freeseedboxx

well, first of all and before everything i'd like to sahy hi to everyone as i am new here .. and really thank you for letting me be part of your community ..

now with my problem, i am running windows XP SP3 now on my pc, normaly when i face any problem with any spyware/malware , viruses or anything .. i know my way to fix it , i just google it and usually one of the first couple of answers work and i am happy again in no time ... not this time though ... i am feeling desperate and cant do anything ..

i was just sitting normally on my pc i felt it was a little too slow, i tried to open thet task manager to see whats wrong thats when the first sign of the infection hit me ... "the task manager has been disabled by your administrator" ... WTH , i am the administrator ... anyways, i googled the problem found dozens of solutions so i thought thank god, its easy, i tried the first couple of solutions and they didnt work, one of then included registery editing .. now trying to start regedit .. the second hit ... "registry editing was disabled by your administrator"

i am (WAS) running kaspersky intrenet security fully updated and all .. so i decided to make a full system scan to catch the bugger .. so i double clicked on the mini icon of KIS and it hangs there a little then becomes not responding ... and then is closed by windows .. and never opens again ... that freaking bugger killed kaspersky !!! ... i tried everything .. every malware and syware scanner and killer out there that was recommended to me .. trying scanning in safe mode and in normal mode

i even tried removing kaspersky to reinstall it and it never re installs (i had to see that one coming .. so this is kinda stupid of me ) ..

anyways , i finally got the task manager and regedit to work by some search i done in google, but whenever i close tha task manager, when i try to reopen it, the same eroor message and i have to run the commands again ..

i do it by using run to enter the following commands one after another:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

i dont know that much actually i just copied/pasted them from a post on the internet ..

so anyone knows how i can remove this virus/trojan/whatever he is ?? and reinstall my kaspersky and living a normal life again ?? .. i am desperate .. and sorry for the long topic

freeseedboxx

i am really sorry about double posting .. but it seems i cant even access my own topic a****n ... i am trying to edit it to post my DDS.txt and attach the files

here's my DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 10:52:40.40 on Sun 07/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2046.1423 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\program files\mozilla firefox\firefox.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\rxhxpl.exe
C:\Documents and Settings\Admin\Desktop\dds.pif
C:\Documents and Settings\Admin\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.sweetim.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=aaqlpSlEeLPao4qxnUcn2Q&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyServer = http=127.0.0.1:6711
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - h:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - h:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GreedyTorrent] "c:\program files\greedytorrent\GTor.exe" -tray
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "h:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [True Sword 5] c:\program files\true sword 5\TrueSword5.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D18EAF49-53E5-428F-9015-C120002082D0} = 163.121.128.134 163.121.128.135
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\m6f4xa3h.default\
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsaix.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-15 604416]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nknrms.sys --> c:\windows\system32\drivers\nknrms.sys [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R4 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-7-19 296976]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 ikfileflt;File Filter Driver;c:\windows\system32\drivers\ikfileflt.sys --> c:\windows\system32\drivers\ikfileflt.sys [?]
S1 iksysflt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys --> c:\windows\system32\drivers\iksysflt.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cpuz130;cpuz130;\??\c:\docume~1\admin\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admin\locals~1\temp\kiq929.tmp --> c:\docume~1\admin\locals~1\temp\KIQ929.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-20 33752]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-9-18 333328]

=============== Created Last 30 ================

2009-07-19 10:19 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-07-19 10:19 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-07-19 10:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-07-17 22:14 <DIR> --d----- c:\program files\True Sword 5
2009-07-17 21:52 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-17 21:30 219,648 a------- c:\windows\PEV.exe
2009-07-17 21:30 161,792 a------- c:\windows\SWREG.exe
2009-07-17 21:30 98,816 a------- c:\windows\sed.exe
2009-07-17 21:01 <DIR> --d----- c:\docume~1\admin\applic~1\PC Tools
2009-07-17 20:48 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-07-17 20:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-17 19:18 0 a--shr-- C:\kht
2009-07-17 19:17 1,242 a--shr-- c:\windows\system32\autorun.in
2009-07-17 19:17 1,060 a--shr-- c:\windows\system32\autorun.i
2009-07-16 17:29 <DIR> --d----- c:\program files\Real Alternative
2009-07-16 10:21 <DIR> --d----- c:\docume~1\admin\applic~1\L4dOgerLauncher
2009-07-16 02:30 <DIR> --d----- c:\program files\Steam
2009-07-15 23:43 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-07-15 23:43 28,928 a------- c:\windows\system32\uxtuneup.dll
2009-07-15 23:43 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-15 23:39 <DIR> --d----- c:\docume~1\admin\applic~1\TuneUp Software
2009-07-15 23:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-07-15 23:39 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-07-15 23:38 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-07 04:47 <DIR> --d----- c:\program files\VisMasters
2009-07-06 18:57 <DIR> --d----- c:\program files\common files\AnimeVamp
2009-07-06 05:57 140,800 a------- c:\windows\system32\tm20dec.ax

==================== Find3M ====================

2009-07-17 17:15 1,212,448 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-17 17:15 9,416 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-17 17:08 9,666,080 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-17 17:08 81,836 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-08 18:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-03 22:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-25 05:21 219,664 a------- c:\windows\system32\klogon.dll
2009-05-25 05:18 27,507 a------- c:\windows\system32\drivers\klopp.dat
2009-05-24 15:30 128,016 a------- c:\windows\system32\drivers\kl1.sys
2009-05-07 18:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 07:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 07:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-02-17 07:29 516 -c-shr-- c:\docume~1\alluse~1\applic~1\winpage.sys
2009-01-28 15:27 22,328 ac------ c:\docume~1\admin\applic~1\PnkBstrK.sys
2008-01-11 16:03 37,125 -c-s---- c:\docume~1\alluse~1\applic~1\winstat.sys
2008-05-21 18:42 2 a--shrot c:\windows\winstart.bat
2009-03-19 03:31 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031920090320\index.dat

============= FINISH: 10:52:57.06 ===============

and here\s all that loads when i try to access my topic again ... it never goes past that

Attached Files

attach.rar (6.7 KB, 0 views)