|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
11-04-2009, 10:46 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2007
Posts: 12
OS: windows XP
|
PC infected badly please help
Hiiii
My PC seems to be infected. The task manager and Regedit have been disabled. I have tried taskmanagerfix but after 2-3 seconds task manager again gets disabled. Also on trying to boot into safe mode the PC restarts. On doing right click or search the explorer hangs and I am able to access only documents which are already opened. The explorer also hangs on selecting a zip file. I am attaching the zip file containing ark.txt and attach.txt. Since my pc is hanging on clicking on a zip file therefore I have renamed it as Attach.txt. Please replace the extention .txt by .zip and use the zip file to extract the text files. I have access to a Windows Install disc. The DDS.txt file contents are as follows:- ----------------------------------- DDS.txt ----------------------------------- DDS (Ver_09-10-26.01) - NTFSx86 Run by Administrator at 18:19:52.79 on Wed 11/04/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1013.555 [GMT 5.5:30] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\program files\FlashGet\FlashGet.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\program files\Messenger\msmsgs.exe C:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\program files\WinZip\WZQKPICK.EXE C:\program files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe C:\Documents and Settings\Administrator.KANISHKAS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\program files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrator.KANISHKAS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator.KANISHKAS\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.in/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Taskman=c:\recycler\s-1-5-21-1476329471-6070127140-614214577-4814\sysdate.exe uWinlogon: Shell=c:\recycler\s-1-5-21-1442276429-8218181543-125749235-9612\hdav.exe,c:\recycler\s-1-5-21-8797370955-1611660884-507078225-5404\msmxeng.exe,explorer.exe,c:\recycler\s-1-5-21-1476329471-6070127140-614214577-4814\sysdate.exe,Explorer.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\administrator.kanishkas\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe" mRun: [Flashget] "c:\program files\flashget\FlashGet.exe" /min mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [RRT-Auto] c:\documents and settings\administrator.kanishkas\my documents\downloads\RRT.exe auto mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Anti Trojan Elite] c:\program files\anti trojan elite\TJEnder.exe :NO mRun: [TE_RegProtect] c:\program files\anti trojan elite\TERegPct.exe StartupFolder: c:\docume~1\admini~1.kan\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-system: DisableRegistryTools = 1 (0x1) uPolicies-system: DisableTaskMgr = 1 (0x1) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254391065187 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {0C5259DF-7FDD-4C8D-BBCB-A9E2AA8939FC} = 202.56.250.5 202.56.250.6 TCP: {53317735-F97A-48BB-8900-60B0D5AB21A1} = 192.168.100.3 TCP: {6FC742B0-30B4-4297-9E83-110F332908A0} = 192.168.100.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64288] R2 ATE_PROCMON;ATE_PROCMON;c:\program files\anti trojan elite\ATEPMON.sys [2009-10-30 9216] R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-9-30 51816] R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\etkokm.sys --> c:\windows\system32\drivers\etkokm.sys [?] S2 eozknepru;Security Config;c:\windows\system32\svchost.exe -k netsvcs [2009-9-30 14336] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232] =============== Created Last 30 ================ 2009-11-04 12:21:24 0 d-----w- C:\zip 2009-11-04 12:19:57 167936 ----a-w- C:\unzip.exe 2009-11-04 12:19:57 135168 ----a-w- C:\zip.exe 2009-11-04 12:08:25 674665 ----a-w- C:\Windows WGA Patcher Permanent Kit.zip 2009-10-30 10:48:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-30 07:50:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-10-30 07:21:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-30 07:20:13 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-30 07:19:42 0 d-----w- c:\program files\Lavasoft 2009-10-30 07:15:50 0 d-----w- c:\program files\Anti Trojan Elite 2009-10-30 06:24:26 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-10-30 06:24:26 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy 2009-10-30 05:10:09 0 d-----w- c:\program files\Trend Micro 2009-10-29 13:04:10 0 d-----w- c:\docume~1\admini~1.kan\applic~1\Mobipocket 2009-10-29 11:35:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-29 11:35:02 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-28 13:04:28 0 d-----w- c:\docume~1\admini~1.kan\applic~1\Malwarebytes 2009-10-28 13:04:15 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-10-28 12:46:20 11254 ----a-w- c:\windows\system32\locate.com 2009-10-28 12:04:58 0 d-----w- C:\RRTVAULT 2009-10-28 12:02:38 0 --sha-r- c:\windows\system32\setting.ini 2009-10-28 11:54:41 7302 ----a-w- c:\windows\system32\rrt_vf.wav 2009-10-28 11:54:41 7148 ----a-w- c:\windows\system32\rrt_tv.wav 2009-10-28 11:54:41 6282 ----a-w- c:\windows\system32\rrt_tn.wav 2009-10-28 11:54:41 16244 ----a-w- c:\windows\system32\rrt_is.wav 2009-10-28 11:41:26 440 --sha-r- c:\documents and settings\administrator.kanishkas\ntuser.pol 2009-10-28 11:40:18 0 d--h--w- c:\windows\system32\GroupPolicy 2009-10-28 10:31:37 0 d-----w- c:\windows\system32\wbem\Repository 2009-10-28 09:50:43 0 d-s---w- C:\ComboFix 2009-10-28 09:50:34 0 d-sha-r- C:\cmdcons 2009-10-28 09:49:20 0 d-sh--w- c:\windows\system32\28463 2009-10-28 09:47:53 0 dc----w- c:\windows\system32\dllcache\cache 2009-10-28 09:43:55 0 d-----w- c:\windows\pss 2009-10-28 05:50:21 0 d-sha-w- C:\cmdcons(2) 2009-10-28 04:47:52 10466 ----a-w- C:\fr.docx 2009-10-26 07:49:57 301056 ----a-w- C:\FAX WESEE 93 - Integ Acty Oct 5 wk.doc 2009-10-21 11:07:34 96 --sha-r- c:\windows\system32\setup.ini 2009-10-20 11:51:23 490870 ----a-w- C:\08092009620.jpg 2009-10-20 11:49:54 477918 ----a-w- C:\13092009625.jpg 2009-10-20 11:48:10 447223 ----a-w- C:\29092009647.jpg 2009-10-20 11:48:03 533453 ----a-w- C:\13092009635.jpg 2009-10-20 11:44:32 480812 ----a-w- C:\Pinku_Tinku.jpg 2009-10-16 04:01:42 367 ----a-w- c:\windows\GWPROTR.INI 2009-10-14 06  42 2182144 ----a-w- C:\NTG SNF Build 2.1 ITP report.doc2009-10-13 10:14:32 0 d-----w- c:\docume~1\admini~1.kan\applic~1\Ashampoo 2009-10-13 09:17:02 126 ----a-w- c:\windows\mdm.ini 2009-10-13 09:16:55 288 ----a-w- c:\windows\ODBC.INI 2009-10-13 09:15:47 0 d-----w- c:\program files\Web Publish 2009-10-13 09:00:59 103424 ----a-w- c:\windows\extrac32.exe 2009-10-13 09:00:39 5 ----a-w- c:\windows\VS98ENT.MIF 2009-10-13 05:41:22 6867 ----a-w- c:\windows\gwspro.ini 2009-10-13 05:41:11 212992 ----a-w- c:\windows\ALCHUNIN.EXE 2009-10-13 05:40:40 0 d-----w- c:\program files\Alchemy Mindworks 2009-10-08 04:53:58 167936 ---h--w- c:\windows\system32\RegEx.fne 2009-10-07 06:33:41 13609 ----a-w- C:\Kanishka.doc.docx ==================== Find3M ==================== 2009-10-29 08:57:11 49244 ----a-w- c:\windows\fonts\kundli.ttf 2009-10-28 12:46:19 39150 ----a-w- C:\MGlogs.zip 2009-09-30 13:25:33 682232 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-30 13:00:11 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2004-08-04 00:56:44 169760 --sha-r- c:\windows\system32\whlztqkk.dll ============= FINISH: 18:20:10.29 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-06-2009, 07:59 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jul 2007
Posts: 12
OS: windows XP
|
Re: PC infected badly please help
further update. My PC has stopped booting into windows completely i.e. now it restarts everytime windows starts initilizing. So I installed windows again without formatting the partition. But as soon as I installed windows again without installing any other software, again my task manager has been disabled. Please help.
thanx and Regards ksarkar |
|
|
|
|
| Thread Tools | |
|
|
