Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: ie3sh.exe & BHO.DLL errors


(!)

liamo777's Avatar
liamo777 liamo777 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
11-Mar-2012, 01:58 PM #1
ie3sh.exe & BHO.DLL errors
Hi,

my friend has an Acer laptop & every time they boot up she is getting 2 errors I dont how to resolve the issue. For now, I am just clicking on x and closing the program to get these messages to go away.

The 1st one says in a error box: ie3sh.exe unable to locate component
this application has failed to start because BHO.DLL was not found. Re-installing the application may fix this problem.

I read a similiar post which suggested running 'hijackthus log' and posting the results (which I have done - see below):

Any help much appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:17, on 11/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Janet\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session https://broker.gotoassist.com/ds/ses...zfchd6nA%3D%3D
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12898 bytes
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,431 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
11-Mar-2012, 05:26 PM #2
Hi and welcome!

Rescan with HijackThis.
Close all browser windows except HijackThis.
Put a check mark beside these entries and click "Fix Checked".

O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

Close HijackThis and reboot the computer.

Does it still come up?

This is usually caused by a bad toolbar.

Run Hijack This and click Open the Misc Tools section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of this log.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
liamo777's Avatar
liamo777 liamo777 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
11-Mar-2012, 06:17 PM #3
ie3sh.exe & BDO.DLL
Hi,

thanks for your help.
Yes the error messages still occur.
Heres the results from the logfile:


Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.2
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
BT Broadband Desktop Help
BT Broadband Support Tools
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
Cake Mania
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner
Chicken Invaders 3
Chuzzle
Diner Dash Flo on the Go
DVD Shrink 3.2
DVD43 v4.6.0
eSobi v2
Flip Words 2
Free Audio CD Burner version 1.4.8
Free YouTube to MP3 Converter version 3.10.13.1123
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 26
Jewel Quest Solitaire
Kick N Rush
Launch Manager
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Nero 7 Premium
Nero BurnRights
neroxml
NTI Backup Now 5
NTI Media Maker 8
OGA Notifier 2.0.0048.0
QuickTime
Rapport
Rapport
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shop for HP Supplies
SnagIt 8
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Turbo Pizza
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Yahoo! Software Update
Zuma Deluxe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,431 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
11-Mar-2012, 07:25 PM #4
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
liamo777's Avatar
liamo777 liamo777 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
12-Mar-2012, 05:09 PM #5
ie3sh.exe & BDO.DLL
Hi,

thanks for your reply - please find teh results of running combofix pasted below:-

ComboFix 12-03-12.03 - Janet 12/03/2012 19:49:54.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1442 [GMT 0:00]
Running from: c:\users\Janet\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SGPSA\SeARchassistant.dll
c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA251.tmp
c:\users\Janet\GoToAssistDownloadHelper.exe
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1420.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1662.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1863.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BAD.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F07.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22AF.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc23D7.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2406.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc245.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc24E1.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2DD6.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3574.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37F4.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38FE.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B0F.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E3A.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F9.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4185.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4424.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4887.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A6A.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A99.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F0C.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54C6.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57B3.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DFA.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc695F.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc789B.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ADC.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc822C.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86BE.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AF3.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C1C.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E0E.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E8.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F08.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FA4.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc983C.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98E7.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9935.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D2.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE1C.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1A.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2AE.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2DD.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB425.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF1D.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0C2.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC267.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC42.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC573.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5B1.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8CD.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD75.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4F4.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE783.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE83.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE76.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D3.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDD1.tmp
c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF47.tmp
c:\users\Jessica\Favorites\fantacity towers.docx
c:\users\Jessica\Favorites\my friends.docx
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc143E.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16FC.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc173A.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AC3.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B5F.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E88.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4730.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc519B.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5820.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58BC.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FBE.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6192.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc655C.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EFA.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F29.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7042.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7052.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7170.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7496.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76A8.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8CE6.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DE0.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FA5.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc908E.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92CF.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E63.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A5.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA279.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE89.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB79E.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB869.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCAD.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFD8.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB3E.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA2B.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE51.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE1AA.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE67A.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE89C.tmp
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5A7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 20:27 . 2012-03-12 20:30 -------- d-----w- c:\users\Janet\AppData\Local\temp
2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Richard\AppData\Local\temp
2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Oliver\AppData\Local\temp
2012-03-12 20:26 . 2012-03-12 20:26 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-03-11 17:29 . 2012-03-11 17:29 -------- d-----w- c:\program files\Trend Micro
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 19:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-07 22:15 . 2012-03-07 22:15 -------- d-----w- c:\program files\VS Revo Group
2012-03-07 22:06 . 2012-03-07 22:06 -------- d-----w- c:\program files\SecurityXploded
2012-03-07 21:42 . 2012-03-07 21:42 -------- d-----w- c:\program files\CCleaner
2012-03-05 17:36 . 2012-03-05 18:01 -------- d-----w- c:\users\Oliver\AppData\Local\Roblox
2012-03-02 19:54 . 2012-03-02 19:54 -------- d-----w- c:\program files\Conduit
2012-03-02 19:54 . 2012-03-03 19:19 -------- d-----w- c:\users\Janet\AppData\Local\Conduit
2012-02-25 16:15 . 2012-02-25 16:15 -------- d-----w- c:\users\Jessica\AppData\Local\Canon Easy-PhotoPrint EX
2012-02-25 15:31 . 2012-02-25 15:31 -------- d--h--w- c:\programdata\CanonIJEPPEX
2012-02-25 15:31 . 2012-02-25 17:24 -------- d-----w- c:\users\Janet\AppData\Local\Canon Easy-PhotoPrint EX
2012-02-18 22:09 . 2012-02-18 22:09 -------- d-----w- c:\program files\iPod
2012-02-18 22:09 . 2012-02-18 22:11 -------- d-----w- c:\program files\iTunes
2012-02-15 18:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 18:12 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:12 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 18:13 . 2011-06-12 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-15 15:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"FBSSA"="c:\program files\SGPSA\ie3sh.exe" [2009-08-27 765824]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-02-01 18:43 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\qbijwm0u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6PQq6HrNbu
FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6PQq6HrNbu&search=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-hpqSRMon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 20:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll????????>XE???????>?>6???C:\Progr
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-12 20:44:49
ComboFix-quarantined-files.txt 2012-03-12 20:44
.
Pre-Run: 48,272,330,752 bytes free
Post-Run: 48,044,609,536 bytes free
.
- - End Of File - - 0A4D1AE0A4039861185B20BF6F740874
Liam
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,431 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
12-Mar-2012, 06:11 PM #6
Open Notepad and copy and paste the text in the quote box below into it:



Quote:
Folder::
c:\program files\SGPSA


Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
liamo777's Avatar
liamo777 liamo777 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
13-Mar-2012, 04:52 PM #7
ie3sh.exe & BHO.DLL errors
Hi,

thanks again - scan results:

ComboFix 12-03-12.03 - Janet 13/03/2012 20:14:20.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1706 [GMT 0:00]
Running from: c:\users\Janet\Desktop\ComboFix.exe
Command switches used :: c:\users\Janet\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2648.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Janet\AppData\Local\temp
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Richard\AppData\Local\temp
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Oliver\AppData\Local\temp
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-11 17:29 . 2012-03-11 17:29 -------- d-----w- c:\program files\Trend Micro
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 19:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-07 22:15 . 2012-03-07 22:15 -------- d-----w- c:\program files\VS Revo Group
2012-03-07 22:06 . 2012-03-07 22:06 -------- d-----w- c:\program files\SecurityXploded
2012-03-07 21:42 . 2012-03-07 21:42 -------- d-----w- c:\program files\CCleaner
2012-03-05 17:36 . 2012-03-05 18:01 -------- d-----w- c:\users\Oliver\AppData\Local\Roblox
2012-03-02 19:54 . 2012-03-02 19:54 -------- d-----w- c:\program files\Conduit
2012-03-02 19:54 . 2012-03-03 19:19 -------- d-----w- c:\users\Janet\AppData\Local\Conduit
2012-02-25 16:15 . 2012-02-25 16:15 -------- d-----w- c:\users\Jessica\AppData\Local\Canon Easy-PhotoPrint EX
2012-02-25 15:31 . 2012-02-25 15:31 -------- d--h--w- c:\programdata\CanonIJEPPEX
2012-02-25 15:31 . 2012-02-25 17:24 -------- d-----w- c:\users\Janet\AppData\Local\Canon Easy-PhotoPrint EX
2012-02-18 22:09 . 2012-02-18 22:09 -------- d-----w- c:\program files\iPod
2012-02-18 22:09 . 2012-02-18 22:11 -------- d-----w- c:\program files\iTunes
2012-02-15 18:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 18:12 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:12 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 18:13 . 2011-06-12 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-15 15:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"FBSSA"="c:\program files\SGPSA\ie3sh.exe" [2009-08-27 765824]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-02-01 18:43 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564966908-1804039707-3730682059-1000Core.job
- c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 20:47]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564966908-1804039707-3730682059-1000UA.job
- c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 20:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\qbijwm0u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6PQq6HrNbu
FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6PQq6HrNbu&search=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 20:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll????????>XE???????>?>6???C:\Progr
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-13 20:41:50
ComboFix-quarantined-files.txt 2012-03-13 20:41
ComboFix2.txt 2012-03-12 20:44
.
Pre-Run: 47,926,603,776 bytes free
Post-Run: 47,988,555,776 bytes free
.
- - End Of File - - BFAF38FB27FFC2354C10E45184AC3EFE



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:57, on 13/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5735
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11575 bytes
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,431 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
13-Mar-2012, 09:49 PM #8
I don't understand why that entry is still there. Unless something is blocking the fix.

I assume you are still getting the error then.

I wonder if it we can disable it thru msconfig
Click on your Start button, type MSCONFIG in the search box and then either press enter on your keyboard or double-click on the MSCONFIG program that appears in the search results
Vista will launch Microsoft's System Configuration Utility. Click on the Startup tab.
Find this entry [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
Uncheck it, click Apply, then OK. Restart the computer.
liamo777's Avatar
liamo777 liamo777 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
16-Mar-2012, 05:24 PM #9
Hi,

thanks again for your help - there was no entry for ie3sh.exe in msconfig ?
Ive deleted the engry from the registry and this appears to have fixed the error

cheeers liamo777
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,431 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
16-Mar-2012, 07:40 PM #10
Glad to hear it
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑