Too much for me to handle

[feable]

I'm going to be perfectly upfront from the start. I would love to post the hijack this log, but i cant install the program.

I recently found that my PC was a victim of a virus (probably many) causing too many problems to handle. Here is the problem

At first i figured i would try and fight it, went to download hijack this and malwarebytes (this pc is relatively new so i didnt have them yet) and found out when i ran the exe files nothing happens.

Attempted to remove the virus (without success) and found that my registry has been disabled (although i can enable it), but more importantly. That my system restore option is disabled by group policies.

I know how to change such information in both the registry and using group policies, but when attempting to change in the registry i found that DisableConfig isnt there.

At this point i decided to just reformat, too bad my disks are MIA.

Suggestions?

[feable]

UPDATE:

i also found out that the "Manage" tab for my computer is gone, however i did find an old hard drive with at least ad aware installed, i managed to add the second hard drive, update ad aware and start a scan. awaiting results

[feable]

Update 2

After running AD-Aware, my problem remains the same, well actually worse.

In addition to the previous problems i now can open IE or FF. The original shortcuts cant be found and when navigating to the orrignal to open either it auto closes and my virus tells me they are threats. I am still able to browse by opening other dirrectories (like my computer) and then comming here to post.

I also managed to install the latest MBAM, but to no avail. Just like IE and FF it says that they are infected and auto closes.

I plan to get a flash drive from a co-worker tomorrow, maybe i can run MBAM off the flash without running into problems, we will see.

In the meantime, are there any other programs i can download or run that will provide simular results to hijackthis so that i can actually attatch a log?

Just as an FYI the most apparent virus is the Security Essencials 2010.

[feable]

Update 2

After running AD-Aware, my problem remains the same, well actually worse.

In addition to the previous problems i now can open IE or FF. The original shortcuts cant be found and when navigating to the orrignal to open either it auto closes and my virus tells me they are threats. I am still able to browse by opening other dirrectories (like my computer) and then comming here to post.

I also managed to install the latest MBAM, but to no avail. Just like IE and FF it says that they are infected and auto closes.

I plan to get a flash drive from a co-worker tomorrow, maybe i can run MBAM off the flash without running into problems, we will see.

In the meantime, are there any other programs i can download or run that will provide simular results to hijackthis so that i can actually attatch a log?

Just as an FYI the most apparent virus is the Security Essencials 2010.

Can't*** open IE or FF

[feable]

i wanted to say that after some research i managed to get mbam installed and im well on my way to solving this.

i managed to get alot of help from your self help guides, and wanted to let you know that _VOID is another rootkit.

i plan to post some logs when i think im done. maybe you guys will find the info useful.

ps; i know i already posted several times, and probably went againt 5 or 6 forum rules.

if it wasnt for the fact that im using the onscreen keyboard to browse, i probably would have read not to do that before i posted. sorry

[feable]

Here are my Logs,(in order) to show what was removed

Malwarebytes' Anti-Malware 1.44

Database version: 3769

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/21/2010 6:10:16 AM

mbam-log-2010-02-21 (06-10-16).txt

Scan type: Full Scan (C:\|)

Objects scanned: 75150

Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\admin\Desktop\Frozen Throne\1.21nocd\worldedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Desktop\Games\Frozen Throne\1.21nocd\worldedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temp\exawmsnroc.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temp\qkkixtrp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\MRNXU70S\arzuoz[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\MRNXU70S\txfdyselte[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\R5GLBUKF\exe[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\S8Y1N1DW\hyxrmxs[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\S8Y1N1DW\dfghfghgfj[1].dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SWMNBPTG\vzgomuf[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SWMNBPTG\mqlselg[1].htm (Rootkit.TDSS) -> Quarantined and deleted successfully.

2nd log

Malwarebytes' Anti-Malware 1.44

Database version: 3769

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

2/21/2010 3:40:35 PM

mbam-log-2010-02-21 (15-40-35).txt

Scan type: Full Scan (C:\|)

Objects scanned: 188218

Time elapsed: 41 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Start Menu\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\admin\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

3rd

Malwarebytes' Anti-Malware 1.44

Database version: 3769

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/21/2010 10:56:18 PM

mbam-log-2010-02-21 (22-56-18).txt

Scan type: Quick Scan

Objects scanned: 125092

Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\clbel.sys (Rootkit.Agent) -> Delete on reboot.

4th

Malwarebytes' Anti-Malware 1.44

Database version: 3769

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/21/2010 11:07:35 PM

mbam-log-2010-02-21 (23-07-35).txt

Scan type: Quick Scan

Objects scanned: 122215

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[feable]

I also downloaded Avira, however it keeps telling me i have a TR/Patched.gen virus various system32 files, including

scvhost.exe

explore.exe

lsass.exe

winlogon.exe

Could there still be viruses that MBAM didnt pickup, or are these mistakes on their guards part. Here is a hijack this log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:37:11 AM, on 2/23/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\ncsoft\launcher\NCLauncher.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe

C:\Program Files\Malwarebytes' Anti-Malware\xhfkdfsk.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 2823 bytes

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!