Hello out there, I am too having this problem but I am wondering if someone could help me the same way? I am not sure if I have the exact same problem or not. Could somone please help me and read through my computer to see if I can get mine fixed as well. I am exhausted with all of this pop up junk. I can't seem to do anything on my computer without stuff constantly popping up. Thank you so much for your help.
Blessings,
Kim
mjwkjw 0 Newbie Poster
jholland1964 650 Posting Expert Team Colleague Featured Poster
We would need to see some logs in order to have an idea of what may be going on with the computer.
First do the steps listed HERE but ignore step concerning Deckard Scanner and substitute instead HiJackThis.
Download HiJackThis
Do a full system scan with it and save the log.
Post back here with logs from Malwarebytes' Anti-Malware (MBA-M) and HiJackthis and then we can see what you may be dealing with, be sure to have MBA-M remove whatever it finds and then reboot the computer and run the HiJackThis scan.
Judy
mjwkjw 0 Newbie Poster
Here are my logs that you had requested I complete. Thank you for taking the time to help me out. I must say, the 1st scan took almost half the day. Phew! Anyway here we go:
MalwareBytes' Anti-Malware log
Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3
1/1/2009 4:38:33 PM
mbam-log-2009-01-01 (16-38-33).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118600
Time elapsed: 48 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 34
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 27
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\lovusilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roliwiza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sidomuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fupuvuyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\huninulo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gujoyame.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cd2fb8b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lolafegaku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lolafegaku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1fe1c817 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\roliwiza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\roliwiza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\huninulo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\huninulo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\huninulo.dll -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uduzakuj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lovusilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\olisuvol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahuhabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubahuhat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tokivafa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afavikot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velajavu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvajalev.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fupuvuyu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roliwiza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sidomuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\huninulo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gujoyame.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\newopuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soluwale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lahesumo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tivunifi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\perojiko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pasevawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujurepu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wodepudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijifomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ripeyoji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwonahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dat6B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
ESET Online Scanner log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3731 (20090101)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=60effa21f1581244aea10ace4eab2349
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-02 12:17:21
# local_time=2009-01-01 07:17:21 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=353532
# found=0
# scan_time=9027
HijackThis Uninstall List
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Software Update
DVD Shrink 3.2
ESET Online Scanner
getPlus(R)_ocx
Google Toolbar for Internet Explorer
GoToMyPC
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lame ACM MP3 Codec
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
Lexmark 1200 Series
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyScanCabinet 1.3.1b
Nero Suite
QuickTime
RealPlayer
Rhapsody
Rhapsody Player Engine
Samsung Media Studio
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB951072-v2)
Windows Defender
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Live installer
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Music Jukebox
jholland1964 650 Posting Expert Team Colleague Featured Poster
Looks like MBA-M found and removed a lot.
Quick look through of the uninstall list shows me your Java is out of date. You need to go HERE and download the latest version. Choose the Offline Install and save it to the desktop.
Once the download is complete then go to Add/Remove and Uninstall ALL the older versions of Java you find there.
Once you have uninstalled all of those then go back to that install file residing on the desktop Double click to install the new version. When that is complete then go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to be assured that the install was successful.
Next we need to see a Full System Scan with HJT and save the log. Post that log back here before we can go further.
Judy
mjwkjw 0 Newbie Poster
Thank you so much for your help. I did the HJT scan and here is the log from it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:19 AM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zewuzano.dll
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - SSODL - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 12486 bytes
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.
Now just sit back and allow the program to run
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When all is complete then please post back here with that log.
mjwkjw 0 Newbie Poster
I found a website that discussed the importance of ComboFix and how it needs to be handled directly by supervision of someone with great knowledge of the software. I am trusting you understand how this program works; however, I must ask some questions first.
1) What is the reason you want me to run this, did you see something of importance?
2) This link discusses important things that need to be done prior to running Combofix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Wouldn't I need to follow the steps for Windows Recovery bfore running this scan? Several postings I found that they lost their Windows and were having severe trouble restoring what they had before the scan.
I am totally in love with my computer and I really don't want anything bad to happen to it, so please understand how cautious I want to be with this program. Could you please let me know if I should follow the steps listed in that link before proceeding? I do not have the Windows recovery CD for it did not come with the computer. Thank you and will speak with you soon.
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
I am very familiar with the link provided, this is the one we all use.
If you don't have an XP disk then no, you cannot install the recovery partition. But it may all ready be on the computer.
If you would prefer not to run the program then you can try to fix with some fixes via HJT but the log shows there is still infection there and this may only stop it from running at the present, not actually remove it.
I have not had experience with people losing use of their computer while running combofix under supervision but this is your choice so we will forgo running it and attempt to remove this infection using HJT and then doing manual search and removals.
Anyway,
Run HJT again and place check marks next to the following entries:
O4 - HKUS\S-1-5-19\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'Default user')
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zewuzano.dll
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - SSODL - (no file)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run a new HJT scan and save the log and post it back here.
There will then be some manual searches and removals you will have to try.
mjwkjw 0 Newbie Poster
Thank you again for taking the time to speak with me. I do not mind running the ComboFix if you are familiar with it; after all, all posts I found on this program states that you need to be very familiar with it. If you understand it then I am trusting you know what you are doing. I will run the ComboFix, I just get a little scared when it comes to anything messing up my computer. However, under the current circumstances, my computer is already having a lot of issues, so hopefully it can't possibly get worse. Anyway, I will post back shotly, when the ComboFix is done with everything.
Blessings,
Kim
mjwkjw 0 Newbie Poster
Ok one problem, when I started to run ComboFix a warning window came up saying this:
ComboFix has detected the following real time scanner(s) to be actve:
McAfee VirusScan
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking 'OK'.
I am not sure how to turn it off. I went into the Security Center and cannot find a way to disable this. I went into McAfee and disabled it for the time being but according to the Security Center it is still turned On. PLease help me understand how to fix this so that I can use ComboFox safely? Thank you
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
I know that some of these protection programs can be difficult to turn off. Maybe the simplest way is to go into Task Manager...Ctrl-Alt-Delete keys and when that opens highlight each one of the items noted below and then click the End Task button.
These include all the McAfee processes I see running in your HJT log and also Windows Defender and AdAware Service (which really does nothing anyway unless you have the paid version and doesn't need to be running at all) I would also advise using Windows Defender only for scanning as it can interfere with fixes done also.
Here are those you should End.
MsMpEng.exe
aawservice.exe
McSACore.exe
mcmscsvc.exe
mcnasvc.exe
mcproxy.exe
mcshield.exe
MPFSrv.exe
mcagent.exe
MSASCui.exe
mcuimgr.exe
mcvsshld.exe
Once you have done that then try running combofix as directed.
Judy
mjwkjw 0 Newbie Poster
Hhere is the ConboFix log. Let me know what this all means and what (if any more) I need to continue fixing. Thank you again.
ComboFix 09-01-01.02 - Jason Woods 2009-01-02 15:42:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.350 [GMT -5:00]
Running from: c:\documents and settings\Jason Woods\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason Woods\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\adasolug.ini
c:\windows\system32\afinadeb.ini
c:\windows\system32\ajezukiv.ini
c:\windows\system32\ajililub.ini
c:\windows\system32\akinudoy.ini
c:\windows\system32\amasebep.ini
c:\windows\system32\anahekik.ini
c:\windows\system32\anofolut.ini
c:\windows\system32\asoyukat.ini
c:\windows\system32\avobopor.ini
c:\windows\system32\ayizirof.ini
c:\windows\system32\azipufik.ini
c:\windows\system32\efakunil.ini
c:\windows\system32\ekefotuj.ini
c:\windows\system32\elineror.ini
c:\windows\system32\eluwovik.ini
c:\windows\system32\enukifom.ini
c:\windows\system32\esokibog.ini
c:\windows\system32\evodahuj.ini
c:\windows\system32\eyekodov.ini
c:\windows\system32\ezumemag.ini
c:\windows\system32\ibinahey.ini
c:\windows\system32\idaholav.ini
c:\windows\system32\idezujur.ini
c:\windows\system32\idogotok.ini
c:\windows\system32\ifoyewig.ini
c:\windows\system32\igukugov.ini
c:\windows\system32\ihuvuvaz.ini
c:\windows\system32\imerurol.ini
c:\windows\system32\inapogob.ini
c:\windows\system32\izumorot.ini
c:\windows\system32\obamuveg.ini
c:\windows\system32\ohoragog.ini
c:\windows\system32\ohujudud.ini
c:\windows\system32\okubotub.ini
c:\windows\system32\orukijuv.ini
c:\windows\system32\owazehig.ini
c:\windows\system32\owihipak.ini
c:\windows\system32\sohezigu.dll
c:\windows\system32\ufivihud.ini
c:\windows\system32\ugomezit.ini
c:\windows\system32\uholunoh.ini
c:\windows\system32\ujowoyar.ini
c:\windows\system32\ukewuvep.ini
c:\windows\system32\ukoboger.ini
c:\windows\system32\uloputak.ini
c:\windows\system32\uteyewaf.ini
c:\windows\system32\uwafoweg.ini
c:\windows\system32\uwelazah.ini
c:\windows\system32\uwodilug.ini
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-02 10:09 . 2009-01-02 10:09 <DIR> d-------- c:\program files\Sun
2009-01-02 10:08 . 2009-01-02 10:07 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 10:08 . 2009-01-02 10:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-01 16:41 . 2009-01-01 19:24 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-01 15:14 . 2009-01-01 15:14 <DIR> d-------- c:\documents and settings\Jason Woods\Application Data\Malwarebytes
2009-01-01 15:13 . 2009-01-01 15:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 15:13 . 2009-01-01 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 15:13 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 15:13 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 15:03 . 2009-01-01 15:03 33,832 --a------ c:\windows\system32\jabhpwrg.exe
2009-01-01 10:10 . 2009-01-01 10:13 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-01-01 09:40 . 2009-01-01 09:40 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 17:10 . 2008-12-31 17:10 <DIR> d-------- c:\windows\CF055C57A98842E6BDAFE3D94C6973A8.TMP
2008-12-31 17:10 . 2008-12-31 17:10 <DIR> d-------- c:\program files\DIFX
2008-12-31 16:56 . 2008-12-31 16:56 <DIR> d-------- c:\documents and settings\Jason Woods\.assistant
2008-12-31 16:34 . 2008-11-25 12:39 18,560 --a------ c:\windows\system32\drivers\FlyUsb.sys
2008-12-31 16:31 . 2008-12-31 16:33 110 --a------ c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-31 16:30 . 2008-12-31 16:32 <DIR> d-------- c:\program files\LeapFrog
2008-12-31 16:30 . 2008-12-31 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2008-12-30 13:55 . 2008-12-30 13:55 <DIR> d-------- c:\program files\Citrix
2008-12-30 13:55 . 2008-09-30 16:04 42,792 --a------ c:\windows\system32\gotomon.dll
2008-12-19 11:45 . 2008-12-19 11:45 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 11:45 . 2008-12-19 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 11:33 . 2008-12-17 11:33 <DIR> d-------- c:\windows\system32\en
2008-12-17 11:33 . 2008-12-17 11:33 <DIR> d-------- c:\windows\system32\bits
2008-12-16 23:56 . 2008-12-16 23:56 2,763 --a------ c:\windows\system32\spupdsvc.inf
2008-12-16 23:47 . 2008-12-16 23:47 <DIR> d-------- c:\windows\system32\scripting
2008-12-16 23:47 . 2008-12-16 23:47 <DIR> d-------- c:\windows\l2schemas
2008-12-16 23:43 . 2008-12-16 23:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-16 23:01 . 2008-12-17 11:29 <DIR> d-------- c:\program files\Windows Defender
2008-12-08 20:54 . 2008-12-08 20:54 <DIR> d-------- c:\program files\iTunes
2008-12-08 20:54 . 2008-12-08 20:54 <DIR> d-------- c:\program files\iPod
2008-12-08 20:54 . 2008-12-08 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 20:50 . 2008-12-08 20:51 <DIR> d-------- c:\program files\QuickTime
2008-12-06 10:33 . 2008-12-31 17:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 15:07 --------- d-----w c:\program files\Java
2009-01-01 15:02 --------- d-----w c:\program files\Common Files\Apple
2009-01-01 15:02 --------- d-----w c:\documents and settings\Jason Woods\Application Data\Move Networks
2008-12-31 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 18:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 15:07 --------- d-----w c:\program files\McAfee
2008-12-10 18:50 --------- d-----w c:\program files\Google
2008-01-14 16:09 61,480 -c--a-w c:\documents and settings\Jason Woods\GoToAssistDownloadHelper.exe
2008-06-09 19:18 152 --sh--r c:\windows\system32\818F014236.sys
2008-06-09 19:18 8,456 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-07 168448]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1347584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-18 185632]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-02-07 24576]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 54512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 16:04 10536 c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\CommandService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe" [2008-11-25 991232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-26 206096]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-12-31 18560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f8408f0-63da-11dd-905f-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654264636448860
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BMUpdate - c:\windows\system32\BMUpdate.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKU-Default-Run-lolafegaku - c:\windows\system32\fomihari.dll
SharedTaskScheduler-SSODL - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 15:48:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PAPI\DEV\W*NULL*I*NULL*N*NULL*B*NULL*O*NULL*N*NULL*D*NULL*_*NULL*C*NULL*D*NULL*-*NULL*R*NULL*O*NULL*M*NULL*_*NULL*D*NULL*R*NULL*I*NULL*V*NULL*E*NULL*:*NULL*0*NULL*0*NULL*1*NULL*_*NULL*_*NULL**NULL*¬ ]
"Tested"=hex:00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(4460)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\windows\system32\lxczcoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Lexmark 1200 Series\LXCZbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-01-02 15:57:17 - machine was rebooted [Jason Woods]
ComboFix-quarantined-files.txt 2009-01-02 20:56:28
Pre-Run: 31,127,199,744 bytes free
Post-Run: 31,111,041,024 bytes free
319 --- E O F --- 2008-11-13 03:27:36
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
Give me a bit to go through all this and I will get back with you ASAP.
Can you update MBA-M and do another scan with it, reboot and then give me a new scan with HiJackThis.
Judy
mjwkjw 0 Newbie Poster
Good afternoon Judy, Here is what you have asked for...
MBA-M 2nd run through log
Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3
1/3/2009 1:57:38 PM
mbam-log-2009-01-03 (13-57-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 117105
Time elapsed: 2 hour(s), 46 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HiJackThis 2nd run through log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:00 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Jason Woods\Desktop\HiJackThis.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 11391 bytes
Please let me know what you think and if there is anything else at all I need to get you. You have been sich a blessing and I have to report that so far, I have had no pop up windows. The only thing I notice differently is that it takes much longer for my wireless internet to load upon starting up my computer. Usually it was 2nd to load (after McAfee) and now it is last to load. Weird.
Talk to you soon.
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
The logs look good. I have several questions before I want to offer start up advice. I see several references to LeapFrog. I know these are kids video game players and several other type items...I have grandkids...but have not found anyplace where these are required to run at start up. Are these used very often? There are multiple listings for Leap Frog both in start ups and start up services.
I also note you say you use wireless internet. You have a start up for ModemOnHold which generally is used for dial up connections and wouldn't be needed unless you use dial up, the same goes for Digital Line Detect
You also have some definitely unnecessary start ups which you can stop and I will note those and tell you how to stop themafter I get your answers on these other questions. Disabling unnecessary start ups would certainly speed the boot time. I will also give you a link to a free program to control these.
Judy
mjwkjw 0 Newbie Poster
The logs look good. I have several questions before I want to offer start up advice. I see several references to LeapFrog. I know these are kids video game players and several other type items...I have grandkids...but have not found anyplace where these are required to run at start up. Are these used very often?
The Leapfrog stuff that is on the computer is for my little girl's TAG book she just got for Christmas. It required me to download a LeapFrof Connect CD, in order to connect her books to the wireless pen. I wouldn't mind doing whatever with them, I just need to be able to connect her books when i buy more for her. So in actuality I don't need it until she gets more bokos. So maybe I can uninstall for now and then redownload when I need it? Or what do you think?
There are multiple listings for Leap Frog both in start ups and start up services.
I also note you say you use wireless internet. You have a start up for ModemOnHold which generally is used for dial up connections and wouldn't be needed unless you use dial up, the same goes for Digital Line DetectIt's funny you say that I have this on my laptop because there are several things that came with this dang laptop that we never use. We use wireless and have always used wireless. Not sure how to get rid off stuff we don't ever use. Like that NetWaiting thing in the bottom right-hand corner of my screen (looks like a telephone).
You also have some definitely unnecessary start ups which you can stop and I will note those and tell you how to stop themafter I get your answers on these other questions. Disabling unnecessary start ups would certainly speed the boot time. I will also give you a link to a free program to control these.
I am totally open to your suggestions. I definitely have way too much crud on my computer that we don't ever use and have no clue how to get rid of them. You should see my running Processes in the Task Manager. Oh my goodness, it is unbelieveable. I once tried to go through the internet to figure out what they all are, but gosh I am not professional guru and have no cluu why there are SO many things running under Processes. So, any help at all would definitely hel me ALOT. Thank you so very much for your time. You are a God send.
Judy
Blessings,
Kim
jholland1964 650 Posting Expert Team Colleague Featured Poster
Ok, here is what you need: download CodeStuff Starter
This program is free and a very easy way to control both Auto Starting Programs and Auto-Starting Services.
Once you get it installed and open the program you will see Three Tabs;
Startups (these are programs which auto start when you start the computer) Processes (this is the same as your Task Manager) and Services (these are the programs which start as services)
First Click on the Startups Tab.
Click All Sections right at the top on the left side. This will show all programs which auto start from different locations...users, current users, registry...etc. You will see all of yours.
Take the check marks out of the following listings:
These are ones you can ABSOLUTELY stop and are not needed at all to run at Start up and can all be run manually when needed.
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software
NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
igfxtray>>>Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets
igfxpers>>> Associated with the Common User Interface module for Intel graphics cards
Google Desktop Search>>>"a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed.
TkBellExe>>> Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required
Adobe Reader Speed Launcher>>>Supposedly launches Adobe Reader faster, really only speeds the launch by a few seconds.
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
iTunesHelper>>>Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory. Now if you use this then it will put itself back into start ups so you will have to go back in and disable it in CodeStuff. If you use this all the time then leave it running. This is your choice.
GoToMyPC>>>ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser.
SunJavaUpdateSched>>>Checks with Sun's Java updates site to see if newer Java versions are available. Visit Sun's Java page or just run the Java Plug-In Control Panel.
Yahoo! Pager>>>Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
ModemOnHold>>> NetWaiting Modem-on-Hold Application. Program for use with dial up connections. If you have call waiting and use a dial up connection this will pop-up when you are online and receive a telephone call.
DellSupport>>>Dell's support tool bundled on their computers. Can be run as necessary.
swg>>>Added by the Google ToolBar for Internet Explorer. This program will notify you when you attempt to change the Internet Explorer search engine to some other search engine.
Digital Line Detect>>>Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
ymetray>>>Yahoo!_Music_utility
Now I will add the LeapFrog Connect\Monitor.exe" You can experiment with this one. Take the check mark out. *I will tell you what to do later.
Now go to the Services Tab.
When this opens everything is listed in alphabetical order. Scroll through the list.
On each one noted you will find the listing, double click to open the service properties for that particular item. First thing to do is at the bottom, if you see Running. Stop the Service by clicking the Stop button. Once it is stopped then go up to the middle and change the Start up type to Manual. Click Apply.
These are the ones which can be set to manual, unless noted to disable, meaning they will only start when you personally start the program.
Lavasoft Ad-Aware Service (aawservice)>>>this basically is worthless unless you have purchased the program. It does nothing but run. You can actually set this one to Disabled at start.
AOL Connectivity Service (AOL ACS) - America Online, Inc...If you don't use AOL then also Disable this one.
DSBrokerService >>>has something to do with Dell Support but can find no good reason for it. I have a Dell and it isn't even on my computer. Set to Manual.
GoToMyPC>>>set to manual
Google Updater Service (gusvc) stop and set to manual
InstallDriver Table Manager>>>This startup should only be created when a software that uses installshield is being installed. If you are not in the middle of installing a program, you can disable this entry.
iPod Service>>>This service is used by Itunes for using your Ipod. If you do not use Itunes you can disable this service.
LeapFrog Connect Device Service>>>stop the service and set to manual. If you see this is a problem with your daughter's LeapFrog device then go back in and re-enable the auto start.
After you have changed all the settings above and clicked Apply on each one then close CodeStuff Starter. Shut down and reboot the computer and see what you think.
*Test out the LeapFrog device and see if all works well manually. If it doesn't then go back into CodeStuff and put the check mark back into the listing for Start up and also set the Services listing to Automatic for the LeapFrog device. Reboot and see if it works ok.
Judy
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.