Tech Support Forum banner
Cancel

spyware problem

2022 Views 31 Replies 2 Participants Last post by  gopi_bos
G
spyware or virus???

hi

my system becomes very slow after i downloaded some tutorials and movies from utorrent, i think it may be a spyware or virus, but most of the spyware removal and virus removal tools did not find any new virus or spywares, but the start up time becomes very slow more than usual, even opening the new file or folder takes time and my internet speed becomes slow, uniblue software shows ram is running high using more memory, overall process of the system becomes slow all of a sudden

i have win xp, pentium 4, 250 ram, 80 gb harddisk.


please help me out, i will be thankful for you!!!
Save
Like
Status
Not open for further replies.
1 - 20 of 32 Posts
amateur
Re: spyware or virus???

Malware may not always be the cause of sluggishness. Take a look at the sticky topic at the top of this HijackThis Log Help section --> Is your PC running slow...?

Also, please read this sticky: http://www.techsupportforum.com/f112/if-you-think-your-computer-is-infected-203704.html

If you cannot complete any of the 5 steps for whatever reason, just continue on with the next one until they are all completed, and post your logs in The HJT Help Forum, where an Analyst will assist you. However, it is very important to make mention of any of the steps that you were not able to complete.

After you've posted your logs, please be patient, as the Security Team Analysts are very busy.
Save
Like
G
my system becomes very slow after i downloaded some tutorials and movies from utorrent, i think it may be a spyware or virus, but most of the spyware removal and virus removal tools did not find any new virus or spywares, but the start up time becomes very slow more than usual, even opening the new file or folder takes time and my internet speed becomes slow, uniblue software shows ram is running high using more memory, overall process of the system becomes slow all of a sudden

i have win xp, pentium 4, 250 ram, 80 gb harddisk.


please help me out, i will be thankful for you!!!i have attached my dss.exe results of the scan

pls analyse and help me to get rid of spyware or virus!!

Attachments

Save
Like
amateur
Hi,

I merged your threads. But, in future, please do not start a new thread when you reply. Just click on the "Post Reply" button at the bottom left corner of the last post. Also we prefer that you do not attach the logs unless specifically asked to do so. So, I'm pasting the main.txt here for convenience.

Please give me some time to go through the logs. I'll be back shortly.

Deckard's System Scanner v20071014.68
Run by my accout on 2008-05-31 21:50:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-05-31 16:20:44 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-31 14:50:57 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).

-- HijackThis (run as my accout.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:39 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\my accout.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

--
End of file - 2393 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080516-212622-891 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080526-210656-405 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080528-214519-636 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080528-214519-864 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080528-214519-260 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080528-214519-896 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
backup-20080528-214519-164 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080528-214519-362 O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-28 09:00:02 354 --a------ C:\WINDOWS\Tasks\At1.job
2008-05-26 22:16:58 346 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-05-08 17:57:24 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-28 17:57:32 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-29 18:51:46 0 d--hs---- C:\FOUND.006
2008-05-29 18:07:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-28 19:25:16 0 dr------- C:\Documents and Settings\my accout\Recent
2008-05-27 23:14:56 0 d-------- C:\Documents and Settings\my accout\Application Data\Google
2008-05-26 23:06:41 0 d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:54:34 0 dr------- C:\Documents and Settings\GOBI\Recent
2008-05-26 22:52:41 0 d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31:51 0 d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:10:35 0 d---s---- C:\Documents and Settings\my accout\UserData
2008-05-23 13:30:32 0 d-------- C:\Documents and Settings\my accout\Application Data\CyberLink
2008-05-22 20:02:58 0 d-------- C:\Documents and Settings\my accout\Application Data\Malwarebytes
2008-05-22 19:33:37 0 d-------- C:\Documents and Settings\my accout\Application Data\vlc
2008-05-22 19:20:27 0 d-------- C:\Documents and Settings\my accout\Application Data\Macromedia
2008-05-22 19:20:26 0 d-------- C:\Documents and Settings\my accout\Application Data\Adobe
2008-05-22 19:12:18 0 d-------- C:\Documents and Settings\my accout\Application Data\Real
2008-05-22 19:12:04 0 d-------- C:\Documents and Settings\my accout\Application Data\Identities
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\Templates
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Start Menu
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\SendTo
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\PrintHood
2008-05-22 19:08:54 2883584 --a------ C:\Documents and Settings\my accout\NTUSER.DAT
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\NetHood
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\My Documents
2008-05-22 19:08:54 0 d--h----- C:\Documents and Settings\my accout\Local Settings
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Favorites
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\Desktop
2008-05-22 19:08:54 0 d---s---- C:\Documents and Settings\my accout\Cookies
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Application Data
2008-05-21 20:00:37 0 dr------- C:\Documents and Settings\Administrator\Recent
2008-05-20 21:41:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-20 21:19:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-20 21:14:31 0 d-------- C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 21:14:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-20 21:13:50 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-20 21:13:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 20:22:06 0 d-------- C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 20:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:19:46 0 d-------- C:\Program Files\Comodo
2008-05-20 19:42:37 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-20 19:42:37 2549 --a------ C:\WINDOWS\unins000.dat
2008-05-20 19:20:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-20 18:55:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-19 17:43:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-18 18:59:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-18 18:56:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-18 18:55:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-16 21:09:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-16 21:05:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-14 18:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 18:39:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 18:39:35 0 d-------- C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 18:38:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 18:32:42 0 d-------- C:\Program Files\Trend Micro
2008-05-08 19:06:24 0 d-------- C:\Program Files\MSConfig CleanUp
2008-05-08 17:56:17 0 d-------- C:\Documents and Settings\GOBI\Application Data\Media Player Classic
2008-05-05 17:10:02 0 d-------- C:\Program Files\SoftwrapLicense
2008-05-02 18:24:59 0 d-------- C:\Documents and Settings\GOBI\Application Data\Dev-Cpp
2008-05-02 18:24:42 0 d-------- C:\Program Files\Dev-Cpp
2008-05-01 20:29:07 0 d-------- C:\Program Files\uTorrent
2008-05-01 20:29:06 0 d-------- C:\Documents and Settings\GOBI\Application Data\uTorrent
2008-04-30 19:37:49 0 d-------- C:\Documents and Settings\GOBI\Application Data\Google
2008-04-30 19:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Google

-- Find3M Report ---------------------------------------------------------------

2008-05-12 21:33:48 65 --a------ C:\AUTOEXEC.BAT
2008-04-28 17:57:24 0 d-------- C:\Program Files\Uniblue
2008-04-23 19:48:56 0 d-------- C:\Program Files\My Lockbox
2008-04-16 17:43:28 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-15 21:32:34 12 --a------ C:\WINDOWS\acmmzx.dll
2008-04-15 21:32:20 0 d-------- C:\Program Files\Registry Cleaner
2008-04-15 19:49:04 12586 --a------ C:\WINDOWS\viwucyb.dll
2008-04-15 19:49:04 16755 --a------ C:\WINDOWS\system32\afeheguqa.bat
2008-04-15 19:49:04 15599 --a------ C:\WINDOWS\qavidewi.bat
2008-04-15 19:49:04 11725 --a------ C:\WINDOWS\lapufafy.pif
2008-04-15 19:49:04 11062 --a------ C:\WINDOWS\dedavavu.sys
2008-04-15 19:49:04 12236 --a------ C:\WINDOWS\byhojad.com
2008-04-15 19:49:04 17108 --a------ C:\WINDOWS\akoly.vbs
2008-04-15 19:49:04 17906 --a------ C:\Program Files\Common Files\yfylyru.inf
2008-04-15 19:49:04 12603 --a------ C:\Program Files\Common Files\otawecas.dll
2008-04-15 19:49:04 17466 --a------ C:\Program Files\Common Files\imiju.dl
2008-04-15 19:49:04 16350 --a------ C:\Program Files\Common Files\fagamib.inf
2008-04-15 19:45:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 19:45:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-14 21:17:06 18440 --a------ C:\WINDOWS\zutujeha.com
2008-04-14 21:17:06 15448 --a------ C:\WINDOWS\tebun.dll
2008-04-14 21:17:06 19681 --a------ C:\WINDOWS\oxymak.bin
2008-04-14 21:17:06 15919 --a------ C:\WINDOWS\ehudopar.com
2008-04-14 21:17:06 13144 --a------ C:\Program Files\Common Files\ybyle.pif
2008-04-14 21:17:06 10396 --a------ C:\Program Files\Common Files\xetujo.sys
2008-04-14 21:17:06 11774 --a------ C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 21:17:06 19596 --a------ C:\Program Files\Common Files\cukih.dl
2008-04-09 20:07:46 14769 --a------ C:\WINDOWS\bubag.exe
2008-04-09 20:07:46 10300 --a------ C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 20:01:40 12708 --a------ C:\WINDOWS\uwibufary.com
2008-04-09 20:01:40 11673 --a------ C:\WINDOWS\system32\abow.com
2008-04-09 20:01:40 11042 --a------ C:\WINDOWS\inado.dll
2008-04-09 20:01:40 18127 --a------ C:\WINDOWS\emawo.bat
2008-04-09 20:01:40 17383 --a------ C:\Program Files\Common Files\zekaqec.scr
2008-04-09 20:01:40 18946 --a------ C:\Program Files\Common Files\yzat.com
2008-04-09 20:01:40 16146 --a------ C:\Program Files\Common Files\vote.dat
2008-04-09 20:01:40 19824 --a------ C:\Program Files\Common Files\akar._sy
2008-04-09 20:01:40 12715 --a------ C:\Program Files\Common Files\ajepuzehak.ban
2008-04-09 20:01:38 13296 --a------ C:\Program Files\Common Files\xoxipes.sys
2008-04-09 20:01:38 18801 --a------ C:\Program Files\Common Files\enufuw.ban
2008-04-09 19:12:36 13735 --a------ C:\WINDOWS\ymykisa.exe
2008-04-09 19:12:36 13752 --a------ C:\WINDOWS\xuwukise.dat
2008-04-09 19:12:36 11670 --a------ C:\WINDOWS\ihubyqen.reg
2008-04-09 19:12:36 17539 --a------ C:\Program Files\Common Files\uzyjigo.dat
2008-04-09 19:12:34 18958 --a------ C:\WINDOWS\system32\upavuv.vbs
2008-04-09 19:12:34 14540 --a------ C:\WINDOWS\asanud.pif
2008-04-09 19:12:34 18591 --a------ C:\Program Files\Common Files\ucatob.exe
2008-04-09 19:12:34 12129 --a------ C:\Program Files\Common Files\lifegen.sys
2008-04-09 19:12:34 10630 --a------ C:\Program Files\Common Files\esosaco.sys
2008-04-09 19:12:34 10935 --a------ C:\Program Files\Common Files\cobid.lib
2008-04-09 19:10:52 0 d-------- C:\Program Files\WinClamAVShield
2008-04-08 22:04:56 14101 --a------ C:\WINDOWS\vodohyto.dll
2008-04-08 22:04:56 12889 --a------ C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 22:04:56 16686 --a------ C:\WINDOWS\mahojoqupa.bat
2008-04-08 21:38:30 11496 --a------ C:\WINDOWS\ybicybunyp.scr
2008-04-08 21:38:30 11058 --a------ C:\WINDOWS\xupaw.pif
2008-04-08 21:38:30 18507 --a------ C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 21:38:30 17039 --a------ C:\WINDOWS\nedexa.exe
2008-04-08 21:38:30 18173 --a------ C:\WINDOWS\muvopiguk.dll
2008-04-08 21:38:30 13164 --a------ C:\WINDOWS\moha.exe
2008-04-08 21:38:30 11731 --a------ C:\Program Files\Common Files\ypabiky.bat
2008-04-08 21:38:30 16818 --a------ C:\Program Files\Common Files\jihihi.scr
2008-04-05 20:26:22 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-05 20:26:06 0 d-------- C:\Program Files\Real
2008-04-05 20:26:04 0 d-------- C:\Program Files\Common Files\Real
2008-03-30 10:33:46 18432 --a------ C:\WINDOWS\ss3unstl.exe
2008-03-18 21:27:56 16384 -ra------ C:\WINDOWS\hinhem.scr

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 08:26 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 05:30 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-31 21:53:11 ------------
See less See more
Save
Like
amateur
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Note: Combofix is a very powerful tool and should only be used on the advice and supervision of a trained analyst.


http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
See less See more
Save
Like
G
thanks for ur kind reply, i have performed all the steps u have sent to me, but still my system is slow, the panda scan cannot find any spywares but it is finding some spywares in the paid version. i will here by attach all of my scanned files for your review, pls help me whats wrong with my pc!!!


ComboFix 08-06-03.4 - my accout 2008-06-05 19:23:53.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT 5.5:30]
Running from: C:\Documents and Settings\GOBI\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000111_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 18:56 . 2005-02-25 09:05 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-05 17:36 . 2008-06-05 17:36 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-05 17:36 . 2008-06-05 17:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 17:10 . 2008-06-05 17:10 <DIR> d--hs---- C:\FOUND.001
2008-06-04 17:04 . 2008-06-04 17:04 <DIR> d--hs---- C:\FOUND.000
2008-06-01 21:38 . 2008-06-01 21:38 <DIR> d-------- C:\Program Files\AutoStreamer
2008-06-01 18:58 . 2008-06-01 18:58 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 18:44 . 2008-06-01 18:46 67,108,864 --ah----- C:\pcwtest.tmp
2008-05-31 21:49 . 2008-05-31 21:49 <DIR> d-------- C:\Deckard
2008-05-29 18:07 . 2008-05-29 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-26 23:06 . 2008-05-26 23:06 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:52 . 2008-05-26 22:52 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31 . 2008-05-26 21:31 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-26 21:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\SETD.tmp
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-26 21:10 . 2008-05-26 21:10 <DIR> d---s---- C:\Documents and Settings\my accout\UserData
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-23 13:30 . 2008-05-23 13:30 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\CyberLink
2008-05-22 20:02 . 2008-05-22 20:03 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\Malwarebytes
2008-05-22 19:33 . 2008-05-22 19:33 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\vlc
2008-05-22 19:08 . 2008-05-22 19:08 <DIR> d-------- C:\Documents and Settings\my accout
2008-05-20 21:41 . 2008-05-20 21:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-20 21:19 . 2008-05-20 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-20 21:14 . 2008-05-20 21:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-20 21:14 . 2008-05-20 21:14 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 21:13 . 2008-05-20 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 21:13 . 2008-05-21 18:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-20 21:06 . 2008-05-20 21:06 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-20 20:22 . 2008-05-20 20:22 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 20:22 . 2008-05-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:19 . 2008-05-20 20:19 <DIR> d-------- C:\Program Files\Comodo
2008-05-20 20:19 . 2008-05-20 18:45 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 19:42 . 2008-05-20 19:29 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-20 19:42 . 2008-05-20 19:42 2,549 --a------ C:\WINDOWS\unins000.dat
2008-05-20 19:26 . 2008-05-20 19:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 19:20 . 2008-05-20 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-20 18:55 . 2008-05-20 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-18 18:56 . 2008-05-18 18:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-18 18:55 . 2008-05-18 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-16 21:05 . 2008-05-16 21:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-14 18:40 . 2008-05-14 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 18:39 . 2008-05-14 18:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 18:39 . 2008-05-14 18:39 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 18:38 . 2008-05-14 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 18:32 . 2008-05-14 18:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 19:09 . 2008-05-11 19:10 63 --a------ C:\WINDOWS\WINHELP.BMK
2008-05-09 21:29 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 21:29 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-08 19:06 . 2008-05-08 19:06 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-08 17:56 . 2008-05-08 17:56 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\Media Player Classic
2008-05-05 17:10 . 2008-05-05 17:10 <DIR> d-------- C:\Program Files\SoftwrapLicense

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 02:36 90,112 ----a-w C:\WINDOWS\DUMP34a7.tmp
2008-05-29 12:59 90,112 ----a-w C:\WINDOWS\DUMP907e.tmp
2008-05-05 11:40 560 ----a-w C:\WINDOWS\Fonts\SWFont9.fnt
2008-05-02 12:55 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Dev-Cpp
2008-05-02 12:54 --------- d-----w C:\Program Files\Dev-Cpp
2008-05-01 14:59 --------- d-----w C:\Program Files\uTorrent
2008-05-01 14:59 --------- d-----w C:\Documents and Settings\GOBI\Application Data\uTorrent
2008-04-28 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-28 12:27 --------- d-----w C:\Program Files\Uniblue
2008-04-28 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 14:18 --------- d-----w C:\Program Files\My Lockbox
2008-04-16 12:13 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-04-15 16:35 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Uniblue
2008-04-15 16:02 --------- d-----w C:\Program Files\Registry Cleaner
2008-04-15 14:15 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 14:15 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-15 14:15 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Malwarebytes
2008-04-15 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 15:47 19,681 ----a-w C:\WINDOWS\oxymak.bin
2008-04-14 15:47 19,596 ----a-w C:\Program Files\Common Files\cukih.dl
2008-04-14 15:47 18,440 ----a-w C:\WINDOWS\zutujeha.com
2008-04-14 15:47 17,719 ----a-w C:\Documents and Settings\GOBI\Application Data\gacomawil.exe
2008-04-14 15:47 16,640 ----a-w C:\Documents and Settings\GOBI\Application Data\exuwur.reg
2008-04-14 15:47 15,919 ----a-w C:\WINDOWS\ehudopar.com
2008-04-14 15:47 15,448 ----a-w C:\WINDOWS\tebun.dll
2008-04-14 15:47 15,368 ----a-w C:\Documents and Settings\GOBI\Application Data\moku.scr
2008-04-14 15:47 14,522 ----a-w C:\Documents and Settings\GOBI\Application Data\hecywygu.bat
2008-04-14 15:47 13,144 ----a-w C:\Program Files\Common Files\ybyle.pif
2008-04-14 15:47 11,774 ----a-w C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 15:47 10,396 ----a-w C:\Program Files\Common Files\xetujo.sys
2008-04-09 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 14:37 14,769 ----a-w C:\WINDOWS\bubag.exe
2008-04-09 14:37 10,300 ----a-w C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 13:42 19,991 ----a-w C:\Documents and Settings\All Users\Application Data\ucyl.dll
2008-04-09 13:40 --------- d-----w C:\Program Files\WinClamAVShield
2008-04-09 13:40 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Spyware Terminator
2008-04-08 16:34 16,686 ----a-w C:\WINDOWS\mahojoqupa.bat
2008-04-08 16:34 14,405 ----a-w C:\Documents and Settings\All Users\Application Data\yjyf.pif
2008-04-08 16:34 14,101 ----a-w C:\WINDOWS\vodohyto.dll
2008-04-08 16:34 12,889 ----a-w C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 16:08 19,292 ----a-w C:\Documents and Settings\All Users\Application Data\ijag.bin
2008-04-08 16:08 19,195 ----a-w C:\Documents and Settings\GOBI\Application Data\ketucefit.bat
2008-04-08 16:08 18,507 ----a-w C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 16:08 18,173 ----a-w C:\WINDOWS\muvopiguk.dll
2008-04-08 16:08 17,039 ----a-w C:\WINDOWS\nedexa.exe
2008-04-08 16:08 16,818 ----a-w C:\Program Files\Common Files\jihihi.scr
2008-04-08 16:08 14,158 ----a-w C:\Documents and Settings\All Users\Application Data\enyx.exe
2008-04-08 16:08 13,164 ----a-w C:\WINDOWS\moha.exe
2008-04-08 16:08 12,003 ----a-w C:\Documents and Settings\GOBI\Application Data\vivadahofa.sys
2008-04-08 16:08 11,731 ----a-w C:\Program Files\Common Files\ypabiky.bat
2008-04-08 16:08 11,496 ----a-w C:\WINDOWS\ybicybunyp.scr
2008-04-08 16:08 11,058 ----a-w C:\WINDOWS\xupaw.pif
2008-04-05 14:56 --------- d-----w C:\Program Files\Real
2008-04-05 14:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-05 14:56 --------- d-----w C:\Program Files\Common Files\Real
2008-03-30 05:03 18,432 ----a-w C:\WINDOWS\ss3unstl.exe
2008-03-18 15:57 16,384 ----a-r C:\WINDOWS\hinhem.scr
.

((((((((((((((((((((((((((((( [email protected]_20.48.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 11:49:58 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 11:40:50 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 11:44:08 7,224 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{F0BC551C-67EC-4C48-A55F-4FE129E8A12D}.bin
- 2004-08-04 06:30:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 13:49:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2004-08-04 06:30:00 66,560 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 13:49:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-08-04 06:30:00 2,804,224 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 09:15:32 2,890,240 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 06:30:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 09:15:36 78,848 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 06:30:00 331,264 ----a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 09:15:36 271,360 ----a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 06:30:00 884,736 ----a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 09:15:36 884,736 ----a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 06:30:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 09:15:36 15,360 ----a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 12:00:00 430,592 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 13:49:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 13:49:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 13:49:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 13:49:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-04 12:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 13:48:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 12:00:00 120,320 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 13:49:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-04 06:30:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 09:15:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 06:30:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 09:15:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 06:30:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 09:15:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 06:30:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 09:15:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 06:30:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 09:15:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2007-07-30 13:48:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2005-05-04 09:15:26 13,536 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 12:00:00 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 13:49:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 13:49:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 13:49:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 13:49:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 13:48:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 13:49:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-04 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 13:49:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 20:26 185896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-ra------ 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\GOBI\\My Documents\\downloads sw\\utorrent-1.8-beta-9704.upx.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGAMSVR.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGEMC.EXE"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 03:30:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
"2008-04-28 12:27:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-08 12:27:24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 16:46:58 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:25:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 19:25:52
ComboFix-quarantined-files.txt 2008-06-05 13:55:50
ComboFix2.txt 2008-06-04 15:19:06

Pre-Run: 15,009,218,560 bytes free
Post-Run: 15,046,918,144 bytes free

269 --- E O F --- 2008-06-05 13:27:24


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:50 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

--
End of file - 2900 bytes

Deckard's System Scanner v20071014.68
Run by my accout on 2008-06-06 19:02:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as my accout.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:35 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MYACCO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

--
End of file - 2799 bytes

-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-05 22:24:24 0 dr-h----- C:\Documents and Settings\GOBI\Recent
2008-06-05 22:10:46 0 d-------- C:\Program Files\SpywareBlaster
2008-06-05 19:43:41 0 d-------- C:\Program Files\Panda Security
2008-06-05 18:56:02 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-05 17:36:04 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 17:10:14 0 d--hs---- C:\FOUND.001
2008-06-05 08:13:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-04 20:44:58 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 20:44:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 20:44:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 20:44:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 20:44:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 20:44:58 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 20:44:58 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 20:44:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 17:04:06 0 d--hs---- C:\FOUND.000
2008-06-01 21:38:19 0 d-------- C:\Program Files\AutoStreamer
2008-06-01 18:58:33 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-05-29 18:07:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-28 19:25:16 0 dr------- C:\Documents and Settings\my accout\Recent
2008-05-27 23:14:56 0 d-------- C:\Documents and Settings\my accout\Application Data\Google
2008-05-26 23:06:41 0 d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:52:41 0 d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31:51 0 d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:10:35 0 d---s---- C:\Documents and Settings\my accout\UserData
2008-05-23 13:30:32 0 d-------- C:\Documents and Settings\my accout\Application Data\CyberLink
2008-05-22 20:02:58 0 d-------- C:\Documents and Settings\my accout\Application Data\Malwarebytes
2008-05-22 19:33:37 0 d-------- C:\Documents and Settings\my accout\Application Data\vlc
2008-05-22 19:20:27 0 d-------- C:\Documents and Settings\my accout\Application Data\Macromedia
2008-05-22 19:20:26 0 d-------- C:\Documents and Settings\my accout\Application Data\Adobe
2008-05-22 19:12:18 0 d-------- C:\Documents and Settings\my accout\Application Data\Real
2008-05-22 19:12:04 0 d-------- C:\Documents and Settings\my accout\Application Data\Identities
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\Templates
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Start Menu
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\SendTo
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\PrintHood
2008-05-22 19:08:54 3407872 --a------ C:\Documents and Settings\my accout\NTUSER.DAT
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\NetHood
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\My Documents
2008-05-22 19:08:54 0 d--h----- C:\Documents and Settings\my accout\Local Settings
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Favorites
2008-05-22 19:08:54 0 d-------- C:\Documents and Settings\my accout\Desktop
2008-05-22 19:08:54 0 d---s---- C:\Documents and Settings\my accout\Cookies
2008-05-22 19:08:54 0 dr------- C:\Documents and Settings\my accout\Application Data
2008-05-21 20:00:37 0 dr------- C:\Documents and Settings\Administrator\Recent
2008-05-20 21:41:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-20 21:19:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-20 21:14:31 0 d-------- C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 21:14:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-20 21:13:50 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-20 21:13:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 20:22:06 0 d-------- C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 20:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:19:46 0 d-------- C:\Program Files\Comodo
2008-05-20 19:42:37 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-20 19:42:37 2549 --a------ C:\WINDOWS\unins000.dat
2008-05-20 19:20:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-20 18:55:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-19 17:43:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-18 18:59:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-18 18:56:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-18 18:55:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-16 21:09:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-16 21:05:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-14 18:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 18:39:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 18:39:35 0 d-------- C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 18:38:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 18:32:42 0 d-------- C:\Program Files\Trend Micro
2008-05-08 19:06:24 0 d-------- C:\Program Files\MSConfig CleanUp
2008-05-08 17:56:17 0 d-------- C:\Documents and Settings\GOBI\Application Data\Media Player Classic


-- Find3M Report ---------------------------------------------------------------

2008-05-12 21:33:48 65 --a------ C:\AUTOEXEC.BAT
2008-05-05 17:10:04 0 d-------- C:\Program Files\SoftwrapLicense
2008-05-02 18:24:44 0 d-------- C:\Program Files\Dev-Cpp
2008-05-01 20:29:08 0 d-------- C:\Program Files\uTorrent
2008-04-28 17:57:24 0 d-------- C:\Program Files\Uniblue
2008-04-23 19:48:56 0 d-------- C:\Program Files\My Lockbox
2008-04-16 17:43:28 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-15 21:32:20 0 d-------- C:\Program Files\Registry Cleaner
2008-04-15 19:49:04 12586 --a------ C:\WINDOWS\viwucyb.dll
2008-04-15 19:49:04 16755 --a------ C:\WINDOWS\system32\afeheguqa.bat
2008-04-15 19:49:04 15599 --a------ C:\WINDOWS\qavidewi.bat
2008-04-15 19:49:04 11725 --a------ C:\WINDOWS\lapufafy.pif
2008-04-15 19:49:04 11062 --a------ C:\WINDOWS\dedavavu.sys
2008-04-15 19:49:04 12236 --a------ C:\WINDOWS\byhojad.com
2008-04-15 19:49:04 17108 --a------ C:\WINDOWS\akoly.vbs
2008-04-15 19:49:04 17906 --a------ C:\Program Files\Common Files\yfylyru.inf
2008-04-15 19:49:04 12603 --a------ C:\Program Files\Common Files\otawecas.dll
2008-04-15 19:49:04 17466 --a------ C:\Program Files\Common Files\imiju.dl
2008-04-15 19:49:04 16350 --a------ C:\Program Files\Common Files\fagamib.inf
2008-04-15 19:45:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 19:45:24 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-14 21:17:06 18440 --a------ C:\WINDOWS\zutujeha.com
2008-04-14 21:17:06 15448 --a------ C:\WINDOWS\tebun.dll
2008-04-14 21:17:06 19681 --a------ C:\WINDOWS\oxymak.bin
2008-04-14 21:17:06 15919 --a------ C:\WINDOWS\ehudopar.com
2008-04-14 21:17:06 13144 --a------ C:\Program Files\Common Files\ybyle.pif
2008-04-14 21:17:06 10396 --a------ C:\Program Files\Common Files\xetujo.sys
2008-04-14 21:17:06 11774 --a------ C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 21:17:06 19596 --a------ C:\Program Files\Common Files\cukih.dl
2008-04-09 20:07:46 14769 --a------ C:\WINDOWS\bubag.exe
2008-04-09 20:07:46 10300 --a------ C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 20:01:40 12708 --a------ C:\WINDOWS\uwibufary.com
2008-04-09 20:01:40 11673 --a------ C:\WINDOWS\system32\abow.com
2008-04-09 20:01:40 11042 --a------ C:\WINDOWS\inado.dll
2008-04-09 20:01:40 18127 --a------ C:\WINDOWS\emawo.bat
2008-04-09 20:01:40 17383 --a------ C:\Program Files\Common Files\zekaqec.scr
2008-04-09 20:01:40 18946 --a------ C:\Program Files\Common Files\yzat.com
2008-04-09 20:01:40 16146 --a------ C:\Program Files\Common Files\vote.dat
2008-04-09 20:01:40 19824 --a------ C:\Program Files\Common Files\akar._sy
2008-04-09 20:01:40 12715 --a------ C:\Program Files\Common Files\ajepuzehak.ban
2008-04-09 20:01:38 13296 --a------ C:\Program Files\Common Files\xoxipes.sys
2008-04-09 20:01:38 18801 --a------ C:\Program Files\Common Files\enufuw.ban
2008-04-09 19:12:36 13735 --a------ C:\WINDOWS\ymykisa.exe
2008-04-09 19:12:36 13752 --a------ C:\WINDOWS\xuwukise.dat
2008-04-09 19:12:36 11670 --a------ C:\WINDOWS\ihubyqen.reg
2008-04-09 19:12:36 17539 --a------ C:\Program Files\Common Files\uzyjigo.dat
2008-04-09 19:12:34 18958 --a------ C:\WINDOWS\system32\upavuv.vbs
2008-04-09 19:12:34 14540 --a------ C:\WINDOWS\asanud.pif
2008-04-09 19:12:34 18591 --a------ C:\Program Files\Common Files\ucatob.exe
2008-04-09 19:12:34 12129 --a------ C:\Program Files\Common Files\lifegen.sys
2008-04-09 19:12:34 10630 --a------ C:\Program Files\Common Files\esosaco.sys
2008-04-09 19:12:34 10935 --a------ C:\Program Files\Common Files\cobid.lib
2008-04-09 19:10:52 0 d-------- C:\Program Files\WinClamAVShield
2008-04-08 22:04:56 14101 --a------ C:\WINDOWS\vodohyto.dll
2008-04-08 22:04:56 12889 --a------ C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 22:04:56 16686 --a------ C:\WINDOWS\mahojoqupa.bat
2008-04-08 21:38:30 11496 --a------ C:\WINDOWS\ybicybunyp.scr
2008-04-08 21:38:30 11058 --a------ C:\WINDOWS\xupaw.pif
2008-04-08 21:38:30 18507 --a------ C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 21:38:30 17039 --a------ C:\WINDOWS\nedexa.exe
2008-04-08 21:38:30 18173 --a------ C:\WINDOWS\muvopiguk.dll
2008-04-08 21:38:30 13164 --a------ C:\WINDOWS\moha.exe
2008-04-08 21:38:30 11731 --a------ C:\Program Files\Common Files\ypabiky.bat
2008-04-08 21:38:30 16818 --a------ C:\Program Files\Common Files\jihihi.scr
2008-03-30 10:33:46 18432 --a------ C:\WINDOWS\ss3unstl.exe
2008-03-18 21:27:56 16384 -ra------ C:\WINDOWS\hinhem.scr


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-06 19:03:33 ------------

pls verify and help me, i am using only this forum!!
See less See more
Save
Like
amateur
3
Hi,

Before we continue please have the recovery console installed.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.





Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt .
See less See more
Save
Like
G
pls analyse my reports and send me a reply, my system is still even after performing all ur steps, pls help as soon as possible!

yours faithfully,
gopi
Save
Like
amateur
I think you didn't see my post above. Please perform the instructions therein and post back the log.
Save
Like
G
i have sucessfully installed recovery console and run the combofix.exe. this is my combofix log file!

pls verify and help me further!!

ComboFix 08-06-16.3 - GOBI 2008-06-17 19:28:50.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.81 [GMT 5.5:30]
Running from: C:\Documents and Settings\GOBI\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\GOBI\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-08 20:07 . 2008-06-08 20:07 <DIR> d--hs---- C:\FOUND.002
2008-06-05 22:10 . 2008-06-05 22:10 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-05 19:43 . 2008-06-05 19:43 <DIR> d-------- C:\Program Files\Panda Security
2008-06-05 18:56 . 2005-02-25 09:05 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-05 17:36 . 2008-06-05 17:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 17:10 . 2008-06-05 17:10 <DIR> d--hs---- C:\FOUND.001
2008-06-04 17:04 . 2008-06-04 17:04 <DIR> d--hs---- C:\FOUND.000
2008-06-01 21:38 . 2008-06-01 21:38 <DIR> d-------- C:\Program Files\AutoStreamer
2008-06-01 18:58 . 2008-06-05 19:28 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 18:44 . 2008-06-01 18:46 67,108,864 --------- C:\pcwtest.tmp
2008-05-31 21:49 . 2008-05-31 21:49 <DIR> d-------- C:\Deckard
2008-05-29 18:07 . 2008-05-29 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-26 23:06 . 2008-05-26 23:06 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:52 . 2008-05-26 22:52 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31 . 2008-05-26 21:31 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-26 21:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\SETD.tmp
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-26 21:10 . 2008-05-26 21:10 <DIR> d---s---- C:\Documents and Settings\my accout\UserData
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-23 13:30 . 2008-05-23 13:30 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\CyberLink
2008-05-22 20:02 . 2008-05-22 20:03 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\Malwarebytes
2008-05-22 19:33 . 2008-05-22 19:33 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\vlc
2008-05-22 19:08 . 2008-05-22 19:08 <DIR> d-------- C:\Documents and Settings\my accout
2008-05-20 21:41 . 2008-05-20 21:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-20 21:19 . 2008-05-20 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-20 21:14 . 2008-05-20 21:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-20 21:14 . 2008-05-20 21:14 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 21:13 . 2008-05-20 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 21:13 . 2008-05-21 18:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-20 21:06 . 2008-05-20 21:06 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-20 20:22 . 2008-05-20 20:22 <DIR> d-------- C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 20:22 . 2008-05-20 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:19 . 2008-05-20 20:19 <DIR> d-------- C:\Program Files\Comodo
2008-05-20 20:19 . 2008-05-20 18:45 211 --------- C:\boot.ini.comodofirewall
2008-05-20 19:42 . 2008-05-20 19:29 691,545 --------- C:\WINDOWS\unins000.exe
2008-05-20 19:42 . 2008-05-20 19:42 2,549 --------- C:\WINDOWS\unins000.dat
2008-05-20 19:26 . 2008-05-20 19:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-20 19:20 . 2008-05-20 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-20 18:55 . 2008-05-20 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-18 18:56 . 2008-05-18 18:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-18 18:55 . 2008-05-18 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 11:34 90,112 ----a-w C:\WINDOWS\DUMPf01c.tmp
2008-06-07 12:10 90,112 ------w C:\WINDOWS\DUMP40cd.tmp
2008-06-05 02:36 90,112 ------w C:\WINDOWS\DUMP34a7.tmp
2008-05-29 12:59 90,112 ------w C:\WINDOWS\DUMP907e.tmp
2008-05-16 15:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-14 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 13:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-14 13:09 --------- d-----w C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 13:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 13:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 13:36 --------- d-----w C:\Program Files\MSConfig CleanUp
2008-05-08 12:26 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Media Player Classic
2008-05-05 15:16 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-05 15:16 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-05 11:40 560 ----a-w C:\WINDOWS\Fonts\SWFont9.fnt
2008-05-05 11:40 --------- d-----w C:\Program Files\SoftwrapLicense
2008-05-02 12:55 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Dev-Cpp
2008-05-02 12:54 --------- d-----w C:\Program Files\Dev-Cpp
2008-05-01 14:59 --------- d-----w C:\Program Files\uTorrent
2008-05-01 14:59 --------- d-----w C:\Documents and Settings\GOBI\Application Data\uTorrent
2008-04-28 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-28 12:27 --------- d-----w C:\Program Files\Uniblue
2008-04-28 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-23 14:18 --------- d-----w C:\Program Files\My Lockbox
2008-04-14 15:47 19,681 ------w C:\WINDOWS\oxymak.bin
2008-04-14 15:47 19,596 ----a-w C:\Program Files\Common Files\cukih.dl
2008-04-14 15:47 18,440 ------w C:\WINDOWS\zutujeha.com
2008-04-14 15:47 17,719 ----a-w C:\Documents and Settings\GOBI\Application Data\gacomawil.exe
2008-04-14 15:47 16,640 ----a-w C:\Documents and Settings\GOBI\Application Data\exuwur.reg
2008-04-14 15:47 15,919 ------w C:\WINDOWS\ehudopar.com
2008-04-14 15:47 15,448 ------w C:\WINDOWS\tebun.dll
2008-04-14 15:47 15,368 ----a-w C:\Documents and Settings\GOBI\Application Data\moku.scr
2008-04-14 15:47 14,522 ----a-w C:\Documents and Settings\GOBI\Application Data\hecywygu.bat
2008-04-14 15:47 13,144 ----a-w C:\Program Files\Common Files\ybyle.pif
2008-04-14 15:47 11,774 ----a-w C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 15:47 10,396 ----a-w C:\Program Files\Common Files\xetujo.sys
2008-04-09 14:37 14,769 ------w C:\WINDOWS\bubag.exe
2008-04-09 14:37 10,300 ----a-w C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 13:42 19,991 ----a-w C:\Documents and Settings\All Users\Application Data\ucyl.dll
2008-04-08 16:34 16,686 ------w C:\WINDOWS\mahojoqupa.bat
2008-04-08 16:34 14,405 ----a-w C:\Documents and Settings\All Users\Application Data\yjyf.pif
2008-04-08 16:34 14,101 ------w C:\WINDOWS\vodohyto.dll
2008-04-08 16:34 12,889 ----a-w C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 16:08 19,292 ----a-w C:\Documents and Settings\All Users\Application Data\ijag.bin
2008-04-08 16:08 19,195 ----a-w C:\Documents and Settings\GOBI\Application Data\ketucefit.bat
2008-04-08 16:08 18,507 ----a-w C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 16:08 18,173 ------w C:\WINDOWS\muvopiguk.dll
2008-04-08 16:08 17,039 ------w C:\WINDOWS\nedexa.exe
2008-04-08 16:08 16,818 ----a-w C:\Program Files\Common Files\jihihi.scr
2008-04-08 16:08 14,158 ----a-w C:\Documents and Settings\All Users\Application Data\enyx.exe
2008-04-08 16:08 13,164 ------w C:\WINDOWS\moha.exe
2008-04-08 16:08 12,003 ----a-w C:\Documents and Settings\GOBI\Application Data\vivadahofa.sys
2008-04-08 16:08 11,731 ----a-w C:\Program Files\Common Files\ypabiky.bat
2008-04-08 16:08 11,496 ------w C:\WINDOWS\ybicybunyp.scr
2008-04-08 16:08 11,058 ------w C:\WINDOWS\xupaw.pif
2008-03-30 05:03 18,432 ------w C:\WINDOWS\ss3unstl.exe
2008-03-18 15:57 16,384 ------w C:\WINDOWS\hinhem.scr
.

((((((((((((((((((((((((((((( snapshot_2008-06-05_19.25.40.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 11:40:50 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 12:49:24 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 07:26:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 09:19:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 17:30 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-ra------ 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-05 20:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\GOBI\\My Documents\\downloads sw\\utorrent-1.8-beta-9704.upx.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGAMSVR.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGEMC.EXE"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 03:30:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
"2008-04-28 12:27:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-07 12:27:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 16:46:58 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 19:30:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 19:30:49
ComboFix-quarantined-files.txt 2008-06-17 14:00:48
ComboFix4.txt 2008-06-04 15:19:06
ComboFix3.txt 2008-06-05 13:55:54
ComboFix2.txt 2008-06-07 14:16:54

Pre-Run: 14,648,475,648 bytes free
Post-Run: 14,710,276,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

214 --- E O F --- 2008-06-05 13:27:24
See less See more
Save
Like
amateur
Hi,

Looks like you installed the wrong Recovery Console.:sigh: Your system is Windows XP Professional SP2 as you can see from the header of your logs:

Microsoft Windows XP Professional
Click to expand...
and you installed the recovery console for Windows XP Home edition.

Settings\GOBI\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
Click to expand...
We'll have to delete that and install the correct version.

Please delete the following files/folders:

C:\cmdcons
C:\cmldr

Do the next step ONLY IF C:\boot.bak exist

Delete C:\boot.ini
Rename C:\boot.bak ---> to ---> C:\boot.ini

Then install the the correct version following my previous instructions and post the log please.
See less See more
Save
Like
G
i have followed ur steps and installed the correct recovery consle and ran the combofix.exe. this is my combofix log file!

pls verify and help me further!!

ComboFix 08-06-20.4 - GOBI 2008-06-24 19:04:12.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.49 [GMT 5.5:30]
Running from: C:\Documents and Settings\GOBI\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\GOBI\Desktop\WinXP_EN_PRO_BF.EXE
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-21 21:57 . 2008-06-21 21:57 <DIR> d-------- C:\Program Files\talkingbuddy
2008-06-21 21:53 . 2008-06-21 21:53 <DIR> d-------- C:\WINDOWS\speech
2008-06-21 21:53 . 2008-06-21 21:53 <DIR> d-------- C:\WINDOWS\lhsp
2008-06-21 21:53 . 2008-06-21 21:53 <DIR> d-------- C:\Program Files\Talking Bud
2008-06-21 21:53 . 2008-06-21 21:53 <DIR> d-------- C:\Program Files\Advanced Searchbar
2008-06-20 18:06 . 2008-06-20 18:06 <DIR> d--hs---- C:\FOUND.003
2008-06-08 20:07 . 2008-06-08 20:07 <DIR> d--hs---- C:\FOUND.002
2008-06-05 22:10 . 2008-06-05 22:10 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-05 19:43 . 2008-06-05 19:43 <DIR> d-------- C:\Program Files\Panda Security
2008-06-05 18:56 . 2005-02-25 09:05 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-05 17:36 . 2008-06-05 17:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 17:10 . 2008-06-05 17:10 <DIR> d--hs---- C:\FOUND.001
2008-06-04 17:04 . 2008-06-04 17:04 <DIR> d--hs---- C:\FOUND.000
2008-06-01 21:38 . 2008-06-01 21:38 <DIR> d-------- C:\Program Files\AutoStreamer
2008-06-01 18:58 . 2008-06-05 19:28 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 18:44 . 2008-06-01 18:46 67,108,864 --------- C:\pcwtest.tmp
2008-05-31 21:49 . 2008-05-31 21:49 <DIR> d-------- C:\Deckard
2008-05-29 18:07 . 2008-05-29 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-26 23:06 . 2008-05-26 23:06 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:52 . 2008-05-26 22:52 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31 . 2008-05-26 21:31 <DIR> d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-26 21:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\SETD.tmp
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-26 21:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-26 21:10 . 2008-05-26 21:10 <DIR> d---s---- C:\Documents and Settings\my accout\UserData
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-26 19:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 11:34 90,112 ----a-w C:\WINDOWS\DUMPf01c.tmp
2008-06-07 12:10 90,112 ------w C:\WINDOWS\DUMP40cd.tmp
2008-06-05 02:36 90,112 ------w C:\WINDOWS\DUMP34a7.tmp
2008-05-29 12:59 90,112 ------w C:\WINDOWS\DUMP907e.tmp
2008-05-23 08:00 --------- d-----w C:\Documents and Settings\my accout\Application Data\CyberLink
2008-05-22 14:33 --------- d-----w C:\Documents and Settings\my accout\Application Data\Malwarebytes
2008-05-22 14:03 --------- d-----w C:\Documents and Settings\my accout\Application Data\vlc
2008-05-21 12:38 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-20 16:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-20 15:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-20 15:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-20 15:44 --------- d-----w C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 15:36 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-20 14:52 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 14:49 --------- d-----w C:\Program Files\Comodo
2008-05-20 13:59 691,545 ------w C:\WINDOWS\unins000.exe
2008-05-20 13:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-20 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-20 13:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-18 13:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-18 13:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-16 15:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-14 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 13:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-14 13:09 --------- d-----w C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 13:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 13:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 13:36 --------- d-----w C:\Program Files\MSConfig CleanUp
2008-05-08 12:26 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Media Player Classic
2008-05-05 15:16 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-05 15:16 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-05 11:40 560 ----a-w C:\WINDOWS\Fonts\SWFont9.fnt
2008-05-05 11:40 --------- d-----w C:\Program Files\SoftwrapLicense
2008-05-02 12:55 --------- d-----w C:\Documents and Settings\GOBI\Application Data\Dev-Cpp
2008-05-02 12:54 --------- d-----w C:\Program Files\Dev-Cpp
2008-05-01 14:59 --------- d-----w C:\Program Files\uTorrent
2008-05-01 14:59 --------- d-----w C:\Documents and Settings\GOBI\Application Data\uTorrent
2008-04-28 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-28 12:27 --------- d-----w C:\Program Files\Uniblue
2008-04-28 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 15:47 19,681 ------w C:\WINDOWS\oxymak.bin
2008-04-14 15:47 19,596 ----a-w C:\Program Files\Common Files\cukih.dl
2008-04-14 15:47 18,440 ------w C:\WINDOWS\zutujeha.com
2008-04-14 15:47 17,719 ----a-w C:\Documents and Settings\GOBI\Application Data\gacomawil.exe
2008-04-14 15:47 16,640 ----a-w C:\Documents and Settings\GOBI\Application Data\exuwur.reg
2008-04-14 15:47 15,919 ------w C:\WINDOWS\ehudopar.com
2008-04-14 15:47 15,448 ------w C:\WINDOWS\tebun.dll
2008-04-14 15:47 15,368 ----a-w C:\Documents and Settings\GOBI\Application Data\moku.scr
2008-04-14 15:47 14,522 ----a-w C:\Documents and Settings\GOBI\Application Data\hecywygu.bat
2008-04-14 15:47 13,144 ----a-w C:\Program Files\Common Files\ybyle.pif
2008-04-14 15:47 11,774 ----a-w C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 15:47 10,396 ----a-w C:\Program Files\Common Files\xetujo.sys
2008-04-09 14:37 14,769 ------w C:\WINDOWS\bubag.exe
2008-04-09 14:37 10,300 ----a-w C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 13:42 19,991 ----a-w C:\Documents and Settings\All Users\Application Data\ucyl.dll
2008-04-08 16:34 16,686 ------w C:\WINDOWS\mahojoqupa.bat
2008-04-08 16:34 14,405 ----a-w C:\Documents and Settings\All Users\Application Data\yjyf.pif
2008-04-08 16:34 14,101 ------w C:\WINDOWS\vodohyto.dll
2008-04-08 16:34 12,889 ----a-w C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 16:08 19,292 ----a-w C:\Documents and Settings\All Users\Application Data\ijag.bin
2008-04-08 16:08 19,195 ----a-w C:\Documents and Settings\GOBI\Application Data\ketucefit.bat
2008-04-08 16:08 18,507 ----a-w C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 16:08 18,173 ------w C:\WINDOWS\muvopiguk.dll
2008-04-08 16:08 17,039 ------w C:\WINDOWS\nedexa.exe
2008-04-08 16:08 16,818 ----a-w C:\Program Files\Common Files\jihihi.scr
2008-04-08 16:08 14,158 ----a-w C:\Documents and Settings\All Users\Application Data\enyx.exe
2008-04-08 16:08 13,164 ------w C:\WINDOWS\moha.exe
2008-04-08 16:08 12,003 ----a-w C:\Documents and Settings\GOBI\Application Data\vivadahofa.sys
2008-04-08 16:08 11,731 ----a-w C:\Program Files\Common Files\ypabiky.bat
2008-04-08 16:08 11,496 ------w C:\WINDOWS\ybicybunyp.scr
2008-04-08 16:08 11,058 ------w C:\WINDOWS\xupaw.pif
2008-03-30 05:03 18,432 ------w C:\WINDOWS\ss3unstl.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-05_19.25.40.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 11:40:50 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 12:25:50 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 07:26:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 09:19:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 1998-09-30 04:39:20 1,276,416 ----a-w C:\WINDOWS\lhsp\tv\tv_enua.dll
+ 1998-09-24 09:45:44 40,960 ----a-w C:\WINDOWS\lhsp\tv\tvenuax.dll
- 2000-08-31 02:30:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 02:30:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 1999-01-12 09:49:12 248,832 ----a-w C:\WINDOWS\speech\spchtel.dll
+ 1999-01-12 09:49:12 562,176 ----a-w C:\WINDOWS\speech\speech.dll
+ 1999-01-12 09:39:36 380,928 ----a-w C:\WINDOWS\speech\vcmd.exe
+ 1999-01-12 09:49:12 156,160 ----a-w C:\WINDOWS\speech\vcmshl.dll
+ 1999-01-12 09:49:12 179,712 ----a-w C:\WINDOWS\speech\Vdict.dll
+ 1999-01-12 09:49:12 173,056 ----a-w C:\WINDOWS\speech\VText.dll
+ 1999-01-12 06:05:30 53,760 ----a-w C:\WINDOWS\speech\WrapSAPI.dll
+ 1999-01-12 09:49:12 128,000 ----a-w C:\WINDOWS\speech\Xcommand.dll
+ 1999-01-12 09:49:12 208,896 ----a-w C:\WINDOWS\speech\Xlisten.dll
+ 1999-01-12 09:49:12 203,776 ----a-w C:\WINDOWS\speech\XTel.Dll
+ 1999-01-12 09:49:12 195,584 ----a-w C:\WINDOWS\speech\Xvoice.dll
+ 2004-01-07 05:51:24 237,936 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 15:17 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" [2004-08-04 17:30 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^Talking Buddy.lnk]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\Talking Buddy.lnk
backup=C:\WINDOWS\pss\Talking Buddy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-ra------ 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-05 20:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\GOBI\\My Documents\\downloads sw\\utorrent-1.8-beta-9704.upx.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGAMSVR.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\AVGEMC.EXE"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 03:30:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
"2008-04-28 12:27:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-07 12:27:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-26 16:46:58 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 19:06:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-24 19:06:54
ComboFix-quarantined-files.txt 2008-06-24 13:36:44
ComboFix5.txt 2008-06-04 15:19:06
ComboFix4.txt 2008-06-05 13:55:54
ComboFix3.txt 2008-06-07 14:16:54
ComboFix2.txt 2008-06-17 14:00:52

Pre-Run: 15,225,569,280 bytes free
Post-Run: 15,276,703,744 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

235 --- E O F --- 2008-06-05 13:27:24
See less See more
Save
Like
amateur
Please post a fresh HijackThis log too.
Save
Like
G
this is my hijackthis log!!

Deckard's System Scanner v20071014.68
Run by GOBI on 2008-06-24 21:43:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as GOBI.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:44 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\new account\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GOBI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-1606980848-725345543-515521557-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'my accout')
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{14A66D03-F0BF-42F3-9E08-AFE9CC690A15}: NameServer = 202.88.152.8,202.88.152.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

--
End of file - 3394 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 19:03:46 237728 --a------ C:\cmldr
2008-06-24 19:03:33 0 d-------- C:\cmdcons
2008-06-24 19:01:56 68096 --a------ C:\WINDOWS\zip.exe
2008-06-24 19:01:56 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-24 19:01:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-24 19:01:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-24 19:01:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-24 19:01:56 98816 --a------ C:\WINDOWS\sed.exe
2008-06-24 19:01:56 80412 --a------ C:\WINDOWS\grep.exe
2008-06-24 19:01:56 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-21 22:11:16 0 dr-h----- C:\Documents and Settings\GOBI\Recent
2008-06-21 21:57:47 0 d-------- C:\Program Files\talkingbuddy
2008-06-21 21:53:52 0 d-------- C:\Program Files\Advanced Searchbar
2008-06-21 21:53:40 0 d-------- C:\WINDOWS\speech
2008-06-21 21:53:35 0 d-------- C:\WINDOWS\lhsp
2008-06-21 21:53:04 0 d-------- C:\Program Files\Talking Bud
2008-06-20 18:06:08 0 d--hs---- C:\FOUND.003
2008-06-08 20:07:12 0 d--hs---- C:\FOUND.002
2008-06-07 21:45:11 0 d-------- C:\Documents and Settings\GOBI\Application Data\Help
2008-06-05 22:10:46 0 d-------- C:\Program Files\SpywareBlaster
2008-06-05 19:43:41 0 d-------- C:\Program Files\Panda Security
2008-06-05 18:56:02 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-05 17:36:04 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 17:10:14 0 d--hs---- C:\FOUND.001
2008-06-05 08:13:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-04 17:04:06 0 d--hs---- C:\FOUND.000
2008-06-01 21:38:19 0 d-------- C:\Program Files\AutoStreamer
2008-06-01 18:58:33 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-05-29 18:07:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-28 19:25:16 0 dr------- C:\Documents and Settings\my accout\Recent
2008-05-27 23:14:56 0 d-------- C:\Documents and Settings\my accout\Application Data\Google
2008-05-26 23:06:41 0 d-------- C:\Documents and Settings\my accout\Application Data\AVG7
2008-05-26 22:52:41 0 d-------- C:\Documents and Settings\my accout\Application Data\SUPERAntiSpyware.com
2008-05-26 21:31:51 0 d-------- C:\Documents and Settings\my accout\Application Data\Uniblue
2008-05-26 21:10:35 0 d---s---- C:\Documents and Settings\my accout\UserData


-- Find3M Report ---------------------------------------------------------------

2008-05-21 18:08:46 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-20 21:14:32 0 d-------- C:\Documents and Settings\GOBI\Application Data\AVG7
2008-05-20 20:22:08 0 d-------- C:\Documents and Settings\GOBI\Application Data\Comodo
2008-05-20 20:19:48 0 d-------- C:\Program Files\Comodo
2008-05-20 19:42:38 2549 -----n--- C:\WINDOWS\unins000.dat
2008-05-20 19:29:20 691545 -----n--- C:\WINDOWS\unins000.exe
2008-05-14 18:39:38 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 18:39:36 0 d-------- C:\Documents and Settings\GOBI\Application Data\SUPERAntiSpyware.com
2008-05-14 18:38:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 18:32:44 0 d-------- C:\Program Files\Trend Micro
2008-05-12 21:33:48 65 -----n--- C:\AUTOEXEC.BAT
2008-05-08 19:06:26 0 d-------- C:\Program Files\MSConfig CleanUp
2008-05-08 17:56:18 0 d-------- C:\Documents and Settings\GOBI\Application Data\Media Player Classic
2008-05-05 17:10:04 0 d-------- C:\Program Files\SoftwrapLicense
2008-05-02 18:25:00 0 d-------- C:\Documents and Settings\GOBI\Application Data\Dev-Cpp
2008-05-02 18:24:44 0 d-------- C:\Program Files\Dev-Cpp
2008-05-01 20:29:08 0 d-------- C:\Program Files\uTorrent
2008-05-01 20:29:08 0 d-------- C:\Documents and Settings\GOBI\Application Data\uTorrent
2008-04-30 19:37:50 0 d-------- C:\Documents and Settings\GOBI\Application Data\Google
2008-04-28 17:57:24 0 d-------- C:\Program Files\Uniblue
2008-04-15 19:49:04 12586 -----n--- C:\WINDOWS\viwucyb.dll
2008-04-15 19:49:04 16755 --a------ C:\WINDOWS\system32\afeheguqa.bat
2008-04-15 19:49:04 15599 -----n--- C:\WINDOWS\qavidewi.bat
2008-04-15 19:49:04 11725 -----n--- C:\WINDOWS\lapufafy.pif
2008-04-15 19:49:04 11062 -----n--- C:\WINDOWS\dedavavu.sys
2008-04-15 19:49:04 12236 -----n--- C:\WINDOWS\byhojad.com
2008-04-15 19:49:04 17108 -----n--- C:\WINDOWS\akoly.vbs
2008-04-15 19:49:04 17906 --a------ C:\Program Files\Common Files\yfylyru.inf
2008-04-15 19:49:04 12603 --a------ C:\Program Files\Common Files\otawecas.dll
2008-04-15 19:49:04 17466 --a------ C:\Program Files\Common Files\imiju.dl
2008-04-15 19:49:04 16350 --a------ C:\Program Files\Common Files\fagamib.inf
2008-04-15 19:49:04 12844 --a------ C:\Documents and Settings\GOBI\Application Data\opuruqi.scr
2008-04-15 19:49:04 18840 --a------ C:\Documents and Settings\GOBI\Application Data\humilazul.bat
2008-04-14 21:17:06 18440 -----n--- C:\WINDOWS\zutujeha.com
2008-04-14 21:17:06 15448 -----n--- C:\WINDOWS\tebun.dll
2008-04-14 21:17:06 19681 -----n--- C:\WINDOWS\oxymak.bin
2008-04-14 21:17:06 15919 -----n--- C:\WINDOWS\ehudopar.com
2008-04-14 21:17:06 13144 --a------ C:\Program Files\Common Files\ybyle.pif
2008-04-14 21:17:06 10396 --a------ C:\Program Files\Common Files\xetujo.sys
2008-04-14 21:17:06 11774 --a------ C:\Program Files\Common Files\ihomojorow.dl
2008-04-14 21:17:06 19596 --a------ C:\Program Files\Common Files\cukih.dl
2008-04-14 21:17:06 11264 --a------ C:\Documents and Settings\GOBI\Application Data\uxotew.lib
2008-04-14 21:17:06 15368 --a------ C:\Documents and Settings\GOBI\Application Data\moku.scr
2008-04-14 21:17:06 14522 --a------ C:\Documents and Settings\GOBI\Application Data\hecywygu.bat
2008-04-14 21:17:06 17719 --a------ C:\Documents and Settings\GOBI\Application Data\gacomawil.exe
2008-04-14 21:17:06 16640 --a------ C:\Documents and Settings\GOBI\Application Data\exuwur.reg
2008-04-09 20:07:46 14769 -----n--- C:\WINDOWS\bubag.exe
2008-04-09 20:07:46 10300 --a------ C:\Program Files\Common Files\ihawitafa.sys
2008-04-09 20:07:46 13683 --a------ C:\Documents and Settings\GOBI\Application Data\uwitoq.inf
2008-04-09 20:01:40 12708 -----n--- C:\WINDOWS\uwibufary.com
2008-04-09 20:01:40 11673 --a------ C:\WINDOWS\system32\abow.com
2008-04-09 20:01:40 11042 -----n--- C:\WINDOWS\inado.dll
2008-04-09 20:01:40 18127 -----n--- C:\WINDOWS\emawo.bat
2008-04-09 20:01:40 17383 --a------ C:\Program Files\Common Files\zekaqec.scr
2008-04-09 20:01:40 18946 --a------ C:\Program Files\Common Files\yzat.com
2008-04-09 20:01:40 16146 --a------ C:\Program Files\Common Files\vote.dat
2008-04-09 20:01:40 19824 --a------ C:\Program Files\Common Files\akar._sy
2008-04-09 20:01:40 12715 --a------ C:\Program Files\Common Files\ajepuzehak.ban
2008-04-09 20:01:40 15237 --a------ C:\Documents and Settings\GOBI\Application Data\ikefonuqag.db
2008-04-09 20:01:40 18879 --a------ C:\Documents and Settings\GOBI\Application Data\fitirej.scr
2008-04-09 20:01:38 13296 --a------ C:\Program Files\Common Files\xoxipes.sys
2008-04-09 20:01:38 18801 --a------ C:\Program Files\Common Files\enufuw.ban
2008-04-09 19:12:36 13735 -----n--- C:\WINDOWS\ymykisa.exe
2008-04-09 19:12:36 13752 -----n--- C:\WINDOWS\xuwukise.dat
2008-04-09 19:12:36 11670 -----n--- C:\WINDOWS\ihubyqen.reg
2008-04-09 19:12:36 17539 --a------ C:\Program Files\Common Files\uzyjigo.dat
2008-04-09 19:12:34 18958 --a------ C:\WINDOWS\system32\upavuv.vbs
2008-04-09 19:12:34 14540 -----n--- C:\WINDOWS\asanud.pif
2008-04-09 19:12:34 18591 --a------ C:\Program Files\Common Files\ucatob.exe
2008-04-09 19:12:34 12129 --a------ C:\Program Files\Common Files\lifegen.sys
2008-04-09 19:12:34 10630 --a------ C:\Program Files\Common Files\esosaco.sys
2008-04-09 19:12:34 10935 --a------ C:\Program Files\Common Files\cobid.lib
2008-04-09 19:12:34 19475 --a------ C:\Documents and Settings\GOBI\Application Data\yqabuk.ban
2008-04-08 22:04:56 14101 -----n--- C:\WINDOWS\vodohyto.dll
2008-04-08 22:04:56 12889 --a------ C:\WINDOWS\system32\bizizoheg.vbs
2008-04-08 22:04:56 16686 -----n--- C:\WINDOWS\mahojoqupa.bat
2008-04-08 22:04:56 18916 --a------ C:\Documents and Settings\GOBI\Application Data\umydital._sy
2008-04-08 21:38:30 11496 -----n--- C:\WINDOWS\ybicybunyp.scr
2008-04-08 21:38:30 11058 -----n--- C:\WINDOWS\xupaw.pif
2008-04-08 21:38:30 18507 --a------ C:\WINDOWS\system32\awijasenaz.sys
2008-04-08 21:38:30 17039 -----n--- C:\WINDOWS\nedexa.exe
2008-04-08 21:38:30 18173 -----n--- C:\WINDOWS\muvopiguk.dll
2008-04-08 21:38:30 13164 -----n--- C:\WINDOWS\moha.exe
2008-04-08 21:38:30 11731 --a------ C:\Program Files\Common Files\ypabiky.bat
2008-04-08 21:38:30 16818 --a------ C:\Program Files\Common Files\jihihi.scr
2008-04-08 21:38:30 12003 --a------ C:\Documents and Settings\GOBI\Application Data\vivadahofa.sys
2008-04-08 21:38:30 19195 --a------ C:\Documents and Settings\GOBI\Application Data\ketucefit.bat
2008-03-30 10:33:46 18432 -----n--- C:\WINDOWS\ss3unstl.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe" [08/04/2004 05:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GOBI^Start Menu^Programs^Startup^Talking Buddy.lnk]
path=C:\Documents and Settings\GOBI\Start Menu\Programs\Startup\Talking Buddy.lnk
backup=C:\WINDOWS\pss\Talking Buddy.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^my accout^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\my accout\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)
"CmdAgent"=2 (0x2)
"bdss"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"aswUpdSv"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-24 21:44:43 ------------
See less See more
Save
Like
amateur
Hi,

OK. Thanks for the logs.

I see that you are using uTorrent , which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel.

===================================

It appears that you've fixed some entries for AVG with the HijackThis before you posted your log. If you don't want the program anymore, the best way is to remove it via Add or Remove Programs in the Control Panel, not by fixing it with the HijackThis.

Please go to Start>Control Panel>Add or Remove Programs and remove AVG 7.5. When you're done with that, you can delete its corresponding folder: C:\Program Files\Grisoft

In your previous logs, Avast was running as your active antivirus, but it's not present in your last log. Did you uninstall it? You don't seem to have any active antivirus at the moment. Please don't surf the net without any antivirus protection.

What's the situation with SuperAntiSpyware? There are some entries in the logs, but it's not present in your Add or Remove Programs list. Is it uninstalled?

================================

Also, your COMODO firewall appears to be disabled. Can you let me know why?

=================================

Total Physical Memory: 224 MiB (512 MiB recommended).
Click to expand...
You need to increase the memory. 224 MiB is not enough. It will cause considerable system slow down and even freeezes and lock ups.

=================================

Do you remember what happened, or what programs you may have installed around April 8th, 9th and 14th? Have you downloaded any torrents or cracks of any programs or games?

There is a large number of unidentified files created on those days and I would like to know if you know anything about them.

================================

Make sure that DSS.exe is located on your Desktop.
Click on your START button, then choose Run. A little box will appear.
Now copy and paste all the following in bold (including the "" marks) into the run box and click OK.

"%userprofile%\desktop\dss.exe" /daft


This will start DSS in a different way. A small window will appear.
Click on the Scan button.
Place a check in the boxes next to the following:

.reg
.scr

Click the Fix button.
Re-scan and make sure it says that all associations are OK.

=================================

Please let me know how all that went along with the answers to my questions above so that I can incorporate them into the next set of instructions to clean the machine.
See less See more
Save
Like
G
i have uninstalled utorrent, avg 7.5 and deleted the grisoft folder, i have enable the comodo firewall, but it ask me to reinstall??? i have ran dss.exe and all associations are okay, on those days, i have installed uniblue, with password given by a friend, and downloaded some movies from utorrent, and got the cracks for games from unknwon website, but i am not sure about the files which are created on 8, 9 and 14th of april.

pls tell me how to remove those stuffs!!!
Save
Like
amateur
Quickly, what's the situation with Avast and SuperAntiSpyware?
Save
Like
G
i have not uninstalled it, i have unchecked the box for avast in msconfig.exe, but it is still installed in my system, i am not using superantispyware currently, i took that off from the hijackthis!!

some wierd things happening in my system in addition, helpctr.exe is missing i cant able to access windows help, and all the files are opening with the extensions but i have not made that settings, it is automatically performed??? i do not know y???

can i use superantispyware? is it safe?
Save
Like
amateur
Hi,

Please delete the present copy of the Combofix and download a fresh copy from the same link. It has been updated.

i have uninstalled utorrent, avg 7.5 and deleted the grisoft folder, i have enable the comodo firewall, but it ask me to reinstall??? i have ran dss.exe and all associations are okay,
Click to expand...
That's good.

on those days, i have installed uniblue, with password given by a friend, and downloaded some movies from utorrent, and got the cracks for games from unknwon website, but i am not sure about the files which are created on 8, 9 and 14th of april.
Click to expand...
Visiting crack sites and downloading such programs are a sure way of getting infected. Please refrain from doing that in future.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity.
====================================

i have not uninstalled it, i have unchecked the box for avast in msconfig.exe, but it is still installed in my system
Click to expand...
Check it back. Only disable it when you're running a tool so that it will not interfere. But, please re-enable it as soon as you're done. DO NOT connect to the internet without the protection of an antivirus.

i am not using superantispyware currently, i took that off from the hijackthis!!
Click to expand...
If you don't want it uninstall/remove it from the Add Remove Programs in Control Panel.

some wierd things happening in my system in addition, helpctr.exe is missing i cant able to access windows help,
Click to expand...
We'll look into that later.

and all the files are opening with the extensions but i have not made that settings, it is automatically performed??? i do not know y???
Click to expand...
That's fine. One of the tools we've used may have set it to the default.

can i use superantispyware? is it safe?
Click to expand...
Yes, it's safe, but keep it disabled while running the tools we use for cleaning the system.
====================================

Scan with HijackThis and put a checkmark against the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Close all browsers and windows other than HijackThis and click on "fix checked".

=================================

  • Open notepad (Start>All programs>accessories>notepad )
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
(It must be notepad, not wordpad, or it won't work):

Code: 
http://www.techsupportforum.com/security-center/hijackthis-log-help/254877-spyware-problem.html

Collect::
C:\WINDOWS\oxymak.bin
C:\Program Files\Common Files\cukih.dl
C:\WINDOWS\zutujeha.com
C:\Documents and Settings\GOBI\Application Data\gacomawil.exe
C:\Documents and Settings\GOBI\Application Data\exuwur.reg
C:\WINDOWS\ehudopar.com
C:\WINDOWS\tebun.dll
C:\Documents and Settings\GOBI\Application Data\moku.scr
C:\Documents and Settings\GOBI\Application Data\hecywygu.bat
C:\Program Files\Common Files\ybyle.pif
C:\Program Files\Common Files\ihomojorow.dl
C:\Program Files\Common Files\xetujo.sys
C:\WINDOWS\bubag.exe
C:\Program Files\Common Files\ihawitafa.sys
C:\Documents and Settings\All Users\Application Data\ucyl.dll
C:\WINDOWS\mahojoqupa.bat
C:\Documents and Settings\All Users\Application Data\yjyf.pif
C:\WINDOWS\vodohyto.dll
C:\WINDOWS\system32\bizizoheg.vbs
C:\Documents and Settings\All Users\Application Data\ijag.bin
C:\Documents and Settings\GOBI\Application Data\ketucefit.bat
C:\WINDOWS\system32\awijasenaz.sys
C:\WINDOWS\muvopiguk.dll
C:\WINDOWS\nedexa.exe
C:\Program Files\Common Files\jihihi.scr
C:\Documents and Settings\All Users\Application Data\enyx.exe
C:\Documents and Settings\GOBI\Application Data\vivadahofa.sys
C:\Program Files\Common Files\ypabiky.bat
C:\WINDOWS\ybicybunyp.scr
C:\WINDOWS\xupaw.pif

File::
C:\WINDOWS\ss3unstl.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\system32\blastclnnn.exe
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000
C:\pcwtest.tmp
C:\WINDOWS\system32\SETD.tmp
C:\WINDOWS\DUMPf01c.tmp
C:\WINDOWS\DUMP40cd.tmp
C:\WINDOWS\DUMP34a7.tmp
C:\WINDOWS\DUMP907e.tmp

Folder::
C:\Program Files\uTorrent
C:\Documents and Settings\GOBI\Application Data\uTorrent


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-
"C:\\Documents and Settings\\GOBI\\My Documents\\downloads sw\\utorrent-1.8-beta-9704.upx.exe"=-
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=-
"C:\\Program Files\\Grisoft\\AVG7\\AVGAMSVR.EXE"=-
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=-
"C:\\Program Files\\Grisoft\\AVG7\\AVGEMC.EXE"=-

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=-
"Avg7Alrt"=-
"Avg7UpdSvc"=-
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply and a fresh HijackThis log please.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
See less See more
Save
Like
G
at the first time i have tried to move the cfscript to combofix.exe my system immeadiately restarted and the second time i have reinstalled the combofix.exe and then done the same thing, but a warning sign came with "windows - corrupt file"

the file or directory
\windows\prefetch\findstr.cfexe-32ac91d4.pf us corrupt and unreadable. please run the chkdsk utility

:4-dontkno
Save
Like
1 - 20 of 32 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top