Jump to content

sanantoniorose

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yesterday I was invaded by XP security center 2012. Disallowed access to internet, email program, registry - even office documents. Many hrs. later finally neutralized the monster but cannot run malware to remove it, even downloading by flash drive and direct under code names. Defogger ran OK w/both logs saved to desktop. Must have left too many boxes unchecked on gmer - it ran for 4 hrs, didn't see a 'save' option before hitting OK - can't find results now. Tried removing, reloading malware several times after this. Still won't run. Have had malware on computer a few yrs now but never appreciated it so much as now when I can't use it. Would like to reserve 3rd ring of hell for creator of this virus. Meanwhile - HELP! Also, cannot access AVG or any other previously installed virus protection program except superantispyware, which continues to show 1) System.BrokenFileAssociation - Registry Keys HKCR\exe. and 2) Trojan.Agent/Gen - Registry Keys HKU\S-1-5-21-4079815281-988236139-2204112170-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#3570697527 Thanks for any help . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Lucy at 12:26:23 on 2011-06-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2135 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe svchost.exe C:\Documents and Settings\Lucy\Local Settings\Application Data\sfa.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Atheros\ACU.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Lucy\Desktop\Defogger.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [3570697527] c:\documents and settings\lucy\local settings\application data\sfa.exe mRun: [TFncKy] TFncKy.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui mRun: [TPSMain] TPSMain.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [CFSServ.exe] CFSServ.exe -NoClient mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab TCP: DhcpNameServer = 192.168.15.1 TCP: Interfaces\{C7E8365D-8C8B-4049-98EF-BF7C36359EA7} : DhcpNameServer = 192.168.15.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 108552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67656] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-13 297752] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-3-7 5888] R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-12-13 51576] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 IO_Memory;IO_Memory; [x] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872] S3 SVRPEDRV;SVRPEDRV; [x] . =============== Created Last 30 ================ . 2011-06-26 16:43:18 -------- d-----w- c:\documents and settings\lucy\application data\Uniblue 2011-06-26 16:43:14 -------- dc-h--w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2011-06-26 16:43:14 -------- d-----w- c:\program files\Uniblue 2011-06-26 16:43:05 -------- d-----w- c:\documents and settings\lucy\local settings\application data\PackageAware 2011-06-26 04:46:31 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll 2011-06-26 04:46:31 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2011-06-26 04:46:30 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll 2011-06-26 04:46:30 10752 ----a-w- c:\windows\system32\c_iscii.dll 2011-06-26 04:46:28 5632 -c--a-w- c:\windows\system32\dllcache\kbdusa.dll 2011-06-26 04:46:28 5632 ----a-w- c:\windows\system32\kbdusa.dll 2011-06-26 04:46:23 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll 2011-06-26 04:46:23 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2011-06-26 02:05:12 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-06-25 19:09:33 348160 ----a-w- c:\documents and settings\lucy\local settings\application data\sfa.exe 2011-06-16 21:34:05 105472 -c----w- c:\windows\system32\dllcache\mup.sys . ==================== Find3M ==================== . 2011-06-18 01:00:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . ============= FINISH: 12:27:31.73 =============== dds text.txt attach.txt defogger_disable.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.