| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96935 | 2009-01-29 17:03:00 | PC running slow...pop ups are killing me! | ajwhite10 (13469) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 743009 | 2009-01-29 17:03:00 | .....IE loads on it's own...opening tab after tab, titles "about:blank" Mozilla cannot control popups, even though I have the google toolbar with popup blocker. Pretty sure I have something funky going on with my PC. Here is my HT file log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:55 AM, on 1/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC DA.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\New Folder\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5aaeb503-2f5d-4292-ac2d-370dd0ca8ae2} - C:\WINDOWS\system32\maguwewo.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: {1af1a10f-35f9-bf58-4304-c3e48e48f2ad} - {da2f84e8-4e3c-4034-85fb-9f53f01a1fa1} - C:\WINDOWS\system32\qmefaj.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s O4 - HKLM\..\Run: [9c52c512] rundll32.exe "C:\WINDOWS\system32\tapeyeni.dll",b O4 - HKLM\..\Run: [CPM9f61f68e] Rundll32.exe "c:\windows\system32\fesureto.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC DA.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - cynosurelaser.webex.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4751FCB1-3A34-4980-9605-70FE62175C3C}: NameServer = 10.41.15.38,10.41.15.2 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\mepavuhi.dll bjfphf.dll qmefaj.dll c:\windows\system32\fesureto.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fesureto.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fesureto.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7249 bytes Thank you in advance for ANY & all help with this! ajw |
ajwhite10 (13469) | ||
| 743010 | 2009-01-29 19:44:00 | [QUOTE=ajwhite10;750494] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC DA.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {5aaeb503-2f5d-4292-ac2d-370dd0ca8ae2} - C:\WINDOWS\system32\maguwewo.dll (file missing) O2 - BHO: {1af1a10f-35f9-bf58-4304-c3e48e48f2ad} - {da2f84e8-4e3c-4034-85fb-9f53f01a1fa1} - C:\WINDOWS\system32\qmefaj.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s O4 - HKLM\..\Run: [9c52c512] rundll32.exe "C:\WINDOWS\system32\tapeyeni.dll",b O4 - HKLM\..\Run: [CPM9f61f68e] Rundll32.exe "c:\windows\system32\fesureto.dll",a O4 - HKUS\S-1-5-19\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - cynosurelaser.webex.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4751FCB1-3A34-4980-9605-70FE62175C3C}: NameServer = 10.41.15.38,10.41.15.2 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\mepavuhi.dll bjfphf.dll qmefaj.dll c:\windows\system32\fesureto.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fesureto.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fesureto.dll Also download and run both Spybot and Malware Bytes. |
pctek (84) | ||
| 743011 | 2009-01-29 19:48:00 | I'm not sure what to make of your post. I already run spybot. thnx |
ajwhite10 (13469) | ||
| 743012 | 2009-01-29 20:09:00 | Just tick the entries pctek posted, get rid of spyware doctor Get rid of windows defender, its hopeless Uninstall all versions of java its out of date then update it Get malwarebytes below, update it then scan |
Speedy Gonzales (78) | ||
| 743013 | 2009-01-30 21:51:00 | Thanks, Speedy. Should I DL the trojan remover as well? ajw |
ajwhite10 (13469) | ||
| 743014 | 2009-01-30 22:00:00 | If you want, it may find something malwarebytes didnt find . Update it then scan . Then select all options under utilities |
Speedy Gonzales (78) | ||
| 743015 | 2009-01-30 22:13:00 | You can if you want, doesn't look like you have anything too serious though. Blam |
Blam (54) | ||
| 1 | |||||