RedDragon has a problem
DogDragon
Jacksonville, Fl Icrontian
RedDragon has a problem here's the Hijackthis log
so far he ran spybot,avg,cc,and housecalls they all removed
some. But he pc still not right it's slow real slow
Logfile of HijackThis v1.99.1
Scan saved at 9:34:49 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\reader_s.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
C:\Documents and Settings\Administrator\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2117504856.exe
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {40b2a2d2-d063-4d1b-b0d1-4c9bb94169bd} - C:\WINDOWS\system32\yuhisona.dll
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [sanaviyube] Rundll32.exe "C:\WINDOWS\system32\gojobeju.dll",s
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [7c6b13e2] rundll32.exe "C:\WINDOWS\system32\yetubiyi.dll",b
O4 - HKLM\..\Run: [CPM7f58207e] Rundll32.exe "c:\windows\system32\tehubufe.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2117504856.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\reguligu.dll c:\windows\system32\korenobi.dll c:\progra~1\ThunMail\testabd.dll c:\windows\system32\tehubufe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tehubufe.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
so far he ran spybot,avg,cc,and housecalls they all removed
some. But he pc still not right it's slow real slow
Logfile of HijackThis v1.99.1
Scan saved at 9:34:49 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\reader_s.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
C:\Documents and Settings\Administrator\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2117504856.exe
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {40b2a2d2-d063-4d1b-b0d1-4c9bb94169bd} - C:\WINDOWS\system32\yuhisona.dll
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [sanaviyube] Rundll32.exe "C:\WINDOWS\system32\gojobeju.dll",s
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [7c6b13e2] rundll32.exe "C:\WINDOWS\system32\yetubiyi.dll",b
O4 - HKLM\..\Run: [CPM7f58207e] Rundll32.exe "c:\windows\system32\tehubufe.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afjxfrky.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2117504856.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\reguligu.dll c:\windows\system32\korenobi.dll c:\progra~1\ThunMail\testabd.dll c:\windows\system32\tehubufe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tehubufe.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
0
Comments
Let's make sure though
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Thanks for looking
Thanks for letting me know