There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Go to first new post Somethings Amiss....
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
40 iexplore.exe running slowing computer way down (In Progress)

Reply  
Thread Tools
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
30-Jun-2009, 08:06 AM #1
40 iexplore.exe running slowing computer way down
please help.
for some reason my computer has slowed way down.
When I do a control alt delete. it show that I have 40+ iexplore.exe running. what could be causing this and how do I get rid of it?
Last edited by lmore; 30-Jun-2009 at 09:33 AM.. Reason: didn't finish post
Register for free to hide this ad!
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
04-Jul-2009, 01:11 AM #2
bump
bump

Hijack this report
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Last edited by lmore; 04-Jul-2009 at 01:22 AM.. Reason: add hijack this report
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
04-Jul-2009, 04:37 PM #3
Hijack This Report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:14 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1198823795\ee\AOLSoftware.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinSettings\WinSettings.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\aol\1198823795\ee\AOLDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol toolbar\AolTbServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Laura\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4D57CAC7-76C1-B489-BA1F-B756C5CBE460} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A237F0C8-AC86-61E7-5221-B9114D8B9622} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: (no name) - {C0DD0B76-95A4-29E5-8451-349202F560EB} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1198823795\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinSettings] C:\Program Files\WinSettings\WinSettings.Exe /load
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)
O4 - HKUS\S-1-5-21-4065255840-3076733166-2527199283-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4065255840-3076733166-2527199283-1009\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b (User '?')
O4 - HKUS\S-1-5-21-4065255840-3076733166-2527199283-1009\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\aol\Launch\aollaunch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra 'Tools' menuitem: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_rela...eUploader5.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166394348203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/uploa...pv2.0.0.11.cab?
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: intu-help-qb2 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0144821239910244) (0144821239910244mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014482~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Express Accounts (ExpressAccountsService) - NCH Software - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe
O23 - Service: Express Invoice (ExpressInvoiceService) - NCH Software - C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95c69925e60f0) (gupdate1c95c69925e60f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WPEServ - MAUS Software - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 19203 bytes
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
10-Jul-2009, 10:58 AM #4
Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
10-Jul-2009, 11:43 AM #5
Hijack This Uninstall
Ad-Aware 2007
Adobe AIR
Adobe AIR
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AOL Toolbar for Firefox
AOL Toolbar for Internet Explorer
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Art Explosion Publisher Pro
Audit Support Center 1.0
BCM V.92 56K Modem
Bonjour
Britannica Ready Reference
Broadcom Advanced Control Suite
CCleaner (remove only)
ClickArt 750,000
CoffeeCup Direct FTP 6.5.5
CoffeeCup Flash FireStarter
CoffeeCup Flash Form Builder - Registered
CoffeeCup Flash Menu Builder
CoffeeCup Flash Password Wizard
CoffeeCup Flash Photo Gallery - Registered
CoffeeCup Flash Website Font
CoffeeCup Free HTML Editor
CoffeeCup Free Zip Wizard
CoffeeCup GIF Animator
CoffeeCup Google SiteMapper
CoffeeCup Image Mapper
CoffeeCup Live Chat - Registered
CoffeeCup LockBox
CoffeeCup MP3 Rip & Burn
CoffeeCup PixConverter
CoffeeCup RSS News Flash - Registered
CoffeeCup StyleSheet Maker
CoffeeCup Visual Site Designer Software
CoffeeCup Web Calendar
CoffeeCup Web Form Builder - Registered
CoffeeCup Web JukeBox - Registered
CoffeeCup Web Video Player - Registered
CoffeeCup WebCam
CoffeeCup Website Color Schemer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Creative ZEN Stone Plus User's Guide
Critical Update for Windows Media Player 11 (KB959772)
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Driver's Education '99
Easy CD Creator 5 Basic
Express Accounts
Express Burn
Express Invoice
Fast Browser Search (My Web Tattoo)
Forms Reader
GIMP 2.4.4
Google Chrome
Google Desktop
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript 8.63
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
hp instant support
HP Memories Disc
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPSSupply
ieSpell
Indeo® software
Intel(R) Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java(TM) 6 Update 13
LimeWire 4.18.2
Map Button (Windows Live Toolbar)
Marketing Plan Pro 6.0
McAfee SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MyHeritage Family Tree Builder
NetObjects Fusion 10.0
NetObjects Fusion 10.0 Trial
NetObjects Fusion Essentials
NetObjects Toolbox - Bonus Applications
Network Magic
Paint Shop Pro 7
Paint.NET v3.35
PaperVision Document Viewer Controls
PDF Professional 2
Photo TurboBackup
Picasa 3
QuickBooks Simple Start 2009
Quicken 2002 New User Edition
QuickTime
RealPlayer
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Serif DrawPlus 4.0
ShopAtHome SelectRebates
Sierra Utilities
Smart Menus (Windows Live Toolbar)
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Sound Effects
Spresent ver.4.0.1.18
SPSS 13.0 for Windows Integrated Student Version
SPSS Data Access Pack for Windows 4.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SupportSoft Assisted Service
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinSettings
WinZip 12.0
WinZip E-Mail Companion
WordPerfect Office 2002
WordPerfect Office 2002
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
10-Jul-2009, 11:51 AM #6
Go to add/remove programs and remove these:
Coupon Printer for Windows
CouponBar
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_04
LimeWire 4.18.2
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20




Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
10-Jul-2009, 02:32 PM #7
Unable to remove
Hello,
OK, I have removed most of the programs you listed. I am unable to remove the coupon printer for some reason.
Also, IE won't open, it just hangs on "connecting".

Should I restart the computer after installing the programs and prior to running the Anti Malware?
Thanks
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
10-Jul-2009, 03:27 PM #8
Malwarebytes log
Malwarebytes' Anti-Malware 1.38
Database version: 2403
Windows 5.1.2600 Service Pack 3
7/10/2009 1:25:25 PM
mbam-log-2009-07-10 (13-25-25).txt
Scan type: Quick Scan
Objects scanned: 144819
Time elapsed: 20 minute(s), 32 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 79
Memory Processes Infected:
C:\Program Files\SelectRebates\SelectRebates.exe (Adware.SelectRebates) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93 c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f28 2b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sele ctrebatesuninstall (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{462e4aec-db3b-4e69-af61-4f300d76255c} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9827 9c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8daaa30-6caa-4b58-9603-8e54238219e2} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8da aa30-6caa-4b58-9603-8e54238219e2} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\selectreba tes (Adware.SelectRebates) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\SelectRebates (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\FFToolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\content (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale\en-US (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\defaults (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\defaults\preferences (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Cache (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\ImageCache (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\selectrebates\SelectAlerts.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebates.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebates.ini (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebatesA.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebatesApi.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebatesB.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebatesBT.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SelectRebatesUninstall.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SRebates.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\SRFF3.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome.manifest (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\install.rdf (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\content\options.js (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\content\options.xul (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\content\sahtoolbar.js (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\content\sahtoolbar.xul (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale\en-US\contents.rdf (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale\en-US\sahtoolbar.dtd (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale\en-US\sahtoolbar.dtd.skin (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\locale\en-US\sahtoolbar.properties (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\3rdParty.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\add-folderplus.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\add-plussign.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\alert-blue.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\alert-red.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\bluebar.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\dollarsign.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\FindWords.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\gripper.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\icon-magnifying.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\invite.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\invite2.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\my-blue.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\my-gray.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\my-green.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\my-red.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Options.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\S.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\SAH-LogoHotSpots.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\SAH-logotext.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\SAH-mainlogo-v1.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\SAH-mainlogo-v2.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\sahtoolbar.css (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Scissors.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Search.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\shoppingcart.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\singleperson.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\star.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\thumb2.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Thumbs.db (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\toolbar-images-ALL.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Toolbar_HelpAndFeedback.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\chrome\skin\Wrench.png (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\fftoolbar\defaults\preferences\sahtoolbar.js (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Add.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\AdvancedOptions.html (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\basis.xml (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Basis.xml.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Blank.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\button-CloseWindow.gif (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\icons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Invite.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\i_clipboard.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\i_help.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\i_magnifying.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\logo.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\logo_24.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\logo_HotSpots.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\MyNew.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\MyNone.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\MyPage.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Rate.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\RightControls.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\sah_logo_bars.gif (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Scissors.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\ShopAtHomeToolbar.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Tools.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\selectrebates\Toolbar\Tools2.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin\matrix.dat (Adware.AdMedia) -> Quarantined and deleted successfully.
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
10-Jul-2009, 08:14 PM #9
Please post a new hijackthis log.
lmore's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2008
Experience: Beginner
11-Jul-2009, 12:31 AM #10
New Hijack report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:09 PM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\AOL\1198823795\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinSettings\WinSettings.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\aol\1198823795\ee\AOLDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Laura\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4D57CAC7-76C1-B489-BA1F-B756C5CBE460} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A237F0C8-AC86-61E7-5221-B9114D8B9622} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: (no name) - {C0DD0B76-95A4-29E5-8451-349202F560EB} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1198823795\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSettings] C:\Program Files\WinSettings\WinSettings.Exe /load
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; AOL 10.1; AOLBuild 2.1.84.1; brand=aol; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\aol\Launch\aollaunch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra 'Tools' menuitem: Open with PDF Professional 2 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\DATA BECKER\PDF Professional 2\pdfshell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_rela...eUploader5.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166394348203
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/uploa...pv2.0.0.11.cab?
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: intu-help-qb2 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0144821239910244) (0144821239910244mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014482~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Express Accounts (ExpressAccountsService) - NCH Software - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe
O23 - Service: Express Invoice (ExpressInvoiceService) - NCH Software - C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95c69925e60f0) (gupdate1c95c69925e60f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WPEServ - MAUS Software - C:\Program Files\Common Files\WPE\wpeserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 18427 bytes
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
11-Jul-2009, 11:13 AM #11
Click Start - Run - and type in:

services.msc

Click OK.

In the services window find:

Security Agent (scagent)

Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.
Exit the Services utility.


Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.




Run HJT again and put a check in the following:

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: (no name) - {4D57CAC7-76C1-B489-BA1F-B756C5CBE460} - (no file)
O2 - BHO: (no name) - {A237F0C8-AC86-61E7-5221-B9114D8B9622} - (no file)
O2 - BHO: (no name) - {C0DD0B76-95A4-29E5-8451-349202F560EB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O18 - Protocol: intu-help-qb2 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Close all applications and browser windows before you click "fix checked".



Restart the machine and post a new hijackthis log. Let me know if you are having any problems.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 04:01 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.