Golden Retriever Cash Back

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Golden Retriever Cash Back, still trying to get rid of this HELP!!

Options

z4955 View Member Profile	Mar 4 2005, 10:06 AM Post #1
Member Group: Members Posts: 20 Joined: 3-March 05 Member No.: 13,481	Golden Retriever Cash Back showed up in my programs list and I can't get rid of it. Add/Remove doesn't work. I ran spybot, downloaded and ran adaware, downloaded and unzipped hijackthis and here is the hijackthis log: YAY!! I finally got it to work thus far!! Logfile of HijackThis v1.99.1 Scan saved at 9:45:21 AM, on 3/4/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\CARPSERV.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE C:\WINDOWS\AGRSMMSG.EXE C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\OAK TECHNOLOGY\OAK SIMPLICD\OAKTASK.EXE C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\MY DOCUMENTS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.amishdonkey.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sylvaninfo.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sylvan Information Services, Inc. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R3 - Default URLSearchHook is missing O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\PROPEL ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [Windows FormatAd] C:\PROGRAM FILES\WINDOWS FORMATAD\WINFORM.EXE O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE O4 - HKLM\..\Run: [OAKTASK] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Program Files\NeoTracePro\NTXtoolbar.htm (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.sylvaninfo.net/ O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

z4955 View Member Profile	Mar 5 2005, 07:54 AM Post #2
Member Group: Members Posts: 20 Joined: 3-March 05 Member No.: 13,481	can somebody plz help me with this???

Papakid View Member Profile	Mar 9 2005, 10:37 PM Post #3
Guru at being a Newbie Group: HJT Team Posts: 5,718 Joined: 8-April 04 Member No.: 96	Sorry you seem to have fallen thru the cracks there z4955. We generally look for the oldest log with zero replies, you made one (a reply) to your own thread so it looked as if you were getting help. If you still need help please post a fresh log and I'll get to it soon. -------------------- If I have helped you, please consider a donation in memory of my cousin Matthew, lost to leukemia August 29, 2008 at the age of 25. Matt's sister, Marla, and his wife, Erin (who he had newly wed), are raising money to fight such blood diseases. Marla's Site Erin's Site

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 04:02 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides