Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old September 8th, 2008, 11:03 PM
kreature06 kreature06 is offline
New Member
 
Join Date: Sep 2008
Posts: 2
I can't access Program files or any hard drives and task manager is disabled.

I have this same thing, I can't even access Program files or any hard drives, task manager is disabled. I can't go to Run, control panel and numerous shortcuts are missing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02: VIRUS ALERT!, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSA\MSA.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: fqbewlna - {EB6ABD3D-F2E7-4807-B9B6-F62AE3021A17} - C:\WINDOWS\fqbewlna.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphcgjkj0eg8v] C:\WINDOWS\system32\lphcgjkj0eg8v.exe
O4 - HKLM\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe
O4 - HKLM\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe
O4 - HKLM\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe
O4 - HKLM\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [7c78a786] rundll32.exe "C:\WINDOWS\system32\yewecdic.dll",b
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe
O4 - HKCU\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe
O4 - HKCU\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe
O4 - HKCU\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fio...zTCPConfig.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: lfihyw.dll,avgrsstx.dll
O21 - SSODL: dtseqrxk - {9C4AF483-2CCF-4905-AA64-3CC03FA858C3} - C:\WINDOWS\dtseqrxk.dll
O21 - SSODL: mgxfebsq - {6613539C-7FE6-4EED-866D-D28D35E27734} - C:\WINDOWS\mgxfebsq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6546 bytes
Reply With Quote
  #2  
Old September 9th, 2008, 02:34 AM
kreature06 kreature06 is offline
New Member
 
Join Date: Sep 2008
Posts: 2
I can't view My Computer and none of the hard drive directories show up but still exist. Only way to browse hard drives is to open a window from desktop and type in the letter of it.


Last edited by kreature06; September 9th, 2008 at 02:57 AM.
Reply With Quote
  #3  
Old September 12th, 2008, 01:45 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,259
Welcome to CTH kreature06,

Unfortunately when you added a second post in your own new requests, it gave it the appearance this had received a Helper response. The log does show some serious nuisance rogue software installed there. Let's make a few corrections to improve things then get more details back here to work from.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Although not an exact match for your situation, Right click Here and download and unzip Miekiemoes' VArestorepolicies.zip to your desktop (Save Target/Link As). Then right click the VArestorepolicies.inf created and select Install. This will correct some of the changes like your use of the Task Manager (Thanks to Miekiemoes for the Fix).


Then Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt.

OTViewIt will also create a second log, Extras.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored on your desktop).

Note - do not press any other buttons or make any other changes when running the scan.


You can use separate posts here when replying and posting the log files if needed.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Task Manager disabled, .dlls missing, soundcard disabled, slow laptop, ect. Future01 Malware Removal 5 June 16th, 2009 03:11 AM
task manager has disabled itself...HELP!! The Gothfather Windows XP 3 September 12th, 2008 07:52 PM
Need Help!. Can't access task manager. Another program is currently using this file. bunnienico Malware Removal 27 July 4th, 2007 09:29 PM
Task Manager Disabled Idris Windows XP 5 March 10th, 2007 02:52 AM
Disabled Task Manager FloridaRican Malware Removal 17 August 19th, 2006 09:39 PM


All times are GMT +1. The time now is 03:33 AM.