Tech Support banner

Not open for further replies.
1 - 3 of 3 Posts

3 Posts
Discussion Starter · #1 ·
Hey everyone. My computer has recently become pretty infected after lending it to a friend. Spybot and AVG took care of what they could but I then realized that I might not be the best person to tackle this, so I came here. If someone could help it would be hugely appreciated. Here is the DDS.

DDS (Version 1.1.0) - NTFSx86
Run by Lori at 15:38:06.54 on Mon 01/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.166 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lori\Desktop\

============== Pseudo HJT Report ===============

uStart Page = hxxp://
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: c:\windows\system32\hsd63geff.dll: {c5af42a3-94f3-42bd-f434-3604832c897d} - c:\windows\system32\hsd63geff.dll
BHO: {e4dad7c8-781f-4570-b876-27e5864e4625} - c:\windows\system32\yonugese.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [S3Trayp] S3trayp.exe
mRun: [Cpl32ver] c:\windows\system32\Cpl32ver.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [jsg8jfgfdfhfhf] c:\windows\temp\winlogun.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: WinCtrl32 - WinCtrl32.dll
AppInit_DLLs: c:\windows\system32\gorumiba.dll,c:\windows\system32\,c:\windows\system32\desoyahi.dll,avgrsstx.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\desoyahi.dll
STS: c:\windows\system32\hsd63geff.dll: {c5af42a3-94f3-42bd-f434-3604832c897d} - c:\windows\system32\hsd63geff.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\desoyahi.dll
LSA: Notification Packages = scecli c:\windows\system32\gorumiba.dll

============= SERVICES / DRIVERS ===============

R0 Winux50;Winux50;c:\windows\system32\drivers\Winux50.sys [2006-3-14 31616]
R0 Ydg58;Ydg58;c:\windows\system32\drivers\Ydg58.sys [2008-8-14 32768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 26824]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2002-1-1 792576]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 231704]

=============== Created Last 30 ================

==================== Find3M ====================

2009-01-05 14:25 32,768 a------- c:\windows\system32\drivers\Ydg58.sys
2009-01-05 10:28 31,616 a------- c:\windows\system32\drivers\Winux50.sys
2009-01-03 21:54 101,579 a--sh--- c:\windows\system32\jeteroje.dll
2009-01-03 20:54 92,422 -------- c:\windows\system32\gazanudu.dll
2009-01-03 20:54 102,575 a--sh--- c:\windows\system32\rimuwuka.dll
2009-01-03 20:54 66,727 a--sh--- c:\windows\system32\dapatudi.dll
0000-00-00 00:00 69,632 a--sh--- c:\windows\system32\jujutoji.dll
0000-00-00 00:00 66,727 a--sh--- c:\windows\system32\yonugese.dll

============= FINISH: 15:38:50.90 ===============


Premium Member
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Download ResetTeaTimer
  • and Save it to your Desktop.
  • Double-click
  • Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
  • A DOS window will open and close again, this is normal.

If for some reason during these fixes you receive prompts from Spybot about whether to accept or deny any changes, please Accept them all.


Please visit this webpage for download links, and instructions for running ComboFix:

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.


Premium Member
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

1 - 3 of 3 Posts
Not open for further replies.