Welcome. Thank you for using Dell Community Forums.
I am reviewing your log. In the meantime, you can help me by addressing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.
* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.
* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
Please open Notepad. Go to the Format menu and UNcheck Wordwarp if it is checked.
Let me know after you have done that. I look forward to your reply so we can begin cleaning.
No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.
Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.
Okay, I guess maybe you didn't get my earlier response??? Sorry but I think I sent it as a regular e-mail. Please let me know if you've received the email and if your're still reviewing the log. Also I'm getting popups for Norton to just "click here" to "fix" I don't have Norton is this from you folks? Thanks much for your time and help.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
We will remove it with MBAM along with other malware, but you may want to change passwords when we are finished cleaning. If you do any online banking, you will need to address that.
I suggest that, for now, you stay offline with that computer except to come here for malware removal, and please do not follow instructions from anyone except one of the trained analysts listed in the announcement at the top of this forum.
I am reposting your DDS log so we can keep everything in one thread.
QUOTE:
When done, DDS will open two (2) logs
1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Please post the Attach.txt below this. Thanks.
DDS (Ver_09-12-01.01) - NTFSx86 Run by Marilee at 7:45:38.42 on Wed 02/10/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.383 [GMT -8:00]
It depends on how much time that you want to spend on this. You forgot to include your attach.txt log so please include it in your next reply.
Regarding Select Rebates: The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents We will remove it with MBAM, but you may want to change passwords when we are finished. If you do any online banking, you will need to address that. http://www.prevx.com/filenames/2963047400032039897-X1/SELECTREBATES.EXE.html
AVSoft may have changed your LAN settings. Let's take a look at that first.
Reboot into Safemode with Networking:
Turn on the computer.
Immediately begin tapping the F8 key. Use the arrow keys to highlight Safe Mode with Networking, and press the Enter key.
When the computer reboots into Safe Mode with Networking: Login with the username you normally use.
When you are at your Windows desktop, open Internet Explorer. When the IE opens, click on the Tools > Internet Options Click on the Connections tab > LAN Settings button (near the bottom of the window) In the Local Area Network (LAN) settings screen, Under the Proxy Server section, please UNcheck the checkbox "Use a proxy server for your LAN" (if it has been checked). Click the OK button to close this screen. Click the OK button to close the Internet Options. Now that you have disabled the proxy server you will be able to browse the web with Internet Explorer.
1. Please download Rkill by Grinler from here Rkill and save it to your desktop. If that does not work try this alternate Link
Double-click on the Rkill desktop icon to run the tool in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs.
Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, please ignore it, and run rkill.com again. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. Therefore, please run rkill quite a few times until the malware is no longer running. You will then be able to proceed with the rest of the instructions below.
*NOTE: A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Do not reboot your computer after running rkill as the malware programs will start again.
2. Now you should download Malwarebytes' Anti-Malware, or MBAM, from one of the following locations and save it to your desktop:
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.
6. As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link: Malwarebytes Anti-Malware
When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
7. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 8. MBAM will now start and you will be at the main program screen.
8. Before you can perform a scan, you must first update the program. To do this click on the Update tab, and that at the new screen click on the Check for Updates button. Malwarebytes' will now check for new updates and download and install them as necessary. When the update is completed, you will be prompted with a message stating either that you already have the latest updates or that they have been updated. Either way, you should now click on the OK button to continue.
9. Now click on the Scanner tab and make sure the the Perform full scan option is selected. Then click on the Scan button to start scanning your computer for Security Tool related files.
10. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When the scan is finished a message box will appear.
11. You should click on the OK button to close the message box and continue with the malware removal removal process.
12. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
13. A screen displaying all the malware that the program found will be shown.
14. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
15. Please post that log in your next reply here.
16. You can now exit the MBAM program.
* Due to the fact that this infection deletes certain MalwareBytes' files, and we had to work around this, if you wish to continue using MalwareBytes' Anti-Malware, which we suggest you do, then you should uninstall and then install it again so that the files are created properly.
Please run a new scan with HijackThis so that you can post the log in your next reply.
Also open HijackThis and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad. Copy and paste that list here along with the log from the scan.
Let me know how things are running at that point. Thanks.
924PLC32 ABBYY FineReader 6.0 Sprint Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 7.1.0 Adobe Shockwave Player 11.5 AOL Coach Version 1.0(Build:20040229.1 en) AOL Toolbar 5.0 AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour CinepPlayer 30 Update Compact Wireless-G USB Adapter Compatibility Pack for the 2007 Office system Conexant D850 56K V.9x DFVc Modem Corel Photo Album 6 Coupon Printer for Windows Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Media Experience Dell Photo AIO Printer 924 DellSupport Digital Content Portal Digital Line Detect Documentation & Support Launcher EarthLink setup files EducateU ELIcon Games, Music, & Photos Launcher Get High Speed Internet! getPlus(R) for Adobe Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix 2050 for SQL Server 2000 ENU (KB948110) Hotfix 2055 for SQL Server 2000 ENU (KB960082) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) HP Document Viewer 6.1 HP Extended Capabilities 6.1 HP Imaging Device Functions 6.1 HP Photosmart Premier Software 6.1 HP Product Assistant HP PSC & OfficeJet 6.1.A HP Solution Center and Imaging Support Tools 6.1 HP Update Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections Internet Service Offers Launcher iPod Update 2004-04-28 IrfanView (remove only) iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 12 Learn2 Player (Uninstall Only) LiveUpdate 2.6 (Symantec Corporation) Malwarebytes' Anti-Malware Mavis Beacon Teaches Typing 12 Standard McAfee SecurityCenter McAfee Uninstaller MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Outlook 2003 with Business Contact Manager Update Microsoft Office Professional Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) Microsoft VC9 runtime libraries MobileMe Control Panel Modem Helper Mozilla Firefox (2.0) MSN MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Musicmatch for Windows Media Player Musicmatch® Jukebox NetWaiting NetZeroInstallers Norton Security Scan OGA Notifier 2.0.0048.0 Poppit To Go Prevx Qualxserve Service Agreement QuickTime Reader Rabbit Learn To Read With Phonics RealPlayer Roxio DLA Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Safari Search Assist Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) Sonic Activation Module Sonic Update Manager Ulead VideoStudio 7 SE DVD Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB978506) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) URL Assistant Viewpoint Media Player WebCyberCoach 3.2 Dell WildTangent Web Driver WinCalendar Windows Internet Explorer 8 Windows Live OneCare safety scanner Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Windows XP Service Pack 3 Word Whomp To Go
HJT log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:48:03 PM, on 2/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 6th, 2010 05:00
Welcome. Thank you for using Dell Community Forums.
I am reviewing your log. In the meantime, you can help me by addressing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.
* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.
* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
Please open Notepad. Go to the Format menu and UNcheck Wordwarp if it is checked.
Let me know after you have done that. I look forward to your reply so we can begin cleaning.
No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.
Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.
gr3gg
3 Posts
0
February 8th, 2010 06:00
- Download the program from here
- Launch Task Manager and end process <4 random chars>sftav.exe (what if Task Manager has been blocked by Antivirus Soft?)
- Install program by double clicking mbam-setup.exe setup file.
- Stick to the guidelines when installing the program.
- Make sure you update the program with latest entries.
- Start computer scan by launcing the program and pressing "Scan" button.
- After the scan has been completed, click "Show Results", then "Remove Selected".
- Computer restart might be necessary.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 8th, 2010 16:00
gr3gg: I will repeat the instructions that I gave you the last time you hijacked one of my threads:
mcrosmer
31 Posts
0
February 9th, 2010 17:00
Okay, I guess maybe you didn't get my earlier response??? Sorry but I think I sent it as a regular e-mail. Please let me know if you've received the email and if your're still reviewing the log. Also I'm getting popups for Norton to just "click here" to "fix" I don't have Norton is this from you folks? Thanks much for your time and help.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 9th, 2010 18:00
I did not receive your reply. Those email replies go to Dell, not me. I was waiting for you to post here.The "Norton" message must be malware.
We need to see some additional information about what is happening in your machine.
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 9th, 2010 20:00
It is almost midnight at my house. I will be logging out soon, but will try to check back within 24 hours.
Regarding Select Rebates: The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents. http://www.prevx.com/filenames/2963047400032039897-X1/SELECTREBATES.EXE.html
We will remove it with MBAM along with other malware, but you may want to change passwords when we are finished cleaning. If you do any online banking, you will need to address that.
I suggest that, for now, you stay offline with that computer except to come here for malware removal, and please do not follow instructions from anyone except one of the trained analysts listed in the announcement at the top of this forum.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 10th, 2010 16:00
I am reposting your DDS log so we can keep everything in one thread.
QUOTE:
1. DDS.txt
2. Attach.txt
Please post the Attach.txt below this. Thanks.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Marilee at 7:45:38.42 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.383 [GMT -8:00]
AV: Antivirus Soft *On-access scanning enabled* (Updated) {B316C67E-09F1-44c7-85E0-94F6DA8A4AA1}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\AOL\1170205204\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Norton Security Scan\Engine\2.7.0.52\Nss.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Marilee\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearch Page =
uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\program files\mcafee\msk\mcapbho.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRun: [WinCalendar] "c:\program files\sapro systems wincalendar\WinCalendar_SysTray.exe /q /c"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1170205204\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinCalendar] "c:\program files\sapro systems wincalendar\WinCalendar_SysTray.exe" /q /c
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
dRun: [WinCalendar] "c:\program files\sapro systems wincalendar\WinCalendar_SysTray.exe" /q /c
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\minima~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 12 standard\MiniMavis.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\marilee\applic~1\mozilla\firefox\profiles\xbwizt3x.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-2-27 201288]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-27 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-27 144704]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-27 695624]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-2-27 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-2-27 35240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-2-27 40488]
S2 gupdate1c9b0d82a16fc46;Google Update Service (gupdate1c9b0d82a16fc46);c:\program files\google\update\GoogleUpdate.exe [2009-3-29 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-2-27 33800]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
=============== Created Last 30 ================
2010-02-06 01:08:07 0 d-sh--w- c:\documents and settings\marilee\PrivacIE
2010-02-06 01:05:24 0 d-sh--w- c:\documents and settings\marilee\IETldCache
2010-02-06 01:01:23 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-06 01:01:06 0 d-----w- c:\windows\ie8updates
2010-02-06 01:00:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-06 01:00:48 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-06 00:58:26 0 dc-h--w- c:\windows\ie8
2010-02-06 00:02:32 0 d-----w- c:\windows\system32\scripting
2010-02-06 00:02:31 0 d-----w- c:\windows\l2schemas
2010-02-06 00:02:30 0 d-----w- c:\windows\system32\en
2010-02-06 00:02:30 0 d-----w- c:\windows\system32\bits
2010-02-05 15:44:12 0 d-----w- C:\avlog
2010-02-05 02:46:35 0 d-----w- c:\windows\system32\drivers\NSS
2010-02-05 02:46:35 0 d-----w- c:\program files\Norton Security Scan
2010-02-05 02:46:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-02-05 02:46:31 0 d-----w- c:\program files\NortonInstaller
2010-02-05 02:46:31 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-05 02:21:26 0 d-----w- c:\windows\system32\Adobe
2010-01-31 04:23:46 0 d-----w- c:\program files\iTunes
2010-01-31 04:20:24 0 d-----w- c:\program files\Bonjour
2010-01-13 04:59:55 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
==================== Find3M ====================
2010-01-05 10:00:21 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-06 23:05:10 68556 ---ha-w- c:\windows\system32\mlfcache.dat
2007-04-27 19:21:26 88 --sh--r- c:\windows\system32\33776E7E6F.sys
2007-04-27 19:21:27 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 7:46:47.46 ===============
mcrosmer
31 Posts
0
February 12th, 2010 07:00
So is there anything I can do to get out of this mess? or am I dead in the water?
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 12th, 2010 09:00
It depends on how much time that you want to spend on this. You forgot to include your attach.txt log so please include it in your next reply.
Regarding Select Rebates: The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents We will remove it with MBAM, but you may want to change passwords when we are finished. If you do any online banking, you will need to address that. http://www.prevx.com/filenames/2963047400032039897-X1/SELECTREBATES.EXE.html
AVSoft may have changed your LAN settings. Let's take a look at that first.
Reboot into Safemode with Networking:
Turn on the computer.
Immediately begin tapping the F8 key. Use the arrow keys to highlight Safe Mode with Networking, and press the Enter key.
When the computer reboots into Safe Mode with Networking: Login with the username you normally use.
When you are at your Windows desktop, open Internet Explorer. When the IE opens, click on the Tools > Internet Options Click on the Connections tab > LAN Settings button (near the bottom of the window) In the Local Area Network (LAN) settings screen, Under the Proxy Server section, please UNcheck the checkbox "Use a proxy server for your LAN" (if it has been checked). Click the OK button to close this screen. Click the OK button to close the Internet Options. Now that you have disabled the proxy server you will be able to browse the web with Internet Explorer.
1. Please download Rkill by Grinler from here Rkill and save it to your desktop. If that does not work try this alternate Link
Therefore, please run rkill quite a few times until the malware is no longer running. You will then be able to proceed with the rest of the instructions below.
*NOTE: A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
Do not reboot your computer after running rkill as the malware programs will start again.
2. Now you should download Malwarebytes' Anti-Malware, or MBAM, from one of the following locations and save it to your desktop:
Malwarebytes Anti-Malware
alternate download link 1
alternate download link 2
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing and is at the last screen, make sure you uncheck both of the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware check boxes. Then click on the Finish button. If Malwarebytes' prompts you to reboot, please do not do so.
6. As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link:
Malwarebytes Anti-Malware
When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
7. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 8. MBAM will now start and you will be at the main program screen.
8. Before you can perform a scan, you must first update the program. To do this click on the Update tab, and that at the new screen click on the Check for Updates button. Malwarebytes' will now check for new updates and download and install them as necessary. When the update is completed, you will be prompted with a message stating either that you already have the latest updates or that they have been updated. Either way, you should now click on the OK button to continue.
9. Now click on the Scanner tab and make sure the the Perform full scan option is selected. Then click on the Scan button to start scanning your computer for Security Tool related files.
10. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear.
11. You should click on the OK button to close the message box and continue with the malware removal removal process.
12. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
13. A screen displaying all the malware that the program found will be shown.
14. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
15. Please post that log in your next reply here.
16. You can now exit the MBAM program.
* Due to the fact that this infection deletes certain MalwareBytes' files, and we had to work around this, if you wish to continue using MalwareBytes' Anti-Malware, which we suggest you do, then you should uninstall and then install it again so that the files are created properly.
mcrosmer
31 Posts
0
February 12th, 2010 13:00
MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3730
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/12/2010 1:33:36 PM
mbam-log-2010-02-12 (13-33-36).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243047
Time elapsed: 46 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 8
Files Infected: 32
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\shopathome.ietoolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{462e4aec-db3b-4e69-af61-4f300d76255c} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8daaa30-6caa-4b58-9603-8e54238219e2} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8daaa30-6caa-4b58-9603-8e54238219e2} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopathome.ietoolbar.1 (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\selectrebatesuninstall (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\selectrebates (Adware.SelectRebates) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\SelectRebates (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Cache (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ImageCache (Adware.SelectRebates) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectAlerts.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebates.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebates.ini (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesA.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesApi.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesB.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesBT.dat (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesUninstall.exe (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SRebates.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SRFF3.dll (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome.manifest (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\install.rdf (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\AddtoList.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\basis.xml (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Basis.xml.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\basis.xml.temp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Blank.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\CashBack.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Coupons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\GroceryCoupon.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\icons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo_24.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\logo_HotSpots.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ReviewSite.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\RightControls.dym (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\Scissors.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\Toolbar\ImageCache\alert-red.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 12th, 2010 14:00
Good work! :emotion-21:
Please run a new scan with HijackThis so that you can post the log in your next reply.
Also open HijackThis and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad.
Copy and paste that list here along with the log from the scan.
Let me know how things are running at that point. Thanks.
mcrosmer
31 Posts
0
February 12th, 2010 15:00
Here you go....
Uninstall Manager list:
924PLC32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CinepPlayer 30 Update
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Coupon Printer for Windows
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Photo AIO Printer 924
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
Get High Speed Internet!
getPlus(R) for Adobe
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP Product Assistant
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iPod Update 2004-04-28
IrfanView (remove only)
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 12
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 12 Standard
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft VC9 runtime libraries
MobileMe Control Panel
Modem Helper
Mozilla Firefox (2.0)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Norton Security Scan
OGA Notifier 2.0.0048.0
Poppit To Go
Prevx
Qualxserve Service Agreement
QuickTime
Reader Rabbit Learn To Read With Phonics
RealPlayer
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sonic Activation Module
Sonic Update Manager
Ulead VideoStudio 7 SE DVD
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WildTangent Web Driver
WinCalendar
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3
Word Whomp To Go
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:03 PM, on 2/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marilee\Desktop\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170205204\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe" /q /c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\TjNfUZ4eM.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe /q /c"
O4 - HKUS\S-1-5-18\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe" /q /c (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinCalendar] "C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe" /q /c (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b0d82a16fc46) (gupdate1c9b0d82a16fc46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 10343 bytes
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 12th, 2010 17:00
Please reboot into Normal mode, and run a new HijackThis scan.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 12th, 2010 17:00
Why did you run HijackThis in Safemode? Are you still having symptoms of malware?
mcrosmer
31 Posts
0
February 12th, 2010 17:00
Per instructed I booted up in safemode when you had me check LAN setting and run rkill. Haven't shut down/rebooted since -