WiredWX Hobby Weather ToolsLog in

 


descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyMy computer is infected with GOD KNOWS WHAT !!!

more_horiz
Hello,


I have the following problems :

* I can't run Task Manager and it says "Task Manager has been disabled by your admin"

* I can't run Registry Editing and it says"Registry Editing has been disabled by your adm"

* I can't run multimedia programs, and every anti virus and trojan remover get corrupted


I have formatted my computer over 3 times and I still have the same problem



PLEASE HELP ME


Kind regards,

rko2233



P.S. I will post more info in the next reply

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:34 م, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winnyfw.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winawkco.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD4903A-73A4-4B7F-BB49-20E25D2E6000}: NameServer = 84.235.6.55
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2888 bytes

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Anti-Trojan 5.5
AVG 8.5
D-Link DSL-200 ADSL Modem
HijackThis 2.0.2
hp deskjet 5100
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Microsoft Visual C++ 2005 Redistributable
Realtek AC'97 Audio
SiS VGA Utilities
SiSAGP driver
Svchost Fix Wizard
Trojan Remover 6.7.8
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
VideoLAN VLC media player 0.8.5
Windows Installer 3.1 (KB893803)
WinRAR archiver

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:08 ص, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winnyfw.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winawkco.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD4903A-73A4-4B7F-BB49-20E25D2E6000}: NameServer = 84.235.6.55
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3065 bytes

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
Hello.
You are more than likely dealing with Sality, a file infecter, sadly which, Sality cannot be fixed.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
DS (Ver_09-03-16.01) - NTFSx86
Run by Windows XP at 8:50:35.35 on Mon 04/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.479.92 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winnyfw.exe
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\winawkco.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Windows XP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\d-link\dsl-200\dslagent.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {FFD4903A-73A4-4B7F-BB49-20E25D2E6000} = 84.235.6.55
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 298264]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\johlf.sys --> c:\windows\system32\drivers\johlf.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-19 908056]
S2 xymgngtqm;Image Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-04-20 02:36 --d----- c:\docume~1\window~1\applic~1\Malwarebytes
2009-04-20 02:35 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 02:35 27,048 a------- c:\windows\system32\drivers\mbamcatchme.sys
2009-04-20 02:35 15,864 a------- c:\windows\system32\drivers\mbam.sys
2009-04-20 02:35 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 23:48 --d----- c:\program files\uTorrent
2009-04-19 23:47 --d----- c:\docume~1\window~1\applic~1\uTorrent
2009-04-19 22:34 --d----- c:\program files\Trend Micro
2009-04-19 22:13 --d----- c:\windows\pss
2009-04-19 21:09 --d-h--- C:\$AVG8.VAULT$
2009-04-19 21:07 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-19 21:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-19 21:06 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-19 21:06 --d----- c:\windows\system32\drivers\Avg
2009-04-19 21:06 --d----- c:\docume~1\window~1\applic~1\AVGTOOLBAR
2009-04-19 21:06 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-19 20:37 82,432 a----r-- c:\windows\system32\MSXML4r.dll
2009-04-19 20:37 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-04-19 20:37 1,230,336 a----r-- c:\windows\system32\MSXML4.dll
2009-04-19 20:37 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-04-19 20:36 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-04-19 20:36 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-04-19 20:32 --d----- c:\program files\VideoLAN
2009-04-19 11:14 82,380 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-04-19 11:11 --d----- c:\program files\HP
2009-04-19 11:10 --d----- c:\windows\Profiles
2009-04-19 11:09 --d----- c:\windows\system32\Adobe
2009-04-19 11:09 306,688 a------- c:\windows\IsUninst.exe
2009-04-19 11:08 220,393 a------- c:\windows\hpdj5100.his
2009-04-19 11:08 11,723 a------- c:\windows\hpdj5100.ini
2009-04-19 11:07 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-19 11:07 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-19 10:49 --d----- c:\program files\Anti-Trojan-55
2009-04-19 02:29 --d-h--- c:\windows\system32\GroupPolicy
2009-04-19 02:01 356,352 a------- c:\windows\eSellerateEngine.dll
2009-04-19 02:01 81,920 a------- c:\windows\eSellerateControl350.dll
2009-04-19 02:01 --d----- c:\program files\Svchost Fix Wizard
2009-04-19 01:50 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-04-19 01:50 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-04-19 01:50 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-04-19 01:50 75,264 a------- c:\windows\system32\unacev2.dll
2009-04-19 01:50 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-04-19 01:50 --d----- c:\program files\Trojan Remover
2009-04-19 01:50 --d----- c:\docume~1\window~1\applic~1\Simply Super Software
2009-04-19 01:42 --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-04-19 00:30 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-19 00:30 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-04-19 00:27 --d----- c:\program files\common files\ODBC
2009-04-19 00:26 77,824 ac------ c:\windows\system32\dllcache\spcommon.dll
2009-04-19 00:26 --d----- c:\program files\common files\SpeechEngines
2009-04-19 00:26 --d--r-- c:\documents and settings\all users\Documents
2009-04-19 00:25 --d----- c:\windows\system32\CatRoot2
2009-04-19 00:25 --d----- c:\windows\system32\CatRoot
2009-04-19 00:25 --d----- C:\Documents and Settings
2009-04-19 00:24 818 a------- c:\windows\system32\$winnt$.inf
2009-04-19 00:19 --d----- c:\program files\sisagp
2009-04-19 00:18 --d----- c:\program files\SiS VGA Utilities V3.73
2009-04-18 23:56 --d----- c:\program files\AVG
2009-04-18 23:29 --d----- c:\docume~1\window~1\applic~1\Uniblue
2009-04-18 23:29 --d----- c:\program files\Uniblue
2009-04-18 23:21 -cd-h--- c:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-04-18 22:11 --d----- c:\program files\Project64 v1.5
2009-04-18 22:07 --d----- c:\program files\D-Link
2009-04-18 22:04 --d----- c:\program files\Realtek Sound Manager
2009-04-18 22:04 --d----- c:\program files\AvRack
2009-04-18 21:37 --dsh--- c:\documents and settings\all users\DRM
2009-04-18 21:36 --d-h--- c:\program files\WindowsUpdate
2009-04-18 21:35 --d----- c:\program files\common files\MSSoap
2009-04-18 21:34 --d----- c:\program files\Online Services
2009-04-18 21:33 --d----- c:\program files\Messenger
2009-04-18 21:33 --d----- c:\program files\MSN Gaming Zone
2009-04-18 21:33 --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-04-18 23:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-18 21:34 21,640 a------- c:\windows\system32\emptyregdb.dat
2004-08-04 10:56 159,720 a--shr-- c:\windows\system32\qgeefs.dll

============= FINISH: 8:51:21.29 ===============

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
Hello.
Yep, it's Sality. Sorry, but game over.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

descriptionMy computer is infected with GOD KNOWS WHAT !!! EmptyRe: My computer is infected with GOD KNOWS WHAT !!!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum