antivirus xp 2008 [CLOSED] [Solved]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

antivirus xp 2008 [CLOSED] [Solved], Antivirus program asking me to pay to remove program

Options

Muilenburg View Member Profile	Nov 26 2008, 11:41 PM Post #1
Member Posts: 13 OS: windows xp	Hello, I am a little new at this computer thing and while surfing the internet the other day somehow I had this program downloaded on my computer and now it is inhibiting the operation of my computer. If anyone could help it would be very much appreciated. Thanks for everything, Justin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:16 PM, on 11/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\AOL\1129472392\ee\AOLSoftware.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Gamevance\gamevance32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\lphcjwbj0encl.exe C:\Program Files\rhcnwbj0encl\rhcnwbj0encl.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\pphcjwbj0encl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129472392\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [lphcjwbj0encl] C:\WINDOWS\system32\lphcjwbj0encl.exe O4 - HKLM\..\Run: [SMrhcnwbj0encl] C:\Program Files\rhcnwbj0encl\rhcnwbj0encl.exe O4 - HKLM\..\Run: [BMebf864cb] Rundll32.exe "C:\WINDOWS\system32\skbjmvjf.dll",s O4 - HKLM\..\Run: [e8cb5757] rundll32.exe "C:\WINDOWS\system32\kyevkfgi.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492MTUS O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_tbn.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG/Bundl...egames_live.cab O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.n...GAPANEL_USA.cab O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandr...cher/CDA_AL.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - AppInit_DLLs: nokwcw.dll O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9748 bytes

fenzodahl512 View Member Profile	Nov 27 2008, 01:30 AM Post #2
Trusted Helper Posts: 5,212 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo...... Please do the following... Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..[.color] When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply.. [color="Blue"]Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

fenzodahl512 View Member Profile	Dec 1 2008, 05:49 PM Post #3
Trusted Helper Posts: 5,212 OS: Windows XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

fenzodahl512 View Member Profile	Dec 2 2008, 05:34 PM Post #4
Trusted Helper Posts: 5,212 OS: Windows XP	reopen at user request.. Post the log here please

Muilenburg View Member Profile	Dec 3 2008, 10:17 PM Post #5
Member Posts: 13 OS: windows xp	Here is the Combo fix log than after that is the hijack this log. Thanks again! ComboFix 08-11-27.01 - Linda 2008-12-02 17:16:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.414 [GMT -6:00] Running from: c:\documents and settings\Linda\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Starware c:\documents and settings\All Users\Application Data\Starware\buttons\screensaver.bmp c:\documents and settings\All Users\Application Data\Starware\buttons\screensaverA.bmp c:\documents and settings\All Users\Application Data\Starware\contexts\error.xml c:\documents and settings\All Users\Application Data\Starware\contexts\related.xml c:\documents and settings\All Users\Application Data\Starware\contexts\travel.xml c:\documents and settings\All Users\Application Data\Starware\contexts\Travel.xml.backup c:\documents and settings\All Users\Application Data\Starware\images\walertXP.bmp c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml c:\documents and settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup c:\documents and settings\All Users\Desktop\Antivirus XP 2008.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008 c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk c:\documents and settings\Butch\Application Data\DriveCleaner Free c:\documents and settings\Butch\Application Data\DriveCleaner Free\Logs\update.log c:\documents and settings\Butch\err.log c:\documents and settings\Butch\ResErrors.log c:\documents and settings\Linda\Application Data\DriveCleaner Free c:\documents and settings\Linda\Application Data\DriveCleaner Free\Logs\update.log c:\documents and settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk c:\documents and settings\Linda\Application Data\rhcnwbj0encl c:\documents and settings\Linda\err.log c:\documents and settings\Linda\ResErrors.log c:\program files\Common Files\drivecleaner free c:\program files\Common Files\drivecleaner free\laststat.dat c:\program files\DriveCleaner Free c:\program files\DriveCleaner Free\ResErrors.log c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\00070954.bin c:\program files\MyWebSearch\bar\Cache\00071EEF.bin c:\program files\MyWebSearch\bar\Cache\00071FDA.bin c:\program files\MyWebSearch\bar\Cache\005F1F13 c:\program files\MyWebSearch\bar\Cache\005F37AB c:\program files\MyWebSearch\bar\Cache\005FFDE9.bin c:\program files\MyWebSearch\bar\Cache\00600135.bin c:\program files\MyWebSearch\bar\Cache\00602008.bin c:\program files\MyWebSearch\bar\Cache\00603536.bin c:\program files\MyWebSearch\bar\Cache\0060433F.bin c:\program files\MyWebSearch\bar\Cache\0060461E.bin c:\program files\MyWebSearch\bar\Cache\00604870.bin c:\program files\MyWebSearch\bar\Cache\0060560C.bin c:\program files\MyWebSearch\bar\Cache\0507E480.bin c:\program files\MyWebSearch\bar\Cache\0507EF5D.bin c:\program files\MyWebSearch\bar\Cache\0507F6CF.bin c:\program files\MyWebSearch\bar\Cache\05081842.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\Performanceoptimizer (Free) c:\program files\Performanceoptimizer (Free)\creader.exe c:\program files\Performanceoptimizer (Free)\Download\peuecqpw\Update.exe c:\program files\Performanceoptimizer (Free)\inst.imd c:\program files\Performanceoptimizer (Free)\install_stat2.tmp c:\program files\Performanceoptimizer (Free)\language.cfg c:\program files\Performanceoptimizer (Free)\Language\1031_im1.png c:\program files\Performanceoptimizer (Free)\Language\1031_im2.png c:\program files\Performanceoptimizer (Free)\Language\1031_im4.png c:\program files\Performanceoptimizer (Free)\Language\1033_im1.png c:\program files\Performanceoptimizer (Free)\Language\1033_im2.png c:\program files\Performanceoptimizer (Free)\Language\1033_im4.png c:\program files\Performanceoptimizer (Free)\Language\1034_im1.png c:\program files\Performanceoptimizer (Free)\Language\1034_im2.png c:\program files\Performanceoptimizer (Free)\Language\1034_im4.png c:\program files\Performanceoptimizer (Free)\Language\1036_im1.png c:\program files\Performanceoptimizer (Free)\Language\1036_im2.png c:\program files\Performanceoptimizer (Free)\Language\1036_im4.png c:\program files\Performanceoptimizer (Free)\Language\English.ini c:\program files\Performanceoptimizer (Free)\Language\English_po.ini c:\program files\Performanceoptimizer (Free)\Language\English_spo.ini c:\program files\Performanceoptimizer (Free)\Language\Franch.ini c:\program files\Performanceoptimizer (Free)\Language\Franch_po.ini c:\program files\Performanceoptimizer (Free)\Language\Franch_spo.ini c:\program files\Performanceoptimizer (Free)\Language\German.ini c:\program files\Performanceoptimizer (Free)\Language\German_po.ini c:\program files\Performanceoptimizer (Free)\Language\German_spo.ini c:\program files\Performanceoptimizer (Free)\Language\Spanish.ini c:\program files\Performanceoptimizer (Free)\Language\Spanish_po.ini c:\program files\Performanceoptimizer (Free)\Language\Spanish_spo.ini c:\program files\Performanceoptimizer (Free)\MFC71.dll c:\program files\Performanceoptimizer (Free)\msvcp71.dll c:\program files\Performanceoptimizer (Free)\msvcr71.dll c:\program files\Performanceoptimizer (Free)\pcid.exe c:\program files\Performanceoptimizer (Free)\PerfOpt.chm c:\program files\Performanceoptimizer (Free)\PerfOpt.exe c:\program files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url c:\program files\Performanceoptimizer (Free)\po_cfg.ini c:\program files\Performanceoptimizer (Free)\ReadMe.doc c:\program files\Performanceoptimizer (Free)\Restore\date.dat c:\program files\Performanceoptimizer (Free)\Restore\desc.dat c:\program files\Performanceoptimizer (Free)\Restore\file.dat c:\program files\Performanceoptimizer (Free)\Restore\ploc.dat c:\program files\Performanceoptimizer (Free)\Sellmosoft Home Page.url c:\program files\Performanceoptimizer (Free)\sload.sbd c:\program files\Performanceoptimizer (Free)\Tweaks\data001.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data003.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data006.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data007.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data009.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data011.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data013.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data016.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data017.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data020.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data023.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data027.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data030.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data031.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data033.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data040.reg c:\program files\Performanceoptimizer (Free)\Tweaks\data042.reg c:\program files\Performanceoptimizer (Free)\ua_manager.exe c:\program files\Performanceoptimizer (Free)\uninstpo.exe c:\program files\Performanceoptimizer (Free)\up.dat c:\program files\Performanceoptimizer (Free)\updater.exe c:\program files\Performanceoptimizer (Free)\ver.dat c:\program files\rhcnwbj0encl c:\windows\BMebf864cb.txt c:\windows\BMebf864cb.xml c:\windows\Downloaded Program Files\UDC6_4444_D21M0303NetInstaller.exe c:\windows\pskt.ini c:\windows\system32\awiutlih.dll c:\windows\system32\axmkpiel.ini c:\windows\system32\blphcjwbj0encl.scr c:\windows\system32\E.tmp c:\windows\system32\f3PSSavr.scr c:\windows\system32\fmvblice.ini c:\windows\system32\gnffrbww.ini c:\windows\system32\igfkveyk.ini c:\windows\SYSTEM32\JmSBIRqr.ini c:\windows\SYSTEM32\JmSBIRqr.ini2 c:\windows\system32\leipkmxa.dll c:\windows\system32\lphcjwbj0encl.exe c:\windows\system32\mkls.dll c:\windows\system32\njbmqq.dll c:\windows\system32\nokwcw.dll c:\windows\system32\noqqklyq.ini c:\windows\system32\onlicllu.dll c:\windows\system32\phcjwbj0encl.bmp c:\windows\system32\pphcjwbj0encl.exe c:\windows\system32\rcqylyyp.ini c:\windows\system32\rqRIBSmJ.dll c:\windows\system32\silc_dll.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVCPROC ((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))))) . 2008-12-02 17:13 . 2004-08-04 01:56 21,504 --a------ c:\windows\SYSTEM32\hidserv.dll 2008-12-02 17:13 . 2004-08-04 01:56 21,504 --a------ c:\windows\SYSTEM32\DLLCACHE\hidserv.dll 2008-12-02 17:12 . 2004-08-04 00:08 31,616 --a------ c:\windows\SYSTEM32\DRIVERS\usbccgp.sys 2008-12-02 17:12 . 2004-08-04 00:08 31,616 --a------ c:\windows\SYSTEM32\DLLCACHE\usbccgp.sys 2008-12-02 17:12 . 2004-08-03 23:58 14,848 --a------ c:\windows\SYSTEM32\DRIVERS\kbdhid.sys 2008-12-02 17:12 . 2004-08-03 23:58 14,848 --a------ c:\windows\SYSTEM32\DLLCACHE\kbdhid.sys 2008-12-02 17:12 . 2001-08-17 13:48 12,160 --a------ c:\windows\SYSTEM32\DRIVERS\mouhid.sys 2008-12-02 17:12 . 2001-08-17 13:48 12,160 --a------ c:\windows\SYSTEM32\DLLCACHE\mouhid.sys 2008-12-02 17:12 . 2001-08-17 14:02 9,600 --a------ c:\windows\SYSTEM32\DRIVERS\hidusb.sys 2008-12-02 17:12 . 2001-08-17 14:02 9,600 --a------ c:\windows\SYSTEM32\DLLCACHE\hidusb.sys 2008-11-26 23:29 . 2008-11-26 23:29 <DIR> d-------- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-02 23:13 94,208 ----a-w c:\windows\SYSTEM32\41.tmp 2008-10-03 20:43 115,200 ----a-w c:\windows\SYSTEM32\vhmhlprr.dll 2008-10-03 20:43 115,200 ----a-w c:\windows\SYSTEM32\lnrsnp.dll 2008-09-30 17:02 74,240 ----a-w c:\windows\SYSTEM32\wwbrffng.dll 2008-09-30 16:59 115,200 ----a-w c:\windows\SYSTEM32\mticlvhr.dll 2008-09-30 16:59 115,200 ----a-w c:\windows\SYSTEM32\jpkukm.dll 2008-09-30 16:57 94,208 ----a-w c:\windows\SYSTEM32\2B.tmp 2008-09-21 00:18 94,208 ----a-w c:\windows\SYSTEM32\18.tmp 2008-09-21 00:18 94,208 ----a-w c:\windows\SYSTEM32\17.tmp 2008-09-11 00:00 94,208 ----a-w c:\windows\SYSTEM32\2C.tmp 2008-09-11 00:00 94,208 ----a-w c:\windows\SYSTEM32\2A.tmp 2008-09-11 00:00 94,208 ----a-w c:\windows\SYSTEM32\29.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938838B5-F66D-427D-8996-4DAF70D23C43}] 2008-07-29 15:16 30208 --a------ c:\windows\system32\awtTJARK.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-08 151597] "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "HostManager"="c:\program files\Common Files\AOL\1129472392\ee\AOLSoftware.exe" [2007-04-12 42032] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2008-01-09 77824] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-25 98304] "BMebf864cb"="c:\windows\system32\skbjmvjf.dll" [2008-08-04 92672] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-04-08 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-01-03 614400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{938838B5-F66D-427D-8996-4DAF70D23C43}"= "c:\windows\system32\awtTJARK.dll" [2008-07-29 30208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtTJARK] 2008-07-29 15:16 30208 c:\windows\SYSTEM32\awtTJARK.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=njbmqq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\WinMX\\WinMX.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Pogo Games\\Turbo 21 To Go\\Turbo21.exe"= "c:\\windows\\system32\\mrkscr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1129472392\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Common Files\\AOL\\1129472392\\ee\\aolsoftware.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . Contents of the 'Scheduled Tasks' folder 2008-11-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - BHO-{3d419119-0391-4806-ad45-93eee8c45c90} - c:\windows\system32\njbmqq.dll BHO-{735A1E2B-B91F-4D03-AAC8-57C4D0C78304} - c:\windows\system32\rqRIBSmJ.dll HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe HKCU-Run-DellSupport - c:\program files\Dell Support\DSAgnt.exe HKCU-Run-DellSupport- - c:\program files\Dell Support\DSAgnt.exe HKCU-Run-Sonic RecordNow! - (no file) HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe HKLM-Run-SMrhcnwbj0encl - c:\program files\rhcnwbj0encl\rhcnwbj0encl.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Linda\Application Data\Mozilla\Firefox\Profiles\mxl3ig8o.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-02 17:30:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\awtTJARK.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\CA\PPRT\bin\ITMRTSVC.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\wanmpsvc.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Dell AIO Printer A920\dlbkbmon.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\Common Files\AOL\Loader\aolload.exe . ************************************************************************ . Completion time: 2008-12-02 17:34:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-02 23:34:47 Pre-Run: 65,401,446,400 bytes free Post-Run: 65,559,523,328 bytes free 372 --- E O F --- 2008-07-15 19:36:45 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:12:11 PM, on 12/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\AOL\1129472392\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Gamevance\gamevance32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {938838B5-F66D-427D-8996-4DAF70D23C43} - C:\WINDOWS\system32\awtTJARK.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129472392\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BMebf864cb] Rundll32.exe "C:\WINDOWS\system32\skbjmvjf.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492MTUS O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.n...GAPANEL_USA.cab O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandr...cher/CDA_AL.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - AppInit_DLLs: njbmqq.dll O20 - Winlogon Notify: awtTJARK - C:\WINDOWS\SYSTEM32\awtTJARK.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8262 bytes

fenzodahl512 View Member Profile	Dec 3 2008, 10:47 PM Post #6
Trusted Helper Posts: 5,212 OS: Windows XP	Uninstall Gamevance from your computer.. Please download the OTMoveIt3 by OldTimer Save it to your Desktop. Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked.. Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar) CODE :processes explorer.exe :files c:\windows\SYSTEM32\??.tmp c:\windows\SYSTEM32\vhmhlprr.dll :\windows\SYSTEM32\lnrsnp.dll c:\windows\SYSTEM32\wwbrffng.dll c:\windows\SYSTEM32\mticlvhr.dll c:\windows\SYSTEM32\jpkukm.dll c:\windows\system32\awtTJARK.dll c:\windows\system32\skbjmvjf.dll c:\program files\Gamevance :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{938838B5-F66D-427D-8996-4DAF70D23C43}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gamevance"=- "BMebf864cb"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{938838B5-F66D-427D-8996-4DAF70D23C43}"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtTJARK] :commands [purity] [emptytemp] [start explorer] [reboot] Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt3 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ----------------------------- Please download Malwarebytes' Anti-Malware from HERE or HERE Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Run ComboFix and HijackThis again.. Post these logs in your next reply.. Post each log in separate post.. 1. OTMoveIt3 2. Malwarebytes' 3. ComboFix 4. HijackThis 5. Tell me, how is your computer now?

Muilenburg

Dec 7 2008, 01:41 PM

Post #7

Member

Posts: 13
OS: windows xp

OT move it file

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\SYSTEM32\17.tmp moved successfully.
c:\windows\SYSTEM32\18.tmp moved successfully.
c:\windows\SYSTEM32\29.tmp moved successfully.
c:\windows\SYSTEM32\2A.tmp moved successfully.
c:\windows\SYSTEM32\2B.tmp moved successfully.
c:\windows\SYSTEM32\2C.tmp moved successfully.
c:\windows\SYSTEM32\41.tmp moved successfully.
DllUnregisterServer procedure not found in c:\windows\SYSTEM32\vhmhlprr.dll
c:\windows\SYSTEM32\vhmhlprr.dll NOT unregistered.
c:\windows\SYSTEM32\vhmhlprr.dll moved successfully.
Error: Unable to interpret <:\windows\SYSTEM32\lnrsnp.dll> in the current context!
Error: Unable to interpret <c:\windows\SYSTEM32\wwbrffng.dll> in the current context!
Error: Unable to interpret <c:\windows\SYSTEM32\mticlvhr.dll> in the current context!
Error: Unable to interpret <c:\windows\SYSTEM32\jpkukm.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\awtTJARK.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\skbjmvjf.dll> in the current context!
Error: Unable to interpret <c:\program files\Gamevance> in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{938838B5-F66D-427D-8996-4DAF70D23C43}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gamevance not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMebf864cb delete