Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox extremely slow, pop-ups every 5 or so minutes!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby innypooh » January 7th, 2009, 8:04 pm

Every time I start firefox I get popups relating to random things. Sometimes I get internet explorer popups when I don't even have it running. This causes my computer to work extremely slowly. I try to scan for harmful malware EVERY DAY using Malwarebytes' Anti-malware, but it usually comes up with 5-11 culprits such as "trojan.vundo" or "trojan.bho" These are quickly removed, but the same process is repeated every day, and Malwarebytes' consistently claims that my computer is infected with all these "vundo.dlls". Please help! I posted my HijackThis log below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:37 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {1464408D-E9E7-495A-8D9A-8B1E5EA0CFE2} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {759fbeec-8db4-44b3-b49c-e1e8a60b23e1} - C:\WINDOWS\system32\pasagami.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfle.exe] C:\WINDOWS\system32\kdfle.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [rupesomese] Rundll32.exe "C:\WINDOWS\system32\hemodogo.dll",s
O4 - HKLM\..\Run: [CPMafab8307] Rundll32.exe "c:\windows\system32\jamamafo.dll",a
O4 - HKLM\..\Run: [ac98b09b] rundll32.exe "C:\WINDOWS\system32\ruyupuno.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA1403] command /c del "C:\Program Files\AdwareAlert\SpyCleaner.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6133] cmd /c del "C:\Program Files\AdwareAlert\SpyCleaner.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7310] command /c del "C:\Program Files\AdwareAlert\TCL.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4810] cmd /c del "C:\Program Files\AdwareAlert\TCL.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA344] command /c del "C:\Program Files\AdwareAlert\vistaCPtasks.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7036] cmd /c del "C:\Program Files\AdwareAlert\vistaCPtasks.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4564] command /c del "C:\Program Files\AdwareAlert\zlib.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1311] cmd /c del "C:\Program Files\AdwareAlert\zlib.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3414] command /c del "C:\Documents and Settings\owner\Application Data\AdwareAlert\Log\2009 Jan 07 - 06_14_40 PM_828.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8074] cmd /c del "C:\Documents and Settings\owner\Application Data\AdwareAlert\Log\2009 Jan 07 - 06_14_40 PM_828.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8102] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9197] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA452] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6118] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2564] command /c del "C:\Program Files\AdwareAlert\AdwareAlert.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4694] cmd /c del "C:\Program Files\AdwareAlert\AdwareAlert.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9355] command /c del "C:\Program Files\AdwareAlert\AdwareAlert.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2834] cmd /c del "C:\Program Files\AdwareAlert\AdwareAlert.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8431] command /c del "C:\Program Files\AdwareAlert\DataBase.ref"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8362] cmd /c del "C:\Program Files\AdwareAlert\DataBase.ref"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB106] command /c del "C:\Program Files\AdwareAlert\SpyCleaner.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD858] cmd /c del "C:\Program Files\AdwareAlert\SpyCleaner.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7169] command /c del "C:\Program Files\AdwareAlert\TCL.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7180] cmd /c del "C:\Program Files\AdwareAlert\TCL.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2293] command /c del "C:\Program Files\AdwareAlert\vistaCPtasks.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7989] cmd /c del "C:\Program Files\AdwareAlert\vistaCPtasks.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5819] command /c del "C:\Program Files\AdwareAlert\zlib.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2690] cmd /c del "C:\Program Files\AdwareAlert\zlib.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4095] command /c del "C:\Documents and Settings\owner\Application Data\AdwareAlert\Log\2009 Jan 07 - 06_14_40 PM_828.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2146] cmd /c del "C:\Documents and Settings\owner\Application Data\AdwareAlert\Log\2009 Jan 07 - 06_14_40 PM_828.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4891] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5304] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4412] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8822] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5348] command /c del "C:\Program Files\AdwareAlert\AdwareAlert.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3802] cmd /c del "C:\Program Files\AdwareAlert\AdwareAlert.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1991] command /c del "C:\Program Files\AdwareAlert\AdwareAlert.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4031] cmd /c del "C:\Program Files\AdwareAlert\AdwareAlert.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1879] command /c del "C:\Program Files\AdwareAlert\DataBase.ref"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7270] cmd /c del "C:\Program Files\AdwareAlert\DataBase.ref"
O4 - HKUS\S-1-5-19\..\Run: [rupesomese] Rundll32.exe "C:\WINDOWS\system32\hemodogo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rupesomese] Rundll32.exe "C:\WINDOWS\system32\hemodogo.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1182750656
O20 - AppInit_DLLs: anpldl.dll c:\windows\system32\gezimihe.dll c:\windows\system32\gajukilu.dll c:\windows\system32\zosusewa.dll c:\windows\system32\redipefe.dll c:\windows\system32\kedohugu.dll c:\windows\system32\nehowase.dll c:\windows\system32\sadezaji.dll c:\windows\system32\bepesata.dll c:\windows\system32\savohofu.dll c:\windows\system32\mapopabe.dll c:\windows\system32\hajutuki.dll c:\windows\system32\lebapide.dll c:\windows\system32\yidobolo.dll c:\windows\system32\huvohapi.dll c:\windows\system32\tomiyegi.dll c:\windows\system32\kalepopo.dll c:\windows\system32\sunasuyu.dll C:\WINDOWS\system32\sarotehi.dll c:\windows\system32\fuferatu.dll c:\windows\system32\fejuvizo.dll c:\windows\system32\jamamafo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jamamafo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jamamafo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 11214 bytes
innypooh
Active Member
 
Posts: 3
Joined: January 7th, 2009, 7:47 pm
Advertisement
Register to Remove

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby Katana » January 17th, 2009, 6:54 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby innypooh » January 19th, 2009, 2:15 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by In at 2009-01-19 13:13:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 64 GB (64%) free of 100 GB
Total RAM: 447 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:37 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\In\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\In.exe

O2 - BHO: (no name) - {1464408D-E9E7-495A-8D9A-8B1E5EA0CFE2} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: {2dd49033-9324-57da-7d34-1b8dadf2163c} - {c3612fda-d8b1-43d7-ad75-423933094dd2} - C:\WINDOWS\system32\vqargv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfle.exe] C:\WINDOWS\system32\kdfle.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1182750656
O20 - AppInit_DLLs: C:\WINDOWS\system32\lelizomo.dll c:\windows\system32\veseyusi.dll c:\windows\system32\nojepake.dll c:\windows\system32\zogeyupa.dll vqargv.dll c:\windows\system32\kihugali.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kihugali.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kihugali.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 5203 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\egxelgmg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1464408D-E9E7-495A-8D9A-8B1E5EA0CFE2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-12 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3612fda-d8b1-43d7-ad75-423933094dd2}]
C:\WINDOWS\system32\vqargv.dll [2009-01-17 134015]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"aol"=C:\Program Files\AOL\Active Virus Shield\avp.exe [2006-05-30 139367]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-12 185896]
"C:\WINDOWS\system32\kdfle.exe"=C:\WINDOWS\system32\kdfle.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"nForce Tray Options"=sstray.exe /r []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"Uniblue RegistryBooster2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\lelizomo.dll c:\windows\system32\veseyusi.dll c:\windows\system32\nojepake.dll c:\windows\system32\zogeyupa.dll vqargv.dll c:\windows\system32\kihugali.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2006-03-24 28778]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kihugali.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kihugali.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\lelizomo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL\Active Virus Shield\avp.exe"="C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"="C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe:*:Enabled:aawservice"
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe:*:Enabled:jusched"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\LEXBCES.EXE"="C:\WINDOWS\system32\LEXBCES.EXE:*:Enabled:LEXBCES"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

65535-65535-31889 1707:31889:1771 ----N---- C:\WINDOWS\system32\yurivaho.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yusawafa.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yihazuso.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\wifufulu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vewaboji.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tukideka.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\ruzomivu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nazesuna.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mibewoja.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\juyadewi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jawoloki.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jamamafo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jadelamo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\duvapame.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\debaluti.dll
2009-01-19 13:13:28 ----D---- C:\rsit
2009-01-17 13:46:01 ----ASH---- C:\WINDOWS\system32\vqargv.dll
2009-01-15 18:00:29 ----ASH---- C:\WINDOWS\system32\ppsaui.dll
2009-01-13 23:02:02 ----D---- C:\Program Files\Universal
2009-01-13 18:17:51 ----ASH---- C:\WINDOWS\system32\ldmayz.dll
2009-01-12 15:43:31 ----ASH---- C:\WINDOWS\system32\acqkfg.dll
2009-01-07 18:36:54 ----D---- C:\Program Files\Trend Micro
2009-01-07 18:21:00 ----SHD---- C:\Config.Msi
2009-01-03 15:38:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-28 16:09:49 ----A---- C:\WINDOWS\system32\rn.tmp
2008-12-27 17:58:19 ----SH---- C:\WINDOWS\system32\agibatig.ini
2008-12-24 00:57:25 ----A---- C:\WINDOWS\system32\NVUninst.exe
2008-12-24 00:55:28 ----N---- C:\WINDOWS\system32\nvuautl.exe
2008-12-24 00:55:28 ----D---- C:\NVIDIA
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstrmres.dll
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstray.exe
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sndstorm.exe
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\NVCOAD.DLL
2008-12-24 00:55:28 ----A---- C:\WINDOWS\50comupd.exe
2008-12-22 17:25:08 ----A---- C:\WINDOWS\wininit.ini
2008-12-22 16:41:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-22 16:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-01-19 13:13:31 ----D---- C:\WINDOWS\Prefetch
2009-01-19 13:13:10 ----D---- C:\WINDOWS\Temp
2009-01-19 11:46:31 ----D---- C:\Program Files\Mozilla Firefox
2009-01-19 11:38:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-19 00:28:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-18 23:14:22 ----D---- C:\Documents and Settings\In\Application Data\Move Networks
2009-01-18 14:57:48 ----SHD---- C:\WINDOWS\Installer
2009-01-18 14:57:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-18 14:57:30 ----D---- C:\Documents and Settings
2009-01-18 01:36:04 ----D---- C:\WINDOWS\system32
2009-01-17 21:57:19 ----D---- C:\Documents and Settings\In\Application Data\LimeWire
2009-01-17 13:46:08 ----A---- C:\WINDOWS\lexstat.ini
2009-01-13 23:55:01 ----D---- C:\WINDOWS
2009-01-13 23:02:41 ----D---- C:\WINDOWS\Registration
2009-01-13 23:02:02 ----RD---- C:\Program Files
2009-01-11 19:06:40 ----RSD---- C:\WINDOWS\Fonts
2009-01-08 20:36:12 ----SD---- C:\WINDOWS\Tasks
2009-01-07 21:12:57 ----D---- C:\Program Files\Common Files
2009-01-07 21:12:52 ----D---- C:\WINDOWS\system32\drivers
2009-01-07 18:32:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-07 18:21:02 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-03 15:37:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-30 17:53:42 ----ASH---- C:\WINDOWS\system32\jahamure.dll
2008-12-30 05:59:44 ----A---- C:\WINDOWS\system32\hasikevo.dll
2008-12-29 16:53:25 ----ASH---- C:\WINDOWS\system32\laviyigo.dll
2008-12-28 12:33:43 ----ASH---- C:\WINDOWS\system32\begimepo.dll
2008-12-27 14:20:54 ----ASH---- C:\WINDOWS\system32\yeyozoda.dll
2008-12-25 03:28:14 ----ASH---- C:\WINDOWS\system32\lawireyo.dll
2008-12-25 03:28:13 ----ASH---- C:\WINDOWS\system32\jamajide.dll
2008-12-24 00:59:44 ----HD---- C:\WINDOWS\inf
2008-12-24 00:56:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-24 00:55:49 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-23 13:53:51 ----ASH---- C:\WINDOWS\system32\henemate.dll
2008-12-21 15:02:22 ----ASH---- C:\WINDOWS\system32\yozuyosa.dll
2008-12-21 01:03:16 ----ASH---- C:\WINDOWS\system32\bifenona.dll
2008-12-20 13:02:39 ----ASH---- C:\WINDOWS\system32\fidogile.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-12-23 40704]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-12-23 316544]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Active Virus Shield; C:\Program Files\AOL\Active Virus Shield\avp.exe [2006-05-30 139367]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------



AND

info.txt logfile of random's system information tool 1.05 2009-01-19 13:13:42

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Virus Shield-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NVIDIA Ethernet Driver-->C:\WINDOWS\system32\nvuenet.exe Uninstall C:\WINDOWS\system32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers-->C:\WINDOWS\system32\NVUninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Universal HTTP Image Uploader Trial Version-->C:\Program Files\Universal\UImageUpoaderD\USetup.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: Active Virus Shield (outdated)

System event log

Computer Name: OWNER-C14D59D2A
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 29081
Source Name: Application Popup
Time Written: 20081217070421.000000-300
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 26
Message: Application popup: : Machine Check: Regs

Record Number: 29080
Source Name: Application Popup
Time Written: 20081217070421.000000-300
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 29079
Source Name: Application Popup
Time Written: 20081217070421.000000-300
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 26
Message: Application popup: : Machine Check: Regs

Record Number: 29078
Source Name: Application Popup
Time Written: 20081217070421.000000-300
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 29077
Source Name: Application Popup
Time Written: 20081217070421.000000-300
Event Type: information
User:

Application event log

Computer Name: OWNER-C14D59D2A
Event Code: 1
Message:
Record Number: 868
Source Name: Bonjour Service
Time Written: 20080914132146.000000-240
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 0
Message:
Record Number: 867
Source Name: iPod Service
Time Written: 20080913124930.000000-240
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 1
Message:
Record Number: 866
Source Name: Bonjour Service
Time Written: 20080913124921.000000-240
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 0
Message:
Record Number: 865
Source Name: iPod Service
Time Written: 20080912171029.000000-240
Event Type: information
User:

Computer Name: OWNER-C14D59D2A
Event Code: 1
Message:
Record Number: 864
Source Name: Bonjour Service
Time Written: 20080912171027.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
innypooh
Active Member
 
Posts: 3
Joined: January 7th, 2009, 7:47 pm

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby Katana » January 19th, 2009, 6:02 pm

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.



No Antivirus

I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list ( Home users only)
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST


Post back a new RSIT log, so we can continue cleaning your pc.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby innypooh » January 21st, 2009, 10:29 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by In at 2009-01-21 21:28:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 64 GB (64%) free of 100 GB
Total RAM: 447 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:12 PM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\In\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\In.exe

O2 - BHO: (no name) - {1464408D-E9E7-495A-8D9A-8B1E5EA0CFE2} - (no file)
O2 - BHO: {44207555-4246-c0f9-0e64-c855ba1eb481} - {184be1ab-558c-46e0-9f0c-642455570244} - C:\WINDOWS\system32\psrjko.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfle.exe] C:\WINDOWS\system32\kdfle.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CPMafab8307] Rundll32.exe "C:\WINDOWS\system32\bajahuda.dll",a
O4 - HKLM\..\Run: [rupesomese] Rundll32.exe "C:\WINDOWS\system32\dayoyadu.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1182750656
O20 - AppInit_DLLs: C:\WINDOWS\system32\lelizomo.dll c:\windows\system32\veseyusi.dll c:\windows\system32\nojepake.dll c:\windows\system32\zogeyupa.dll c:\windows\system32\kihugali.dll psrjko.dll c:\windows\system32\bajahuda.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajahuda.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajahuda.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 6082 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\egxelgmg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1464408D-E9E7-495A-8D9A-8B1E5EA0CFE2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184be1ab-558c-46e0-9f0c-642455570244}]
C:\WINDOWS\system32\psrjko.dll [2009-01-19 133394]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-12 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"aol"=C:\Program Files\AOL\Active Virus Shield\avp.exe [2006-05-30 139367]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-12 185896]
"C:\WINDOWS\system32\kdfle.exe"=C:\WINDOWS\system32\kdfle.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"nForce Tray Options"=sstray.exe /r []
"CPMafab8307"=C:\WINDOWS\system32\bajahuda.dll []
"rupesomese"=C:\WINDOWS\system32\dayoyadu.dll []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"Uniblue RegistryBooster2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\lelizomo.dll c:\windows\system32\veseyusi.dll c:\windows\system32\nojepake.dll c:\windows\system32\zogeyupa.dll c:\windows\system32\kihugali.dll psrjko.dll c:\windows\system32\bajahuda.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2006-03-24 28778]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajahuda.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajahuda.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\lelizomo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL\Active Virus Shield\avp.exe"="C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"="C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe:*:Enabled:aawservice"
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe:*:Enabled:jusched"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\LEXBCES.EXE"="C:\WINDOWS\system32\LEXBCES.EXE:*:Enabled:LEXBCES"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

65535-65535-31889 1707:31889:1771 ----N---- C:\WINDOWS\system32\yurivaho.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yusawafa.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yihazuso.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yapowuwi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\wifufulu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vewaboji.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tukideka.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\sidehole.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\ruzomivu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nazesuna.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mibewoja.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jawoloki.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jafiyuji.dll
2009-01-21 21:13:48 ----D---- C:\Program Files\Avira
2009-01-21 21:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-01-20 00:46:33 ----D---- C:\WINDOWS\system32\quicktime
2009-01-20 00:46:31 ----D---- C:\Program Files\AVI Movie Player
2009-01-19 22:00:23 ----ASH---- C:\WINDOWS\system32\psrjko.dll
2009-01-19 13:13:28 ----D---- C:\rsit
2009-01-17 13:46:01 ----ASH---- C:\WINDOWS\system32\vqargv.dll
2009-01-15 18:00:29 ----ASH---- C:\WINDOWS\system32\ppsaui.dll
2009-01-13 23:02:02 ----D---- C:\Program Files\Universal
2009-01-07 18:36:54 ----D---- C:\Program Files\Trend Micro
2009-01-07 18:21:00 ----SHD---- C:\Config.Msi
2009-01-03 15:38:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-28 16:09:49 ----A---- C:\WINDOWS\system32\rn.tmp
2008-12-27 17:58:19 ----SH---- C:\WINDOWS\system32\agibatig.ini
2008-12-24 00:57:25 ----A---- C:\WINDOWS\system32\NVUninst.exe
2008-12-24 00:55:28 ----N---- C:\WINDOWS\system32\nvuautl.exe
2008-12-24 00:55:28 ----D---- C:\NVIDIA
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstrmres.dll
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sstray.exe
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\sndstorm.exe
2008-12-24 00:55:28 ----A---- C:\WINDOWS\system32\NVCOAD.DLL
2008-12-24 00:55:28 ----A---- C:\WINDOWS\50comupd.exe
2008-12-22 17:25:08 ----A---- C:\WINDOWS\wininit.ini
2008-12-22 16:41:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-22 16:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-01-21 21:27:22 ----D---- C:\WINDOWS\Temp
2009-01-21 21:26:46 ----D---- C:\WINDOWS\system32
2009-01-21 21:19:13 ----D---- C:\WINDOWS\Prefetch
2009-01-21 21:17:18 ----RD---- C:\Program Files
2009-01-21 21:13:54 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 18:06:05 ----D---- C:\Documents and Settings\In\Application Data\Move Networks
2009-01-21 16:03:54 ----D---- C:\Program Files\Mozilla Firefox
2009-01-21 15:57:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 22:12:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 00:46:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-19 13:36:40 ----A---- C:\WINDOWS\lexstat.ini
2009-01-18 14:57:48 ----SHD---- C:\WINDOWS\Installer
2009-01-18 14:57:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-18 14:57:30 ----D---- C:\Documents and Settings
2009-01-17 21:57:19 ----D---- C:\Documents and Settings\In\Application Data\LimeWire
2009-01-13 23:55:01 ----D---- C:\WINDOWS
2009-01-13 23:02:41 ----D---- C:\WINDOWS\Registration
2009-01-11 19:06:40 ----RSD---- C:\WINDOWS\Fonts
2009-01-08 20:36:12 ----SD---- C:\WINDOWS\Tasks
2009-01-07 21:12:57 ----D---- C:\Program Files\Common Files
2009-01-07 18:32:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-07 18:21:02 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-03 15:37:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 14:20:54 ----ASH---- C:\WINDOWS\system32\yeyozoda.dll
2008-12-24 00:59:44 ----HD---- C:\WINDOWS\inf
2008-12-24 00:55:49 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-12-23 40704]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-12-23 316544]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Active Virus Shield; C:\Program Files\AOL\Active Virus Shield\avp.exe [2006-05-30 139367]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
innypooh
Active Member
 
Posts: 3
Joined: January 7th, 2009, 7:47 pm

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby Katana » January 22nd, 2009, 4:31 am

Information


Registry Cleaners

Re. Uniblue RegistryBooster2

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java Runtime Environment (JRE) . ( don't install it yet )
Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.


User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Firefox extremely slow, pop-ups every 5 or so minutes!

Unread postby NonSuch » January 27th, 2009, 7:56 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 345 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware