Looking for some suggestions from the planet guru's. Computer is running slower nowdays. hard drive is not full got plenty of room. Running 3 gigs of ram so not the problem I think.
Getting occasional pop ups which makes me think I got something going on. DL'd spybot search and destroy that found a lot of stuff however didn't seem to help. Also running Mcafee...that's what is paid up and came on the computer. Ideas or suggestions. I'm a novice when it comes to this stuff also so if you have ideas please keep them simple,spell it out or draw it in crayon so I get it....thank you all!!!

Personally, I would wipe it out and reinstall the OS. But thats me. I do it at least once per year by choice rather than necessity.

1) Agree with Guru - you want to start with a clean slate
2) Stop surfing for porn and cracked crap :D
3) Last I heard spybot had fallen pretty far behind. Try some of the free online scanners like from trend micro and such.
4) Over time if you try out a lot of different applications your registry will become horrifically bogged down. If you really don't want to do a clean install, you can try a registry cleaner, but it can be hit and miss with that helping.
5) Have you taken a look at what background processes are running on your machine? Try something like process explorer or what's running. They should show you everything you are loading and running, and I know that what's running will make it easy for you to prevent processes from starting automatically.

Personally, I would wipe it out and reinstall the OS. But thats me. I do it at least once per year by choice rather than necessity.

Yep.

Save what you need and reload the OS. I do it at least once a year as well.

OS reload...once a year thing.

You might post a HijackThis log, so we can see what's going on. It may not require a reinstall if it's just something minor....

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071111
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chiefsplanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071111
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.31.6
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vutimuduh] Rundll32.exe "c:\windows\system32\wuwumamu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28ED4A08-E118-4241-9E5D-9FE670114C7C}: NameServer = 66.140.168.9,64.27.13.91
O20 - AppInit_DLLs: bavimuhe.dll c:\windows\system32\wuwumamu.dll
O21 - SSODL: sijogukim - {dbc254ff-219c-4a23-ae39-d58a7f8fefc6} - (no file)
O21 - SSODL: hutukobuh - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
O22 - SharedTaskScheduler: kupuhivus - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10731 bytes

Tuneup Utilities is pretty good at keeping things smooth.

www.finallyfast.com

Your computer will be fast, finally.

F2 - REG:system.ini: Shell=Explorer.exe logon.exe


This is a Trojan (http://htlogs.com/category/startup-type/systemini/), which is why you're getting the pop-ups. If you don't take care of it, you could run into some pretty nasty issues, like the loss of Safe Mode, rogue anti-virus software being downloaded, etc.

1) Restart in Safe Mode with Networking (press F8 several times before Windows starts loading... and if Windows does start to load, just shut it down with the power button, and it should prompt for Safe Mode with Networking the next time). <-- this is important, don't waste 3 hours scanning by not going into Safe Mode first

2) Go here (http://onecare.live.com/site/en-us/default.htm) and run the Protection Scan (it might take a few hours, but it's always found it for me). It'll tell you how many issues it finds, and should be able to fix all of it.

3) Reboot normally, and you might get an error along the lines of 'cannot find logon.exe'. IF the scan found and fixed issues, AND you receive this error, run HiJack this, check mark the entry above, and click 'Fix Selected' (or something like that, heh.. don't have it in front of me).

Also, if you have more than one computer on a home network, I'd recommend scanning those, too... that crap hit a couple of my parents' computers because my brother hooked up his trojan/virus/malware loaded PC to their network, and it took a weekend to clean it up.

Turn off the HP digitail stuff to only run when you are using it and the same with the Roxio keys.

Dump the Google toolbar helper...just get it off your machine

"O21 - SSODL: sijogukim - {dbc254ff-219c-4a23-ae39-d58a7f8fefc6} - (no file)
O21 - SSODL: hutukobuh - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
"

Google this shit to even see what it is.

Ultimately you need to go line by line and google what it is and determine whether you want it running all the time or not.

"O21 - SSODL: sijogukim - {dbc254ff-219c-4a23-ae39-d58a7f8fefc6} - (no file)
O21 - SSODL: hutukobuh - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
"

Google this shit to even see what it is.

A scan in safe mode should get rid of it, but it definitely doesn't belong...

O20 - AppInit_DLLs: bavimuhe.dll c:\windows\system32\wuwumamu.dll

They're randomly named, so they don't show up in Google.

Post another HiJackThis log after running the scan to be sure...

Thanks for the assistance...will start working on it...Thank you very much gentlemen I will let you know how it works out.

Computer will not start in safe mode tried it several times. It just stops and gives me the blue screen that says stop! Suggestions?

Computer will not start in safe mode tried it several times. It just stops and gives me the blue screen that says stop! Suggestions?

Yeah, I was afraid of that.... it deleted registry keys.

I assume this is Windows XP? (guess I should have asked that earlier)

Go to Start -> Run
Type regedit, click OK

That should open the Registry Editor.

Go to Edit -> Find (or press Ctrl-F), and that should open a Find box.
In that box, type SafeBoot. Make sure there's a check for everything under 'Look at:', and click Find Next.

Let me know if it finds anything.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071111
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chiefsplanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5071111
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.31.6
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vutimuduh] Rundll32.exe "c:\windows\system32\wuwumamu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28ED4A08-E118-4241-9E5D-9FE670114C7C}: NameServer = 66.140.168.9,64.27.13.91
O20 - AppInit_DLLs: bavimuhe.dll c:\windows\system32\wuwumamu.dll
O21 - SSODL: sijogukim - {dbc254ff-219c-4a23-ae39-d58a7f8fefc6} - (no file)
O21 - SSODL: hutukobuh - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
O22 - SharedTaskScheduler: kupuhivus - {0d492aba-4878-44fd-a03d-5d7af01bff8e} - c:\windows\system32\wuwumamu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10731 bytes

D00d...you have malware on your PC. Dont even mess around, just backup your data and re-install your OS.

I would recommend another Anti-virus program. McAfee and Symantec both suck balls.

Computer will not start in safe mode tried it several times. It just stops and gives me the blue screen that says stop! Suggestions?

Good malware will disable strings in the registry to disable the ability to boot into safe mode.

Good malware will disable strings in the registry to disable the ability to boot into safe mode.

You are exactly right Coffeeguy. Would not let me do a safe boot for anything. I went online and had Mcafee fix it. They charged me but 1 hr later it's fixed now I'm going to back up. The dude fixing it told me to stay off the porn sites.....I'm never on porn sites.....well almost never! Thanks for you the help and suggestions! The planet rules!

You are exactly right Coffeeguy. Would not let me do a safe boot for anything. I went online and had Mcafee fix it. They charged me but 1 hr later it's fixed now I'm going to back up. The dude fixing it told me to stay off the porn sites.....I'm never on porn sites.....well almost never! Thanks for you the help and suggestions! The planet rules!

Ya, nasty stuff indeed.

The scary thing is you dont need to necessarily surf porn sites to get malware on your PC. Another big problem is cross site scripting which basically is another way to get nasty stuff on your PC.

If you use chrome or firefox, take a look at WOT (Web of trust) extension.
Also, look at adblock and no script extensions as well.

HTH

Ya, nasty stuff indeed.

The scary thing is you dont need to necessarily surf porn sites to get malware on your PC. Another big problem is cross site scripting which basically is another way to get nasty stuff on your PC.

If you use chrome or firefox, take a look at WOT (Web of trust) extension.
Also, look at adblock and no script extensions as well.

HTH

Great advice! No Script especially has saved me many a time on preventing malicious crap from installing.

I like the "wipe the OS" options given. I believe it to be the best option for cleaning PC's. Could someone give a quick rundown of items to backup and how to do so before wiping the drive? I realize the apps will have to be reinstalled, but personal address books, browser favorites, data, etc need to be saved. How does one save these? Where do they reside? Etc. TIA

If we're going to tell computer novices to wipe their OS every time they get a virus, we might as well come up with a CP guide to installing the right OS (http://www.ubuntu.com/), that doesn't require anti-virus software and isn't a bloated PoS and actually comes out with updates more than once every 7 years... hell, go one step further, and we could provide partitioning instructions (http://www.partition-tool.com/personal.htm), so they can surf the internet on Ubuntu while still having Windows available for Photoshop or iTunes or Office or whatever. :shrug:


:)

If we're going to tell computer novices to wipe their OS every time they get a virus, we might as well come up with a CP guide to installing the right OS (http://www.ubuntu.com/), that doesn't require anti-virus software and isn't a bloated PoS and actually comes out with updates more than once every 7 years... hell, go one step further, and we could provide partitioning instructions (http://www.partition-tool.com/personal.htm), so they can surf the internet on Ubuntu while still having Windows available for Photoshop or iTunes or Office or whatever. :shrug:


:)

Not a bad idea.
We could even setup a guide for using VMWare (workstation/player) and when you are going to go to a bad site, use the VM (make sure you disable a few items as well like shared folders between the host and VM). Then show how to use the snapshot manager.

Forget it.
Wrong forum.

start> run> msconfig>

I have an issue here also.

1) I bought this laptop at a pawnshop almost 4 years ago. My BiL owns a string of em. It's been great, but it came with no back up discs.

2) How does one 'wipe out' the OS? Since this computer is just for surfing, I'd kinda like to try wiping it out and using this new OS you linked.

3) I'm in the same boat as the OP, two days ago I started getting popups/redirects like crazy. It's gotten worse each day.

Anybody?

I have an issue here also.

1) I bought this laptop at a pawnshop almost 4 years ago. My BiL owns a string of em. It's been great, but it came with no back up discs.

2) How does one 'wipe out' the OS? Since this computer is just for surfing, I'd kinda like to try wiping it out and using this new OS you linked.

3) I'm in the same boat as the OP, two days ago I started getting popups/redirects like crazy. It's gotten worse each day.

Anybody?

I'm calling it a night, but as far as #2, you would back everything up that you want to keep, boot to a CD, and the installation of the new OS (whether it's Windows, Ubuntu, or whatever) would format the drive and then install the new OS... so there's really nothing you do to wipe it out, except confirm that's what you want to do when the time comes during the installation.

If you're interested in Ubuntu, I'd suggest going here (http://www.ubuntu.com/getubuntu/download), look around, read the instructions on how to create the install CD, etc. And with a little Googling, you can find step-by-step instructions on the install itself, like here (http://news.softpedia.com/news/Installing-Ubuntu-9-04-110794.shtml), that you could print out or have available on another computer.

I could provide more details and resources if needed, but it might be a day or two.

As far as #3, if you're set on #2, you don't have to worry about it, outside of backing up anything you want to keep, which I'd do as soon as possible (that shit can get nasty, and shut down services that are required to copy and paste, so you can't backup your data). If you're not set on #2 or you're a glutton for punishment, you could post a HiJack This log, but my suggestion would be to follow my previous post in this thread, and try to go into Safe Mode to run the OneCare Scan... if booting into Safe Mode gives you a BSoD, you would need to look for the registry keys (another one of my posts in this thread), and if they don't exist, you would have to create them, which can be found here (http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/) (even though I can't seem to get to that site at the moment).

^

pir8te a copy of an OS CD or buy a OS CD at the store


Go into the BIOS(set boot from CD) or make sure you put the OS CD inside the CD tray and boot on the Laptop. Setup should start, and you will be given the option to override the primary partion of the hard drive. Its important that you repartion the hard drive.

Okay. I'll look at this as a project. Should be kinda fun.

Well it took 8 hours but I think I outlasted the sumbiotch.

Do you IT guys do this for a living? It's kinda fun. Trying to figure this shit out.

Aww f*ck. Just got another popup. Hmmm....

Earlier I couldn't get the thing to even boot up. Had to use another computer and use Bearcat's directions with SAFE mode and AVG.

Must still have something cause I just got a single pop up that I must've missed.

Do you IT guys do this for a living? It's kinda fun. Trying to figure this shit out.

I think it's interesting to see the progression of viruses, worms, etc; and I always like a good challenge, but I don't do it for a living. If I charged, it would probably be a decent second job though.

Aww f*ck. Just got another popup. Hmmm....

Earlier I couldn't get the thing to even boot up. Had to use another computer and use Bearcat's directions with SAFE mode and AVG.

Must still have something cause I just got a single pop up that I must've missed.

I've been pushing the Microsoft OneCare around here lately, because it seems to catch just about everything... it seems like if there's one thing Microsoft does right, it's keeping up with all the ways you can f*** with their shitty software. There are so many scanners these days, you never know which one will catch whatever you have... I used to only run Ad-aware and Spybot, then came Malwarebytes, then there's OneCare and bit defender, etc.

I have an issue here also.

1) I bought this laptop at a pawnshop almost 4 years ago. My BiL owns a string of em. It's been great, but it came with no back up discs.

2) How does one 'wipe out' the OS? Since this computer is just for surfing, I'd kinda like to try wiping it out and using this new OS you linked.

3) I'm in the same boat as the OP, two days ago I started getting popups/redirects like crazy. It's gotten worse each day.

Anybody?
You'll need a copy of the OS, but more importantly you'll need a Lic for the OS. If you look on the laptop the Windows Lic might be on it.

I think it's interesting to see the progression of viruses, worms, etc; and I always like a good challenge, but I don't do it for a living. If I charged, it would probably be a decent second job though.



I've been pushing the Microsoft OneCare around here lately, because it seems to catch just about everything... it seems like if there's one thing Microsoft does right, it's keeping up with all the ways you can f*** with their shitty software. There are so many scanners these days, you never know which one will catch whatever you have... I used to only run Ad-aware and Spybot, then came Malwarebytes, then there's OneCare and bit defender, etc.

I'll keep the MS OneCare in my hip pocket. I'd still like to wipe out the OS and start over. As a project. Maybe I'll purchase a new laptop and use this one for surfing and the like and the other for work.
This particular popup that keeps hangin on is from something called neExplore.

I'll keep the MS OneCare in my hip pocket. I'd still like to wipe out the OS and start over. As a project. Maybe I'll purchase a new laptop and use this one for surfing and the like and the other for work.
This particular popup that keeps hangin on is from something called neExplore.

Google found a couple of things for 'nexplore malware'.

That's a good idea... I repartitioned my hard drive so I could keep Windows, but with the malware issues and thought of a new laptop, it's probably better/easier for you to get rid of Windows all together. You could also eventually repartition a new laptop for both, maybe after going through an install on your current laptop.... eh.

If I can only convert one person.... :)

Google found a couple of things for 'nexplore malware'.

That's a good idea... I repartitioned my hard drive so I could keep Windows, but with the malware issues and thought of a new laptop, it's probably better/easier for you to get rid of Windows all together. You could also eventually repartition a new laptop for both, maybe after going through an install on your current laptop.... eh.

If I can only convert one person.... :)

Ubuntu? I'm all for giving it a shot.

so is it not possible to even look at pron sites without getting viruses etc...?

so is it not possible to even look at pron sites without getting viruses etc...?

No, it is definitely possible. The catch is though, the sites that are free are the ones you have to be very concerned about. The ones you pay for, for the most part are legit.

If you really need to surf free porn, I would setup a virtual machine on your PC. Use VMware or virtualbox and create a brand new VM. Setup the VM as you would on your PC for browsing.

Now, when you wanna go to a bad site, use the VM as your source. that way, your main PC never gets infected. Also, before you go to the bad site(s), take a snapshot of the VM; this way, if it gets infected, you just roll back to the snapshot and you are all set.

Lots of tricks out there, but I can tell you this; malware is getting better and better. I see it everyday as part of my job and some of it is downright nasty; completely undetectable and only way I have seen it is through some serious forensic work.

Also, a majority of malware these days it not malicious stuff; it is all about money and information.

No, it is definitely possible. The catch is though, the sites that are free are the ones you have to be very concerned about. The ones you pay for, for the most part are legit.

If you really need to surf free porn, I would setup a virtual machine on your PC. Use VMware or virtualbox and create a brand new VM. Setup the VM as you would on your PC for browsing.

Now, when you wanna go to a bad site, use the VM as your source. that way, your main PC never gets infected. Also, before you go to the bad site(s), take a snapshot of the VM; this way, if it gets infected, you just roll back to the snapshot and you are all set.

Lots of tricks out there, but I can tell you this; malware is getting better and better. I see it everyday as part of my job and some of it is downright nasty; completely undetectable and only way I have seen it is through some serious forensic work.

Also, a majority of malware these days it not malicious stuff; it is all about money and information.

1) I need more info on this virtual machine set up.

2) Where does one read the latest on malware and how to combat it?

1) I need more info on this virtual machine set up.

http://www.vmware.com/products/workstation/index.html

http://www.vmware.com/products/workstation/faqs.html

They have 30 day trial software, which not only gives you the ability to try their software before deciding whether or not you want to pay, but you can use it to test a new OS, too, like Ubuntu or Windows 7.



2) Where does one read the latest on malware and how to combat it?

I let Google do the work for me, but would be interested to hear from those who fight it daily...

1) I need more info on this virtual machine set up.

2) Where does one read the latest on malware and how to combat it?

Take a look at vmware. They have a 30 day trial then you can purchase. The product that you would be looking for is VMWare Workstation.

The other free alternative is:

http://www.virtualbox.org/

As far as finding out more information about malware/viruses, here are a few sites:

http://threatexpert.com/

http://blog.threatfire.com/

Those are good starts.
Sophos, McAfee and Symantec have sites on this stuff as well.

If you want more stuff, let me know. I have a lot of sites I can put up here.

Thanks guys. I appreciate the info. Coffeeguy, feel free to post more malware sites.

Thanks guys. I appreciate the info. Coffeeguy, feel free to post more malware sites.

Will do.