13
    Messages:
    297
    Likes Received:
    4
    My computer here at work is really ******* up. I left it for 30 min and I got back and everything is messed up.

    I went to safe mode and deleted everything I did not recognize. And then did a system restore.

    I ran Hijack this but it keeps freezing

    So I ran DSS

    Here is the log

    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-07-14 16:15:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 3 Restore Point(s) --
    3: 2008-07-14 21:15:12 UTC - RP58 - Deckard's System Scanner Restore Point
    2: 2008-07-14 20:47:48 UTC - RP57 - Restore Operation
    1: 2008-07-14 20:09:32 UTC - RP56 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-14 16:16:10
    Platform: Windows XP Service Pack 3 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Softex\OmniPass\omniServ.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\hp\KBD\kbd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\WildTangent\Apps\GameChannel.exe
    C:\Program Files\Skynergy\HotKeyz\HotKeyz.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\WINDOWS\system32\lphcro6j0ejbe.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG8\aAvgApi.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe "
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [HotKeyz.exe Startup] C:\Program Files\Skynergy\HotKeyz\HotKeyz.exe Startup
    O4 - HKLM\..\Run: [lphcro6j0ejbe] C:\WINDOWS\system32\lphcro6j0ejbe.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: MsnFixer.lnk = C:\hp\bin\msnfix\msnfixjs.js
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Inter-Tel Collaboration Remote Client (LkWebLink) - Inter-Tel (Delaware), Inc - C:\Documents and Settings\Owner\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\omniServ.exe


    --
    End of file - 8213 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1 ",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S4 LkWebLink (Inter-Tel Collaboration Remote Client) - "c:\documents and settings\owner\my documents\inter-tel\collaboration client 2.0\lkweblink.exe" -service <Not Verified; Inter-Tel (Delaware), Inc; Inter-Tel Remote Client>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-14 16:15:00 272 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job
    2008-07-14 09:16:00 398 --a------ C:\WINDOWS\Tasks\WebReg 20080519091633.job


    -- Files created between 2008-06-14 and 2008-07-14 -----------------------------

    2008-07-14 16:06:27 0 d-------- C:\Program Files\Trend Micro
    2008-07-14 15:53:31 0 dr-h----- C:\Documents and Settings\Owner\Recent
    2008-07-14 15:48:24 0 d-------- C:\Program Files\PC-Doctor for Windows
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Local Settings
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Favorites
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Cookies
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Application Data
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Application Data\Sonic
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Application Data\Real
    2008-07-14 15:37:47 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Application Data\Microsoft
    2008-07-14 15:37:46 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Templates
    2008-07-14 15:37:46 0 d-------- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\My Documents
    2008-07-14 15:37:45 1048576 --ah----- C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\NTUSER.DAT
    2008-07-14 15:09:57 0 d-------- C:\WINDOWS\privacy_danger
    2008-07-14 15:09:24 6991872 --a------ C:\Documents and Settings\Owner\ntuser.dat
    2008-07-14 15:09:24 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
    2008-07-14 15:08:21 60928 --a------ C:\WINDOWS\system32\blphcro6j0ejbe.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
    2008-07-14 15:08:12 110080 --a------ C:\WINDOWS\system32\lphcro6j0ejbe.exe
    2008-06-30 10:24:14 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-30 10:24:10 0 d-------- C:\Program Files\Google
    2008-06-24 16:07:18 0 d-------- C:\Program Files\MSXML 4.0


    -- Find3M Report ---------------------------------------------------------------

    2008-07-14 16:11:23 0 d-------- C:\Program Files\uTorrent
    2008-07-14 15:49:20 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
    2008-07-14 15:42:38 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-03 16:36:42 0 d-------- C:\Program Files\SpywareBlaster
    2008-06-30 10:24:09 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-06-13 15:42:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
    2008-06-13 14:23:38 0 d-------- C:\Program Files\Skynergy
    2008-06-05 15:52:33 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
    2008-06-05 15:50:07 0 d-------- C:\Program Files\DivX
    2008-06-05 13:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
    2008-06-05 13:52:51 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-05 13:52:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2008-06-05 13:52:47 0 d-------- C:\Program Files\Common Files
    2008-06-02 16:35:55 0 d-------- C:\Program Files\Yahoo!
    2008-06-02 16:29:52 0 d-------- C:\Program Files\CCleaner
    2008-06-02 15:35:52 0 d-------- C:\Program Files\WildTangent
    2008-05-23 11:08:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
    2008-05-22 13:48:53 0 d-------- C:\Program Files\WinISD
    2008-05-21 15:48:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
    2008-05-21 12:28:40 0 d-------- C:\Program Files\Sun
    2008-05-21 12:28:21 0 d-------- C:\Program Files\Java
    2008-05-19 13:34:29 36 --a------ C:\Program Files\smarttrack.sys
    2008-05-19 13:18:12 0 d-------- C:\Program Files\SmartTrack
    2008-05-19 13:08:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
    2008-05-19 13:07:19 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
    2008-05-19 13:03:53 0 d-------- C:\Program Files\Common Files\Java
    2008-05-19 12:58:24 0 d-------- C:\Program Files\AVG
    2008-05-19 12:35:32 0 d-------- C:\Program Files\7-Zip
    2008-05-19 12:11:05 0 d--h----- C:\Program Files\WindowsUpdate
    2008-05-19 12:03:01 0 d-------- C:\Program Files\Messenger
    2008-05-19 12:02:35 0 d-------- C:\Program Files\Movie Maker
    2008-05-19 12:00:29 0 d-------- C:\Program Files\Windows NT
    2008-05-19 10:20:34 0 d-------- C:\Program Files\Stardock
    2008-05-19 10:15:35 0 d-------- C:\Program Files\Hewlett-Packard
    2008-05-19 10:15:32 0 d-------- C:\Program Files\Easy Internet signup
    2008-05-19 10:10:41 0 d-------- C:\Program Files\Java Web Start
    2008-05-19 10:10:06 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
    2008-05-19 10:09:41 0 d-------- C:\Program Files\Encarta Online
    2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    07/03/2008 03:07 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E} "= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 03:07 PM 2055960]

    [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 04:51 PM]
    "CamMonitor "= "c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [10/07/2002 09:23 AM]
    "HP Software Update "= "c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/14/2003 01:53 AM]
    "HPHUPD05 "= "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [05/23/2003 05:03 AM]
    "HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [05/23/2003 04:55 AM]
    "KBD "= "C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
    "StorageGuard "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 10:01 AM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2003 09:14 AM]
    "AutoTKit "= "C:\hp\bin\AUTOTKIT.EXE" [06/18/2003 09:19 PM]
    "Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 11:42 PM]
    "NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [05/03/2003 01:19 AM]
    "nwiz "= "nwiz.exe" [05/03/2003 01:19 AM C:\WINDOWS\system32\nwiz.exe]
    "PS2 "= "C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [03/27/2003 03:34 AM]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 03:07 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 05:28 AM]
    "AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 04:55 PM]
    "WT GameChannel "= "C:\Program Files\WildTangent\Apps\GameChannel.exe" [04/30/2003 05:21 PM]
    "wcmdmgr "= "C:\WINDOWS\wt\updater\wcmdmgrl.exe" [09/27/2002 03:47 PM]
    "HotKeyz.exe "=" " []
    "lphcro6j0ejbe "= "C:\WINDOWS\system32\lphcro6j0ejbe.exe" [07/14/2008 03:08 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BackupNotify "= "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [06/22/2003 11:25 PM]
    "NVIEW "= "nview.dll,nViewLoadHook" []
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 06:42 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [6/13/2003 6:08:16 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage "=1 (0x1)
    "NoDispScrSavPage "=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 05:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fd14fc-25c5-11dd-8c10-806d6172696f}]
    AutoRun\command- D:\Info.exe folder.htt 480 480




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
    127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
    127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
    127.0.0.1 phpadsnew.abac.com
    127.0.0.1 a.abnad.net
    127.0.0.1 b.abnad.net
    127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
    127.0.0.1 d.abnad.net

    18617 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-07-14 16:20:12 ------------
     
    Ranger SVO,
    #1
  2. 2008/07/15
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Please follow Posting Rules (#3 - Meaningful Subject) when posting.
     
    Arie,
    #2


  3. to hide this advert.

  4. 2008/07/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Ranger,
    You need to fix some file associations. Please highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • Check the box next to the following entries, then click Fix.
      • .cpl
      • .cpl
    • Exit when complete.


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Ranger, p2p app on a work computer? tsk tsk :(
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...