26
Sep

My pc can’t use task manager and regedit. I also unable to access c and d drive and has fake security alerts ?

Author: admin

I post a hijack this log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:10: VIRUS ALERT!, on 9/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\program files\microsoft office\media\dllhost.exe

C:\Program Files\DAP\DAP.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\PPLiveVA\PPLiveVA.exe

C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\slserv.exe

c:\program files\idt\intelxpv_v83\wdm\STacSV.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Downlo…

c:\bc6f2049b36c47d5c6bb754e47\update\i…

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmi…

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<

R1 - HKCU\Software\Microsoft\Windows\CurrentV… Settings,AutoConfigURL = http://localhost:9000/application.pac

O2 - BHO: QXK Olive - {3B020928-1C28-4C7A-9889-3D0B5926381A} - C:\WINDOWS\dfmlxbpkqvd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: peltodgx - {1C67BD5F-A9EA-4FD0-A1D8-0AD71E86D48A} - C:\WINDOWS\peltodgx.dll

O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns… /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET… /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET… /IMEName

O4 - HKLM\..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKLM\..\Run: [dllhost] c:\program files\microsoft office\media\dllhost.exe

O4 - HKCU\..\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”

O4 - HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0

O4 - Startup: MP3 Rocket (Minimized).lnk = D:\English Song\MP3 Rocket\MP3Rocket.exe

O6 - HKCU\Software\Policies\Microsoft\Interne… Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentV… DisableRegedit=1

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PPLive - {95B3F550-91C4-4627

Answer:
I get pc help from http://www.pchelpdoc.com

Just follow some of the links you'll

Definately get some help there!

Goodluck!

Answer:
Download spybot s&d from www.spysearchdestroy.com Scan the hard drive and delete anything it finds.Download anti-virus software like norton security trial and run it in safe mode. (to access safe mode press F8 on startup) Scan for viruses and delete.

Book Mark it-> del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Netscape | Yahoo | BlinkList

This entry was posted on Friday, September 26th, 2008 at 2:16 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or TrackBack URI from your own site.

Leave a reply

Name (*)
Mail (*)
URI
Comment