Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Many unwanted pop-ups & suddenly running much slower

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Bio-Hazard » November 3rd, 2008, 3:26 am

Hello!

Do you still need help?

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Advertisement
Register to Remove

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby frantzjj » November 3rd, 2008, 8:55 am

Yes - just didn't make it to my mom's this weekend. I plan on going there tomorrow. I'll send you the reports then.

Thanks
frantzjj
Active Member
 
Posts: 11
Joined: October 15th, 2008, 4:28 pm

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Bio-Hazard » November 3rd, 2008, 10:39 am

Hello!

Thanks for letting me know.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby frantzjj » November 4th, 2008, 11:19 pm

This is what I've got:

ComboFix Log:

ComboFix 08-10-29.06 - Judith Deutsch 2008-10-29 11:06:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.241 [GMT -5:00]
Running from: C:\Documents and Settings\Judith Deutsch\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Judith Deutsch\Cookies\gygagivom.bat
C:\Documents and Settings\Judith Deutsch\Cookies\wetyr.com
C:\Documents and Settings\Judith Deutsch\Cookies\ydidetazen.vbs
C:\Documents and Settings\Judith Deutsch\Local Settings\Temporary Internet Files\ipurizawu.sys
C:\test.txt
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\ortyeras.config
C:\WINDOWS\system32\syspilog.pil
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\tawisys.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_INTERNET_SERVICE
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PANDRV
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SEIUCTOL
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDSSSERV.SYS)
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD
-------\Service_noxtcyr
-------\Service_seiuctol
-------\Service_TDSSserv.sys
-------\Service_TDSSserv.sys)


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Documents and Settings\Judith Deutsch\Application Data\Malwarebytes
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 09:59 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 09:59 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 08:30 . 2008-10-29 08:30 164 --a------ C:\WINDOWS\system32\TDSSmhct.dat
2008-10-29 08:24 . 2008-10-29 08:24 16,418 --a------ C:\Documents and Settings\All Users\Application Data\zowaku.dll
2008-10-25 19:18 . 2008-10-25 19:18 19,535 --a------ C:\WINDOWS\pefagoq.reg
2008-10-25 19:18 . 2008-10-25 19:18 19,467 --a------ C:\Documents and Settings\Judith Deutsch\Application Data\magaxa.reg
2008-10-25 19:18 . 2008-10-25 19:18 19,457 --a------ C:\WINDOWS\vaxu._dl
2008-10-25 19:18 . 2008-10-25 19:18 18,507 --a------ C:\Program Files\Common Files\nosidi.pif
2008-10-25 19:18 . 2008-10-25 19:18 17,738 --a------ C:\WINDOWS\system32\idydulawef._sy
2008-10-25 19:18 . 2008-10-25 19:18 16,626 --a------ C:\Documents and Settings\All Users\Application Data\hapyp.exe
2008-10-25 19:18 . 2008-10-25 19:18 15,107 --a------ C:\WINDOWS\pifawoxo.com
2008-10-25 19:18 . 2008-10-25 19:18 13,821 --a------ C:\Program Files\Common Files\kyxow.dat
2008-10-25 19:18 . 2008-10-25 19:18 12,549 --a------ C:\WINDOWS\gaze._sy
2008-10-25 19:18 . 2008-10-25 19:18 12,090 --a------ C:\WINDOWS\fahuj.com
2008-10-25 19:18 . 2008-10-25 19:18 11,926 --a------ C:\Program Files\Common Files\omitenuze.scr
2008-10-25 19:18 . 2008-10-25 19:18 11,651 --a------ C:\WINDOWS\bypipu.ban
2008-10-25 13:59 . 2008-10-25 13:59 164 --a------ C:\WINDOWS\system32\TDSSnirj.dat
2008-10-25 00:10 . 2008-10-25 00:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint
2008-10-23 23:11 . 2008-10-15 11:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-17 13:28 . 2008-10-17 13:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-10-15 21:41 . 2008-09-15 07:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 21:41 . 2008-09-08 05:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 21:40 . 2008-08-14 05:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 21:40 . 2008-08-14 05:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 21:40 . 2008-08-14 04:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 21:40 . 2008-08-14 04:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 18:03 . 2008-10-25 07:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-15 17:57 . 2008-10-29 10:56 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-15 17:57 . 2008-10-15 17:57 <DIR> d-------- C:\Program Files\AVG
2008-10-15 17:57 . 2008-10-17 08:42 <DIR> d-------- C:\Documents and Settings\Judith Deutsch\Application Data\AVGTOOLBAR
2008-10-15 17:57 . 2008-10-15 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-15 17:57 . 2008-10-15 17:57 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-15 17:57 . 2008-10-15 17:57 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-15 17:57 . 2008-10-15 17:57 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-15 17:56 . 2008-10-15 18:16 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-15 15:40 . 2008-10-15 15:40 <DIR> d-------- C:\Program Files\Panicware
2008-10-15 15:13 . 2008-10-15 15:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 16:00 . 2008-10-11 16:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-11 16:00 . 2008-10-11 16:00 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-11 16:00 . 2008-10-11 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-11 16:00 . 2008-10-11 16:00 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-11 15:56 . 2008-10-11 16:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-11 15:47 . 2008-10-11 15:47 <DIR> d-------- C:\WINDOWS\EHome
2008-10-11 15:25 . 2008-10-11 15:25 <DIR> d-------- C:\Program Files\Ad-Aware
2008-10-11 15:12 . 2008-10-15 14:16 <DIR> d-------- C:\Program Files\AVG Anti-Virus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 17:24 --------- d-----w C:\Program Files\Real
2008-10-16 17:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-10-16 17:09 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-16 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-10-16 17:08 --------- d-----w C:\Program Files\AIM
2008-10-16 17:04 --------- d-----w C:\Program Files\Logitech
2008-10-16 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 21:14 --------- d-----w C:\Program Files\MSN Messenger
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 18:54 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-06-12 15:34 6,498 ---ha-w C:\Documents and Settings\Judith Deutsch\Application Data\wklnhst.dat
2007-02-18 18:38 58,456 ---ha-w C:\Documents and Settings\Judith Deutsch\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-10 98304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-06 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-15 1234712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-05-10 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-15 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-15 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-15 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-15 76040]
S2 ipxlaunch;Ipx/ip Service;c:\temp\svchost.exe [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []

2008-10-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9520EAF-E719-4C11-A8D9-A1DB19BEECD2}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Judith Deutsch\Application Data\Mozilla\Firefox\Profiles\rzglvdt3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox? ... S:official
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 11:12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\PSAPI.DLL
-> ?:\WINDOWS\system32\PSAPI.DLL
-> ?:\WINDOWS\system32\PSAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-29 11:18:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-29 16:18:07

Pre-Run: 55,413,481,472 bytes free
Post-Run: 56,972,091,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

231 --- E O F --- 2008-10-24 08:01:25

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 04, 2008 14:50:14
Records in database: 1369557
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 51609
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:43:35

No malware has been detected. The scan area is clean.

The selected area was scanned.

JavaRa Log:

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 04 13:35:37 2008

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

------------------------------------

Finished reporting.

New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:10 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12BD90A2-371E-4FFB-AF83-E536FE830F4F}: NameServer = 206.146.95.3,137.192.240.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{69C46558-BDEC-4A5A-878F-B7C09831B248}: NameServer = 76.164.128.4,137.192.240.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{12BD90A2-371E-4FFB-AF83-E536FE830F4F}: NameServer = 206.146.95.3,137.192.240.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{12BD90A2-371E-4FFB-AF83-E536FE830F4F}: NameServer = 206.146.95.3,137.192.240.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ipx/ip Service (ipxlaunch) - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)

--
End of file - 6819 bytes

That's It!

The computer has been running pretty good - She hasn't been having any issues lately... running faster and no more pop-ups!

Let me know how to proceed.

Thanks!
frantzjj
Active Member
 
Posts: 11
Joined: October 15th, 2008, 4:28 pm

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Bio-Hazard » November 5th, 2008, 6:30 pm

Hello!

You are doing well and we are almost done.That Combofix log is the old Combofix log.

Did you run the Combofix according to my instructions in my previous post?

Did you make that cfsript and moved into the Combofix according to the instructions in my previos post?

Go here and post this log for me to see: C:\ComboFix.txt
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby frantzjj » November 6th, 2008, 9:11 am

I did what you said, but I must not have done it right... It'll be a couple days again - I don't know when I'm going back...
frantzjj
Active Member
 
Posts: 11
Joined: October 15th, 2008, 4:28 pm

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Bio-Hazard » November 9th, 2008, 3:10 am

Hello!

How are you getting on?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby frantzjj » November 9th, 2008, 10:29 am

Still haven't been back to my mom's - don't know when I'll get there...
frantzjj
Active Member
 
Posts: 11
Joined: October 15th, 2008, 4:28 pm

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Bio-Hazard » November 10th, 2008, 2:34 pm

Hello!

You have been working very hard to get that computer clean and we have made lot of progress. At this point think it is best to close this thread. When you have enough time you could post a new thread. I am still in this forum and i would keep eye on your username and would happily assist you again.

Regards

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Many unwanted pop-ups & suddenly running much slower

Unread postby Blade81 » November 12th, 2008, 1:23 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware