|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
September 8th, 2008, 11:03 PM
|
|||
|
|||
|
I can't access Program files or any hard drives and task manager is disabled.
I have this same thing, I can't even access Program files or any hard drives, task manager is disabled. I can't go to Run, control panel and numerous shortcuts are missing.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:02: VIRUS ALERT!, on 9/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DeltaIITray.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\MSA\MSA.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing) O3 - Toolbar: fqbewlna - {EB6ABD3D-F2E7-4807-B9B6-F62AE3021A17} - C:\WINDOWS\fqbewlna.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lphcgjkj0eg8v] C:\WINDOWS\system32\lphcgjkj0eg8v.exe O4 - HKLM\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe O4 - HKLM\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe O4 - HKLM\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe O4 - HKLM\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [7c78a786] rundll32.exe "C:\WINDOWS\system32\yewecdic.dll",b O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe O4 - HKCU\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe O4 - HKCU\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe O4 - HKCU\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fio...zTCPConfig.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: lfihyw.dll,avgrsstx.dll O21 - SSODL: dtseqrxk - {9C4AF483-2CCF-4905-AA64-3CC03FA858C3} - C:\WINDOWS\dtseqrxk.dll O21 - SSODL: mgxfebsq - {6613539C-7FE6-4EED-866D-D28D35E27734} - C:\WINDOWS\mgxfebsq.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6546 bytes 
|
|
#2
September 9th, 2008, 02:34 AM
|
|||
|
|||
|
I can't view My Computer and none of the hard drive directories show up but still exist. Only way to browse hard drives is to open a window from desktop and type in the letter of it.
Last edited by kreature06; September 9th, 2008 at 02:57 AM.
|
|
#3
September 12th, 2008, 01:45 PM
|
||||
|
||||
|
Welcome to CTH kreature06,
Unfortunately when you added a second post in your own new requests, it gave it the appearance this had received a Helper response. The log does show some serious nuisance rogue software installed there. Let's make a few corrections to improve things then get more details back here to work from. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Although not an exact match for your situation, Right click Here and download and unzip Miekiemoes' VArestorepolicies.zip to your desktop (Save Target/Link As). Then right click the VArestorepolicies.inf created and select Install. This will correct some of the changes like your use of the Task Manager (Thanks to Miekiemoes for the Fix). Then Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan. When the display opens place a check next to: Scan All Users Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt. OTViewIt will also create a second log, Extras.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored on your desktop). Note - do not press any other buttons or make any other changes when running the scan. You can use separate posts here when replying and posting the log files if needed.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Task Manager disabled, .dlls missing, soundcard disabled, slow laptop, ect. | Future01 | Malware Removal | 5 | June 16th, 2009 03:11 AM |
| task manager has disabled itself...HELP!! | The Gothfather | Windows XP | 3 | September 12th, 2008 07:52 PM |
| Need Help!. Can't access task manager. Another program is currently using this file. | bunnienico | Malware Removal | 27 | July 4th, 2007 09:29 PM |
| Task Manager Disabled | Idris | Windows XP | 5 | March 10th, 2007 02:52 AM |
| Disabled Task Manager | FloridaRican | Malware Removal | 17 | August 19th, 2006 09:39 PM |
All times are GMT +1. The time now is 01:23 AM.