[albertspade]

Hi,
I have installed hijack this on my computer.But when i want to execute it, it doesnt show anything.
Will somebody help me in this regard.I think my computer is infected by some virus.
My regedit, cmd, taskmgr, msconfig, gpedit.msc is also not working.
Please Help.
Thanks.

[Advertisements]

Hi albertspade,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner
OTMoveIt2 by OldTimer.
Malwarebytes' Anti-Malware from Here or Here


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:

• Close all other windows before proceeding.
• Double click on the dss.exe file on your Desktop and follow the prompts.
• Scans will run, and 2 text files will open in Notepad.
• Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Also include the text fropm the log created by MBAM


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5

I will close the other unanswered thread that you have.
In future, please do not double post.

Edited by sage5, 25 February 2008 - 05:27 AM.

[sage5]

Hi albertspade,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner
OTMoveIt2 by OldTimer.
Malwarebytes' Anti-Malware from Here or Here


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:

• Close all other windows before proceeding.
• Double click on the dss.exe file on your Desktop and follow the prompts.
• Scans will run, and 2 text files will open in Notepad.
• Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Also include the text fropm the log created by MBAM


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5

I will close the other unanswered thread that you have.
In future, please do not double post.

Edited by sage5, 25 February 2008 - 05:27 AM.

[albertspade]

Thanx sage5 for your quick response.

This is my mbam log :

unLoi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... http://www.freewebto...m/gaigoisaigon/


Malwarebytes' Anti-Malware 1.05

Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... http://www.freewebto...m/gaigoisaigon/
unLoi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... http://www.freewebto...m/gaigoisaigon/




Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... http://www.freewebto...m/gaigoisaigon/
FC:\WINDOWS\hinhem.scr
Scan type: Quick Scan
Objects scanned: 10719
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by albertspade, 27 February 2008 - 03:43 AM.

[albertspade]

This is my Deckard's System Scanner log :

main.txt :

Deckard's System Scanner v20071014.68
Run by Cummins on 2008-02-27 13:29:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-02-27 07:59:57 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-02-26 07:15:47 UTC - RP6 - System Checkpoint
5: 2008-02-25 05:46:17 UTC - RP5 - Installed AVG 7.5
4: 2008-02-25 05:43:47 UTC - RP4 - Installed AVG 7.5
3: 2008-02-25 05:40:32 UTC - RP3 - Removed AVG 7.5


-- First Restore Point --
1: 2008-02-22 10:19:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-27 13:30:51
Platform: Windows XP Service Pack 2, v.2096 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SoundMan.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\comp backup\UltraSurf v8.8.exe
C:\Documents and Settings\Cummins\Desktop\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
F0 - system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\scvhost.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Global Startup: WordWeb.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{68B26C19-F436-4C24-AFC8-548FBC384F63}: NameServer = 202.138.96.2,202.138.103.100
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Cummins\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=


--
End of file - 7316 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 hpdj - c:\docume~1\cummins\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-27 10:45:38 354 --a------ C:\WINDOWS\Tasks\At1.job


-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-27 10:58:27 0 d-------- C:\Documents and Settings\Cummins\Application Data\Malwarebytes
2008-02-27 10:57:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-27 10:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-27 08:19:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-26 15:06:13 0 dr-h----- C:\$VAULT$.AVG
2008-02-26 12:19:54 0 d--hs---- C:\FOUND.000
2008-02-25 16:24:36 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-02-25 16:11:18 0 d-------- C:\Program Files\Trend Micro
2008-02-25 16:06:07 0 d-------- C:\Documents and Settings\Cummins\Application Data\Grisoft
2008-02-25 13:28:39 0 d-------- C:\bintheredunthat
2008-02-25 13:23:55 0 d-------- C:\BFU
2008-02-25 12:45:29 0 d-------- C:\WINDOWS\pss
2008-02-25 11:16:39 0 d-------- C:\Documents and Settings\Cummins\Application Data\AVG7
2008-02-25 11:16:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-25 11:16:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 11:13:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-22 15:48:04 0 d-------- C:\WINDOWS\Prefetch
2008-02-22 15:43:33 0 d-------- C:\Program Files\msn gaming zone
2008-02-22 15:09:17 0 d-------- C:\Program Files\Lavasoft
2008-02-22 15:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 15:08:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:44:45 0 dr-h----- C:\Documents and Settings\Cummins\Recent
2008-02-22 13:43:41 0 d-------- C:\Program Files\CCleaner
2008-02-22 13:26:10 0 d-------- C:\Program Files\Windows Resource Kits
2008-02-22 13:20:00 0 d-------- C:\Program Files\Opera
2008-02-22 12:16:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-22 12:16:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-02-22 10:34:12 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-22 10:34:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-22 10:34:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-22 10:34:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-22 10:34:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-22 10:34:07 0 d-------- C:\WINDOWS\%DownloadedProgramFiles%
2008-02-22 10:09:07 0 d-a------ C:\WINDOWS\system32
2008-02-22 10:09:07 20480 --a------ C:\WINDOWS\system32\normaliz.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-22 09:46:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-22 09:46:27 524288 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-22 09:46:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-22 09:46:27 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-22 09:46:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-22 09:46:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-22 09:46:14 0 d-------- C:\WINDOWS\CSC
2008-02-18 16:15:19 0 d-------- C:\Documents and Settings\Cummins\.SunDownloadManager


-- Find3M Report ---------------------------------------------------------------

2008-02-22 15:40:58 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-25 09:14:46 0 d-------- C:\Program Files\FLV Player
2008-01-14 13:53:22 0 d-------- C:\Program Files\WordWeb
2008-01-14 13:51:44 0 d-------- C:\Program Files\Dictionary


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-02-27 13:31:33 ------------







extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 502.73 MiB / 148.04 MiB
Pagefile Memory (total/avail): 1229.81 MiB / 782.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.96 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 14.63 GiB total, 9.46 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 9.76 GiB total, 5.5 GiB free.
F: is Fixed (FAT32) - 9.76 GiB total, 5.27 GiB free.
G: is Fixed (FAT32) - 9.76 GiB total, 1.57 GiB free.
H: is Fixed (FAT32) - 9.76 GiB total, 7.74 GiB free.
I: is Fixed (FAT32) - 17.7 GiB total, 1.57 GiB free.
J: is Fixed (FAT32) - 19.52 GiB total, 1.3 GiB free.
M: is Fixed (Ext2) - 9.77 GiB total, 5.37 GiB free.
O: is Fixed (Ext2) - 10.04 GiB total, 1.56 GiB free.

\\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 8 partitions
\PARTITION0 (bootable) - Unknown - 14.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 59.87 GiB - E: - F: - G: - H: - M: - O:

\\.\PHYSICALDRIVE1 - ST940211 3A USB Device - 37.26 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 37.24 GiB - I: - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Cummins (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type667 / Error
Event Submitted/Written: 02/27/2008 10:48:54 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ultrasurf v8.8.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.2096, fault address 0x00012b0a.
Processing media-specific event for [ultrasurf v8.8.exe!ws!]

Event Record #/Type664 / Success
Event Submitted/Written: 02/27/2008 10:45:41 AM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.

Event Record #/Type661 / Error
Event Submitted/Written: 02/27/2008 10:45:15 AM
Event ID/Source: 1000 / Windows Product Activation
Event Description:
An error occurred while the wizard was checking the current Windows product license. Error Code: 4 0x80070005

Event Record #/Type657 / Success
Event Submitted/Written: 02/27/2008 08:15:33 AM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.

Event Record #/Type648 / Success
Event Submitted/Written: 02/26/2008 00:20:30 PM
Event ID/Source: 1800 / SecurityCenter
Event Description:
The Windows Security Center Service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type398 / Warning
Event Submitted/Written: 02/27/2008 00:28:47 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\IT_HOD on the network \Device\NetBT_Tcpip_{68B26C19-F436-4C24-AFC8-548FBC384F63}.
The data is the error code.

Event Record #/Type386 / Error
Event Submitted/Written: 02/27/2008 10:45:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The hpdj service failed to start due to the following error:
%%2

Event Record #/Type380 / Error
Event Submitted/Written: 02/27/2008 10:44:13 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type379 / Error
Event Submitted/Written: 02/27/2008 10:44:12 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type378 / Error
Event Submitted/Written: 02/27/2008 10:44:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-02-27 13:31:33 ------------

[albertspade]

My problem is still the same.
regedit, gpedit.msc, taskmanager, cmd alll are still disabled.
Please give some solution.
Thanx.

[sage5]

Hi albertspade,

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[albertspade]

hi sage5,
Thanx for your quick response.
I tried your suggestion but combofix as well as hijack this is not working with my system.
I installed them, but they are not responding.Nothing happens.
What else can i do.
Thanx.

[sage5]

Hi albertspade,

To do the following, you need to change the name of Combofix.
This cannot be done with the existing version, but needs to be done at the point of saving the download, see below:
Please delete your existing version from the Desktop.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouse click combo-fix's window while it's running. That may cause it to stall**

[albertspade]

hi sage5.
Thanx for your help.
My problem is solved.Its a worm W32Imaut.AA.
I downloaded and installed norton security trial version.It detected the worm and removed it.
Thanx again.
Bye

[sage5]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.