Cyber Tech Help Support Forums

Cyber Tech Help Support Forums (https://www.cybertechhelp.com/index.php)
-   Malware Removal (https://www.cybertechhelp.com/forumdisplay.php?f=25)
-   -   I can't access Program files or any hard drives and task manager is disabled. (https://www.cybertechhelp.com/showthread.php?t=187391)

kreature06 September 8th, 2008 11:03 PM

I can't access Program files or any hard drives and task manager is disabled.
 
I have this same thing, I can't even access Program files or any hard drives, task manager is disabled. I can't go to Run, control panel and numerous shortcuts are missing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02: VIRUS ALERT!, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSA\MSA.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: fqbewlna - {EB6ABD3D-F2E7-4807-B9B6-F62AE3021A17} - C:\WINDOWS\fqbewlna.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphcgjkj0eg8v] C:\WINDOWS\system32\lphcgjkj0eg8v.exe
O4 - HKLM\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe
O4 - HKLM\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe
O4 - HKLM\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe
O4 - HKLM\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [7c78a786] rundll32.exe "C:\WINDOWS\system32\yewecdic.dll",b
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\YUR5A5.exe] C:\Windows\system32\YUR5A5.exe
O4 - HKCU\..\Run: [\YUR5A6.exe] C:\Windows\system32\YUR5A6.exe
O4 - HKCU\..\Run: [\YUR5A7.exe] C:\Windows\system32\YUR5A7.exe
O4 - HKCU\..\Run: [\YUR5A8.exe] C:\Windows\system32\YUR5A8.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fio...zTCPConfig.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: lfihyw.dll,avgrsstx.dll
O21 - SSODL: dtseqrxk - {9C4AF483-2CCF-4905-AA64-3CC03FA858C3} - C:\WINDOWS\dtseqrxk.dll
O21 - SSODL: mgxfebsq - {6613539C-7FE6-4EED-866D-D28D35E27734} - C:\WINDOWS\mgxfebsq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6546 bytes

kreature06 September 9th, 2008 02:34 AM

I can't view My Computer and none of the hard drive directories show up but still exist. Only way to browse hard drives is to open a window from desktop and type in the letter of it.

http://i76.photobucket.com/albums/j5...ing-drives.jpg

Jintan September 12th, 2008 01:45 PM

Welcome to CTH kreature06,

Unfortunately when you added a second post in your own new requests, it gave it the appearance this had received a Helper response. The log does show some serious nuisance rogue software installed there. Let's make a few corrections to improve things then get more details back here to work from.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Although not an exact match for your situation, Right click Here and download and unzip Miekiemoes' VArestorepolicies.zip to your desktop (Save Target/Link As). Then right click the VArestorepolicies.inf created and select Install. This will correct some of the changes like your use of the Task Manager (Thanks to Miekiemoes for the Fix).


Then Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt.

OTViewIt will also create a second log, Extras.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored on your desktop).

Note - do not press any other buttons or make any other changes when running the scan.


You can use separate posts here when replying and posting the log files if needed.


All times are GMT +1. The time now is 09:29 AM.

Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.