WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista pc, Virus maybe ? has been extremely slow [Solved]

Started by Webster555 , Mar 16 2012 09:45 AM

This topic is locked

59 replies to this topic

#1 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 09:45 AM

This vista pc is really slow. Can someone take a look at this log for me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:06 AM, on 3/16/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dan\Downloads\HiJackThis (1).exe
C:\Users\Dan\Downloads\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=T5082
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T5082
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=T5082
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...xplorer/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Play Pickle - {AEB04B5E-C981-47a9-B847-33EE4C92F6B9} - C:\Program Files\Play Pickle\playpicklelib32.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Play Pickle] C:\Program Files\Play Pickle\playpickle32.exe a
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberDefender Scheduling Service (CDScheduler) - CyberDefender Corp. - C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9287 bytes

Advertisements

Register to Remove

#2 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 16 March 2012 - 12:07 PM

Hello Webster555 and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Lets take a closer look with the following scans:

Please perform the following scan
- Please download DDS from here and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
aswMBR
- Download aswMBR.exe to your desktop.
- Double click the aswMBR.exe to run it.
- When asked if you want to download Avast's virus definitions please select Yes.
- Click the "Scan" button to start scan.
- On completion of the scan click save log, save it to your desktop and post in your next reply.
Please post both DDS logs and the aswMBR log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#3 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:02 PM

Thanks. I will do that now. I've been on here before for another computer under another user name. Ran mbam today and this is the log.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dan :: DAN-PC [administrator]

3/16/2012 12:18:18 PM
mbam-log-2012-03-16 (12-18-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353605
Time elapsed: 3 hour(s), 17 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully.
HKCR\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKCR\CLSID\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft....Id=57426&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeope...m/?n=app&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:10 PM

. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Dan at 18:05:48 on 2012-03-16 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.181 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\SelectRebates\SelectRebates.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082 mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082 uInternet Settings,ProxyOverride = <local>;*.local mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082 uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File uRun: [cdloader] "c:\users\dan\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Play Pickle] c:\program files\play pickle\playpickle32.exe a mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui uPolicies-system: NoDispSettingsPage = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{9F36A383-E0E8-4F5F-8A3F-591F72B2BEC9} : DhcpNameServer = 192.168.2.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\7qhn0gem.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PPC&o=102944&locale=en_US&apn_uid=B842017B-2F5C-4B2B-AD6F-4B56D6056151&apn_ptnrs=6L&apn_sauid=E031C00D-6E2E-4CC9-B2D9-D47D3DC309C2&apn_dtid=YYYYYYYYUS&q= FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-13 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-13 337880] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-13 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-13 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-13 44768] R2 CDScheduler;CyberDefender Scheduling Service;c:\program files\cyberdefender\schedulerservice\SchedulerService.exe [2012-1-20 1002616] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-27 21504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 95200] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-4-4 810320] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-13 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1378040] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-13 136176] S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] . =============== File Associations =============== . .txt=FreeFileViewer.TXT . =============== Created Last 30 ================ . 2012-03-16 18:31:06 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9f551a9-cab0-49df-8160-38b45abac10f}\mpengine.dll 2012-03-14 02:54:17 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 02:54:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 02:54:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 02:54:15 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 02:54:14 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 02:54:14 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 02:53:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-14 02:53:50 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 02:53:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 13:40:50 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-13 13:40:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-13 13:37:59 41184 ----a-w- c:\windows\avastSS.scr 2012-03-13 13:36:59 -------- d-----w- c:\programdata\AVAST Software 2012-03-13 13:36:59 -------- d-----w- c:\program files\AVAST Software 2012-03-12 14:56:40 -------- d-----w- c:\program files\CyberDefender 2012-03-12 14:55:31 -------- d-----w- c:\programdata\CyberDefender . ==================== Find3M ==================== . 2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 18:08:30.88 ===============

#5 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:10 PM

i can not find the other file that is zipped to attach ?

#6 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 16 March 2012 - 04:27 PM

Hello Webster555

Ran mbam today and this is the log

Thanks for the log, but please do not run any more scans unless requested as it can make cleaning more difficult.

i can not find the other file that is zipped to attach ?

The attach.txt log is not zipped. It opens automatically after the main log (dds.txt) is produced.

If you do not have the attach.txt log to post, please run DDS again to create one.

There is no need to attach any logs when you post, just paste them directly into your replies

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#7 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:34 PM

ok i will try again.

#8 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-03-16 18:12:06 ----------------------------- 18:12:06.966 OS Version: Windows 6.0.6002 Service Pack 2 18:12:06.966 Number of processors: 2 586 0x605 18:12:06.966 ComputerName: DAN-PC UserName: Dan 18:12:09.607 Initialize success 18:12:10.732 AVAST engine defs: 12031600 18:12:16.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 18:12:16.233 Disk 0 Vendor: ST3160212A 3.AAE Size: 152627MB BusType: 3 18:12:16.295 Disk 0 MBR read successfully 18:12:16.295 Disk 0 MBR scan 18:12:16.295 Disk 0 unknown MBR code 18:12:16.326 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 8714 MB offset 63 18:12:16.342 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143910 MB offset 17848215 18:12:16.358 Disk 0 scanning sectors +312576705 18:12:16.515 Disk 0 scanning C:\Windows\system32\drivers 18:12:33.578 Service scanning 18:13:29.693 Modules scanning 18:14:13.243 Disk 0 trace - called modules: 18:14:13.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 18:14:13.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84aac678] 18:14:13.791 3 CLASSPNP.SYS[863a58b3] -> nt!IofCallDriver -> [0x83a7e6d8] 18:14:13.807 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0x84415408] 18:14:15.011 AVAST engine scan C:\Windows 18:14:17.936 AVAST engine scan C:\Windows\system32 18:17:54.928 AVAST engine scan C:\Windows\system32\drivers 18:18:11.996 AVAST engine scan C:\Users\Dan 18:39:09.264 AVAST engine scan C:\ProgramData 18:42:29.006 Scan finished successfully 18:43:19.153 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat" 18:43:19.168 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR.txt"

#9 Webster555

Authentic Member

Authentic Member
43 posts

Posted 16 March 2012 - 04:46 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2006 4:39:36 PM
System Uptime: 3/16/2012 4:01:41 PM (2 hours ago)
.
Motherboard: Intel Corporation | | D102GGC2
Processor: Intel® Pentium® 4 CPU 3.00GHz | LGA 775 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 71.547 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 3.66 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2335: 3/7/2012 12:00:10 AM - Scheduled Checkpoint
RP2336: 3/8/2012 12:00:23 AM - Scheduled Checkpoint
RP2337: 3/8/2012 5:04:29 PM - Scheduled Checkpoint
RP2338: 3/9/2012 2:23:32 AM - Windows Update
RP2339: 3/10/2012 12:00:12 AM - Scheduled Checkpoint
RP2340: 3/11/2012 1:00:13 AM - Scheduled Checkpoint
RP2341: 3/12/2012 12:00:14 AM - Scheduled Checkpoint
RP2342: 3/12/2012 10:55:49 AM - Installed CyberDefender Framework
RP2343: 3/13/2012 12:00:28 AM - Scheduled Checkpoint
RP2344: 3/13/2012 1:59:10 AM - Windows Update
RP2345: 3/13/2012 9:36:08 AM - avast! Free Antivirus Setup
RP2346: 3/14/2012 2:00:56 AM - Scheduled Checkpoint
RP2347: 3/14/2012 3:00:18 AM - Windows Update
RP2348: 3/15/2012 12:00:26 AM - Scheduled Checkpoint
RP2349: 3/15/2012 7:09:20 PM - Scheduled Checkpoint
RP2350: 3/16/2012 3:00:28 AM - Windows Update
RP2351: 3/16/2012 12:07:35 PM - Windows Update
RP2352: 3/16/2012 2:19:44 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware 2007
Ad-Aware Email Scanner for Outlook
Adensoft Audio/Data CD Burner 3.0
Adobe AIR
Adobe Flash Player 11 ActiveX
AIM 6
AIM Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
Audio Data Music CD Burner 1.40
avast! Free Antivirus
Belkin Setup and Router Monitor
Bing Maps 3D
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CleanUp!
Compact Wireless-G USB Network Adapter with SpeedBooster
CyberDefender Framework
eMachines Recovery Center Installer
EPSON Stylus CX5000 Scanner Driver Update
Free File Viewer 2010
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inkjet Printer/Scanner Extended Survey Program
iTunes
Java™ SE Runtime Environment 6
JEOPARDY
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Burn Engine
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RTC Client API v1.2
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
ShopAtHome.com Toolbar
Simple Money Keeper 2007 2.0.0
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/16/2012 4:03:27 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel. .
3/16/2012 3:34:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware 2007 Service service to connect.
3/16/2012 3:10:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/16/2012 3:10:30 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2012 3:10:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/15/2012 6:09:22 PM, Error: EventLog [6008] - The previous system shutdown at 6:06:43 PM on 3/15/2012 was unexpected.
3/14/2012 4:46:27 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/14/2012 3:19:57 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/14/2012 11:46:26 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document http://mail.aol.com/...rintMessage.asp, owned by Dan, failed to print on printer Canon MP620 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 2293760. Number of bytes printed: 2126212. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\DAN-PC. Win32 error code returned by the print processor: 1. Incorrect function.
.
==== End Of File ===========================

#10 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 17 March 2012 - 07:57 AM

Hello Webster555

Thank you for the logs.

Security Programs
- I can see from your log that you have a number of real-time security programs running, namely avast! Antivirus and Lavasoft Ad-Watch Live! Anti-Virus.
- Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
- You are advised to remove one of these programs.
- Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
Please un-install the following
- Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
- A list of currently installed programs will be displayed.
- Find the "Ask Toolbar" program, click on it once and then click on the "uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
- Repeat for ShopAtHome.com Toolbar.
- CyberDefender has a somewhat questionable reputation. If you do not use it I suggest you uninstall CyberDefender Framework.
Please make a backup of your Registry
- The following fix requires altering your Windows Registry. Therefore we need to back it up in case we run into problems:
- Download ERUNT to your Desktop (Right click the link, select "Save Link/Target As"..., select your Desktop and press Save).
- Right click erunt.zip, choose "Extract All…" and follow the prompts to unzip the program.
- Open the ERUNT folder on your Desktop and double click ERUNT.exe to start the program.
- Click OK for all the prompts to back up your registry to the default location.
- Note: if it becomes necessary to restore the registry, open the backup folder and start ERDNT.exe.
Please download OTM
- Please download OTM by OldTimer by clicking here.
- Save the file (called OTM.exe) to your desktop.
- Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes 
explorer.exe

:Files
c:\program files\play pickle\playpickle32.exe
c:\program files\play pickle
c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
c:\program files\selectrebates\SelectRebates.exe
c:\program files\selectrebates

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Play Pickle"=-
"SelectRebates"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{e8daaa30-6caa-4b58-9603-8e54238219e2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98279c38-de4b-4bcf-93c9-8ec26069d6f4}"=-
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"=-

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Start Explorer]
[Reboot]
```
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM.
- Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

Advertisements

Register to Remove

#11 Webster555

Authentic Member

Authentic Member
43 posts

Posted 17 March 2012 - 12:43 PM

I think the otm froze. Says not responding

#12 Webster555

Authentic Member

Authentic Member
43 posts

Posted 17 March 2012 - 12:51 PM

Can not find the log. Perhaps it froze before finished

#13 Webster555

Authentic Member

Authentic Member
43 posts

Posted 17 March 2012 - 01:36 PM

finally got otm to complete. this is the log produced All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder c:\program files\play pickle\playpickle32.exe not found. File/Folder c:\program files\play pickle not found. File/Folder c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll not found. File/Folder c:\program files\selectrebates\SelectRebates.exe not found. File/Folder c:\program files\selectrebates not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Play Pickle not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{e8daaa30-6caa-4b58-9603-8e54238219e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8daaa30-6caa-4b58-9603-8e54238219e2}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Application Data pc is still really slow. ex. when i shut down and boot it usually just stays on the screen for a good minute or so before shutting off

#14 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 18 March 2012 - 07:59 AM

Hello Webster555

Please post a new set of DDS scan logs.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#15 Webster555

Authentic Member

Authentic Member
43 posts

Posted 19 March 2012 - 04:49 PM

I will get that tomorrow. this is my sisters Pc. Gotta get there

Body Background

skin color theme