1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ie3sh.exe & BHO.DLL errors

Discussion in 'Virus & Other Malware Removal' started by liamo777, Mar 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. liamo777

    liamo777 Thread Starter

    Joined:
    Mar 11, 2012
    Messages:
    5
    Hi,

    my friend has an Acer laptop & every time they boot up she is getting 2 errors I dont how to resolve the issue. For now, I am just clicking on x and closing the program to get these messages to go away.

    The 1st one says in a error box: ie3sh.exe unable to locate component
    this application has failed to start because BHO.DLL was not found. Re-installing the application may fix this problem.

    I read a similiar post which suggested running 'hijackthus log' and posting the results (which I have done - see below):

    Any help much appreciated.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:30:17, on 11/03/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\dvd43\DVD43_Tray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Users\Janet\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session https://broker.gotoassist.com/ds/se...umer&Token=165593660:p0IRGN9otlH7c1zfchd6nA==
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12898 bytes
     
  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Hi and welcome!

    Rescan with HijackThis.
    Close all browser windows except HijackThis.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

    Close HijackThis and reboot the computer.

    Does it still come up?

    This is usually caused by a bad toolbar.

    Run Hijack This and click Open the Misc Tools section.
    Click Open Uninstall Manager > Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of this log.
     
  3. liamo777

    liamo777 Thread Starter

    Joined:
    Mar 11, 2012
    Messages:
    5
    Hi,

    thanks for your help.
    Yes the error messages still occur.
    Heres the results from the logfile:


    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Acer Arcade Deluxe
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer ePower Management
    Acer eRecovery Management
    Acer eSettings Management
    Acer GameZone Console 2.0.1.1
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Product Registration
    Acer ScreenSaver
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.2
    Agatha Christie Death on the Nile
    Alice Greenfingers
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    AVG 2011
    AVG 2011
    Azada
    Backspin Billiards
    Big Kahuna Reef
    Bonjour
    Bookworm Deluxe
    Bricks of Egypt
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BT Wireless Connection Manager
    BT Yahoo! Applications
    BTHomeHub
    Cake Mania
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP495 series MP Drivers
    Canon MP495 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    CCleaner
    Chicken Invaders 3
    Chuzzle
    Diner Dash Flo on the Go
    DVD Shrink 3.2
    DVD43 v4.6.0
    eSobi v2
    Flip Words 2
    Free Audio CD Burner version 1.4.8
    Free YouTube to MP3 Converter version 3.10.13.1123
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GoToAssist Corporate
    GoToAssist Corporate
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 10.0
    HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 2.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 26
    Jewel Quest Solitaire
    Kick N Rush
    Launch Manager
    Mahjong Escape Ancient China
    Mahjongg Artifacts
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvell Miniport Driver
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.0.7)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Huntsville
    Mystery Solitaire - Secret Island
    Nero 7 Premium
    Nero BurnRights
    neroxml
    NTI Backup Now 5
    NTI Media Maker 8
    OGA Notifier 2.0.0048.0
    QuickTime
    Rapport
    Rapport
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Revo Uninstaller 1.93
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Shop for HP Supplies
    SnagIt 8
    Spelling Dictionaries Support For Adobe Reader 9
    Synaptics Pointing Device Driver
    Turbo Pizza
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Yahoo! Software Update
    Zuma Deluxe
     
  4. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT! Save ComboFix.exe to your Desktop


    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  5. liamo777

    liamo777 Thread Starter

    Joined:
    Mar 11, 2012
    Messages:
    5
    Hi,

    thanks for your reply - please find teh results of running combofix pasted below:-

    ComboFix 12-03-12.03 - Janet 12/03/2012 19:49:54.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1442 [GMT 0:00]
    Running from: c:\users\Janet\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\SGPSA\SeARchassistant.dll
    c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA251.tmp
    c:\users\Janet\GoToAssistDownloadHelper.exe
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1420.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1662.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1863.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BAD.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F07.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc22AF.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc23D7.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2406.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc245.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc24E1.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2DD6.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3574.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37F4.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38FE.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B0F.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E3A.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3F9.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4185.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4424.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4887.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A6A.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A99.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F0C.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54C6.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57B3.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DFA.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc695F.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc789B.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7ADC.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc822C.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86BE.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AF3.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C1C.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E0E.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E8.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F08.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FA4.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc983C.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc98E7.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9935.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D2.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE1C.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB1A.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2AE.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2DD.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB425.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF1D.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC0C2.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC267.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC42.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC573.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5B1.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8CD.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD75.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4F4.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE783.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE83.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE76.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D3.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDD1.tmp
    c:\users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF47.tmp
    c:\users\Jessica\Favorites\fantacity towers.docx
    c:\users\Jessica\Favorites\my friends.docx
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc143E.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16FC.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc173A.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AC3.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B5F.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E88.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4730.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc519B.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5820.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58BC.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FBE.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6192.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc655C.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EFA.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F29.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7042.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7052.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7170.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7496.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76A8.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8CE6.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DE0.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FA5.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc908E.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92CF.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E63.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA0A5.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA279.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE89.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB79E.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB869.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCAD.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBFD8.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB3E.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA2B.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE51.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE1AA.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE67A.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE89C.tmp
    c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5A7.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-12 20:27 . 2012-03-12 20:30 -------- d-----w- c:\users\Janet\AppData\Local\temp
    2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Richard\AppData\Local\temp
    2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\users\Oliver\AppData\Local\temp
    2012-03-12 20:26 . 2012-03-12 20:26 -------- d-----w- c:\users\Jessica\AppData\Local\temp
    2012-03-11 17:29 . 2012-03-11 17:29 -------- d-----w- c:\program files\Trend Micro
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-08 19:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-07 22:15 . 2012-03-07 22:15 -------- d-----w- c:\program files\VS Revo Group
    2012-03-07 22:06 . 2012-03-07 22:06 -------- d-----w- c:\program files\SecurityXploded
    2012-03-07 21:42 . 2012-03-07 21:42 -------- d-----w- c:\program files\CCleaner
    2012-03-05 17:36 . 2012-03-05 18:01 -------- d-----w- c:\users\Oliver\AppData\Local\Roblox
    2012-03-02 19:54 . 2012-03-02 19:54 -------- d-----w- c:\program files\Conduit
    2012-03-02 19:54 . 2012-03-03 19:19 -------- d-----w- c:\users\Janet\AppData\Local\Conduit
    2012-02-25 16:15 . 2012-02-25 16:15 -------- d-----w- c:\users\Jessica\AppData\Local\Canon Easy-PhotoPrint EX
    2012-02-25 15:31 . 2012-02-25 15:31 -------- d--h--w- c:\programdata\CanonIJEPPEX
    2012-02-25 15:31 . 2012-02-25 17:24 -------- d-----w- c:\users\Janet\AppData\Local\Canon Easy-PhotoPrint EX
    2012-02-18 22:09 . 2012-02-18 22:09 -------- d-----w- c:\program files\iPod
    2012-02-18 22:09 . 2012-02-18 22:11 -------- d-----w- c:\program files\iTunes
    2012-02-15 18:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 18:12 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 18:12 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 18:13 . 2011-06-12 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-15 15:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
    "FBSSA"="c:\program files\SGPSA\ie3sh.exe" [2009-08-27 765824]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2012-02-01 18:43 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
    .
    2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.co.uk/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\qbijwm0u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6PQq6HrNbu
    FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6PQq6HrNbu&search=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
    HKLM-Run-eRecoveryService - (no file)
    HKLM-Run-hpqSRMon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-12 20:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll????????>XE???????>?>6???C:\Progr
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-03-12 20:44:49
    ComboFix-quarantined-files.txt 2012-03-12 20:44
    .
    Pre-Run: 48,272,330,752 bytes free
    Post-Run: 48,044,609,536 bytes free
    .
    - - End Of File - - 0A4D1AE0A4039861185B20BF6F740874
    Liam
     
  6. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Open Notepad and copy and paste the text in the quote box below into it:





    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  7. liamo777

    liamo777 Thread Starter

    Joined:
    Mar 11, 2012
    Messages:
    5
    Hi,

    thanks again - scan results:

    ComboFix 12-03-12.03 - Janet 13/03/2012 20:14:20.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1706 [GMT 0:00]
    Running from: c:\users\Janet\Desktop\ComboFix.exe
    Command switches used :: c:\users\Janet\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Janet\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2648.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Janet\AppData\Local\temp
    2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Richard\AppData\Local\temp
    2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Oliver\AppData\Local\temp
    2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Jessica\AppData\Local\temp
    2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-11 17:29 . 2012-03-11 17:29 -------- d-----w- c:\program files\Trend Micro
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\users\Janet\AppData\Roaming\Malwarebytes
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-08 19:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-08 19:18 . 2012-03-08 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-07 22:15 . 2012-03-07 22:15 -------- d-----w- c:\program files\VS Revo Group
    2012-03-07 22:06 . 2012-03-07 22:06 -------- d-----w- c:\program files\SecurityXploded
    2012-03-07 21:42 . 2012-03-07 21:42 -------- d-----w- c:\program files\CCleaner
    2012-03-05 17:36 . 2012-03-05 18:01 -------- d-----w- c:\users\Oliver\AppData\Local\Roblox
    2012-03-02 19:54 . 2012-03-02 19:54 -------- d-----w- c:\program files\Conduit
    2012-03-02 19:54 . 2012-03-03 19:19 -------- d-----w- c:\users\Janet\AppData\Local\Conduit
    2012-02-25 16:15 . 2012-02-25 16:15 -------- d-----w- c:\users\Jessica\AppData\Local\Canon Easy-PhotoPrint EX
    2012-02-25 15:31 . 2012-02-25 15:31 -------- d--h--w- c:\programdata\CanonIJEPPEX
    2012-02-25 15:31 . 2012-02-25 17:24 -------- d-----w- c:\users\Janet\AppData\Local\Canon Easy-PhotoPrint EX
    2012-02-18 22:09 . 2012-02-18 22:09 -------- d-----w- c:\program files\iPod
    2012-02-18 22:09 . 2012-02-18 22:11 -------- d-----w- c:\program files\iTunes
    2012-02-15 18:14 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 18:12 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 18:12 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 18:13 . 2011-06-12 08:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-15 15:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
    "FBSSA"="c:\program files\SGPSA\ie3sh.exe" [2009-08-27 765824]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2012-02-01 18:43 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
    .
    2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 17:10]
    .
    2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564966908-1804039707-3730682059-1000Core.job
    - c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 20:47]
    .
    2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564966908-1804039707-3730682059-1000UA.job
    - c:\users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 20:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.co.uk/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\qbijwm0u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.smilebox.com?a=6PQq6HrNbu
    FF - prefs.js: keyword.URL - hxxp://mystart.smilebox.com/?loc=SB_FF_AB&a=6PQq6HrNbu&search=
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-13 20:31
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll????????>XE???????>?>6???C:\Progr
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-03-13 20:41:50
    ComboFix-quarantined-files.txt 2012-03-13 20:41
    ComboFix2.txt 2012-03-12 20:44
    .
    Pre-Run: 47,926,603,776 bytes free
    Post-Run: 47,988,555,776 bytes free
    .
    - - End Of File - - BFAF38FB27FFC2354C10E45184AC3EFE



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:43:57, on 13/03/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\dvd43\DVD43_Tray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11575 bytes
     
  8. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    I don't understand why that entry is still there. Unless something is blocking the fix.

    I assume you are still getting the error then.

    I wonder if it we can disable it thru msconfig
    Click on your Start button, type MSCONFIG in the search box and then either press enter on your keyboard or double-click on the MSCONFIG program that appears in the search results
    Vista will launch Microsoft's System Configuration Utility. Click on the Startup tab.
    Find this entry [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
    Uncheck it, click Apply, then OK. Restart the computer.
     
  9. liamo777

    liamo777 Thread Starter

    Joined:
    Mar 11, 2012
    Messages:
    5
    Hi,

    thanks again for your help - there was no entry for ie3sh.exe in msconfig ?
    Ive deleted the engry from the registry and this appears to have fixed the error

    cheeers liamo777
     
  10. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Glad to hear it (y)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1044773