Re: i Cant stop the Mass Amounts of Pop Ups
 

Hello out there, I am too having this problem but I am wondering if someone could help me the same way? I am not sure if I have the exact same problem or not. Could somone please help me and read through my computer to see if I can get mine fixed as well. I am exhausted with all of this pop up junk. I can't seem to do anything on my computer without stuff constantly popping up. Thank you so much for your help.
Blessings,
Kim

Re: i Cant stop the Mass Amounts of Pop Ups
 

We would need to see some logs in order to have an idea of what may be going on with the computer.
First do the steps listed HERE but ignore step concerning Deckard Scanner and substitute instead HiJackThis.
Download HiJackThis
Do a full system scan with it and save the log.
Post back here with logs from Malwarebytes' Anti-Malware (MBA-M) and HiJackthis and then we can see what you may be dealing with, be sure to have MBA-M remove whatever it finds and then reboot the computer and run the HiJackThis scan.
Judy

Re: i Cant stop the Mass Amounts of Pop Ups
 

Here are my logs that you had requested I complete. Thank you for taking the time to help me out. I must say, the 1st scan took almost half the day. Phew! Anyway here we go:

MalwareBytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.31
Database version: 1590
Windows 5.1.2600 Service Pack 3

1/1/2009 4:38:33 PM
mbam-log-2009-01-01 (16-38-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118600
Time elapsed: 48 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 34
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lovusilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roliwiza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sidomuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fupuvuyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\huninulo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gujoyame.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7475debc-8e2c-449e-ab4e-8f129e553f5e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cd2fb8b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lolafegaku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lolafegaku (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1fe1c817 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\roliwiza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\roliwiza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\huninulo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\huninulo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\huninulo.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jukazudu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uduzakuj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lovusilo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\olisuvol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahuhabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubahuhat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tokivafa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afavikot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velajavu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvajalev.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fupuvuyu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\roliwiza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sidomuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\huninulo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\gujoyame.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\newopuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soluwale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lahesumo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tivunifi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\perojiko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pasevawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujurepu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wodepudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijifomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ripeyoji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwonahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dat6B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

ESET Online Scanner log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3731 (20090101)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=60effa21f1581244aea10ace4eab2349
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-02 12:17:21
# local_time=2009-01-01 07:17:21 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=353532
# found=0
# scan_time=9027

HijackThis Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Software Update
DVD Shrink 3.2
ESET Online Scanner
getPlus(R)_ocx
Google Toolbar for Internet Explorer
GoToMyPC
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lame ACM MP3 Codec
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
Lexmark 1200 Series
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyScanCabinet 1.3.1b
Nero Suite
QuickTime
RealPlayer
Rhapsody
Rhapsody Player Engine
Samsung Media Studio
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB951072-v2)
Windows Defender
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Live installer
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Music Jukebox

Re: i Cant stop the Mass Amounts of Pop Ups
 

Looks like MBA-M found and removed a lot.
Quick look through of the uninstall list shows me your Java is out of date. You need to go HERE and download the latest version. Choose the Offline Install and save it to the desktop.
Once the download is complete then go to Add/Remove and Uninstall ALL the older versions of Java you find there.
Once you have uninstalled all of those then go back to that install file residing on the desktop Double click to install the new version. When that is complete then go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to be assured that the install was successful.

Next we need to see a Full System Scan with HJT and save the log. Post that log back here before we can go further.
Judy

Re: i Cant stop the Mass Amounts of Pop Ups
 

Thank you so much for your help. I did the HJT scan and here is the log from it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:19 AM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zewuzano.dll
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - SSODL - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12486 bytes

Blessings,
Kim

Re: i Cant stop the Mass Amounts of Pop Ups
 

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.



Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.

Re: i Cant stop the Mass Amounts of Pop Ups
 

I found a website that discussed the importance of ComboFix and how it needs to be handled directly by supervision of someone with great knowledge of the software. I am trusting you understand how this program works; however, I must ask some questions first.
1) What is the reason you want me to run this, did you see something of importance?
2) This link discusses important things that need to be done prior to running Combofix: http://www.bleepingcomputer.com/comb...o-use-combofix
Wouldn't I need to follow the steps for Windows Recovery bfore running this scan? Several postings I found that they lost their Windows and were having severe trouble restoring what they had before the scan.

I am totally in love with my computer and I really don't want anything bad to happen to it, so please understand how cautious I want to be with this program. Could you please let me know if I should follow the steps listed in that link before proceeding? I do not have the Windows recovery CD for it did not come with the computer. Thank you and will speak with you soon.

Blessings,
Kim

Re: i Cant stop the Mass Amounts of Pop Ups
 

I am very familiar with the link provided, this is the one we all use.
If you don't have an XP disk then no, you cannot install the recovery partition. But it may all ready be on the computer.
If you would prefer not to run the program then you can try to fix with some fixes via HJT but the log shows there is still infection there and this may only stop it from running at the present, not actually remove it.
I have not had experience with people losing use of their computer while running combofix under supervision but this is your choice so we will forgo running it and attempt to remove this infection using HJT and then doing manual search and removals.

Anyway,
Run HJT again and place check marks next to the following entries:
O4 - HKUS\S-1-5-19\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fupuvuyu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lolafegaku] Rundll32.exe "C:\WINDOWS\system32\fomihari.dll",s (User 'Default user')

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zewuzano.dll
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - SSODL - (no file)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run a new HJT scan and save the log and post it back here.
There will then be some manual searches and removals you will have to try.

Re: i Cant stop the Mass Amounts of Pop Ups
 

Thank you again for taking the time to speak with me. I do not mind running the ComboFix if you are familiar with it; after all, all posts I found on this program states that you need to be very familiar with it. If you understand it then I am trusting you know what you are doing. I will run the ComboFix, I just get a little scared when it comes to anything messing up my computer. However, under the current circumstances, my computer is already having a lot of issues, so hopefully it can't possibly get worse. Anyway, I will post back shotly, when the ComboFix is done with everything.
Blessings,
Kim

Re: i Cant stop the Mass Amounts of Pop Ups
 

Ok one problem, when I started to run ComboFix a warning window came up saying this:

ComboFix has detected the following real time scanner(s) to be actve:
McAfee VirusScan
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking 'OK'.

I am not sure how to turn it off. I went into the Security Center and cannot find a way to disable this. I went into McAfee and disabled it for the time being but according to the Security Center it is still turned On. PLease help me understand how to fix this so that I can use ComboFox safely? Thank you
Blessings,
Kim