Solve : Restrictions on computer apeared out of nowhere? – InterviewSolution

InterviewSolution

1.	Solve : Restrictions on computer apeared out of nowhere?
Answer» HI there, I was surfing the Net last night, my explorer crashed so bad that I NEEDED to restart. The restart went fine but once I wanted to change my preference on my desktop ( right clip on desktop and clic on preference) There is a box msg that pop up restraining me from opening the preference page. The box title is: Restrictions A big X in a red circle is next to this description : This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator. Then there is the ok botton. ( Whenever I close it, it reapear once ) I noticed also that the control panel was gone from my start menu... I did all the steps asked prior to post and here the results of the scans... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/22/2008 at 02:39 PM Application Version : 4.15.1000 Core Rules Database Version : 3487 Trace Rules Database Version: 1478 Scan type : Complete Scan Total Scan Time : 00:29:39 Memory items scanned : 396 Memory threats detected : 0 Registry items scanned : 3888 Registry threats detected : 102 File items scanned : 32411 File threats detected : 20 Unclassified.Unknown Origin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} Trojan.Unknown Origin c:\z_Drivers C:\WINDOWS\..\z_Drivers Trojan.MSDirect HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000\Control HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#Type HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#Start HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Security HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\msdirect HKLM\SYSTEM\CurrentControlSet\Services\msdirect#Type HKLM\SYSTEM\CurrentControlSet\Services\msdirect#Start HKLM\SYSTEM\CurrentControlSet\Services\msdirect#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\msdirect#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\msdirect#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Security HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#INITSTARTFAILED Trojan.SystemDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DriverLoad HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DriverCheck HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#SystemDriverLoad HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost4 HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#DriverLoad HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#DriverLoad HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#DriverCheck HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#DriverCheck HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriverLoad HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriverLoad HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriver HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#FDriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#FDriver HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#ADriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#ADriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#ADriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#CDriver [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DDriver [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#FDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#SystemDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#alpha [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#beta [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#gamma [ c:\z_Drivers\svchost.exe ] Trojan.VideoCach/Gen HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32 HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5} HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32 HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version Trojan.Unclassified/MSCompare HKCR\MsCmp1.BhoApp HKCR\MsCmp1.BhoApp\CLSID HKCR\MsCmp1.BhoApp\CurVer HKCR\MsCmp1.BhoApp.1 HKCR\MsCmp1.BhoApp.1\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mscompare#EstimatedSize Adware.Tracking Cookie C:\Documents and Settings\LocalService\Cookies\[emailprotected]censored-private[1].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt C:\Documents and Settings\LocalService\Cookies\[emailprotected][1].txt Trojan.Unclassified/MSCompare-Installer C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP20\A0008739.EXE Trace.Known Threat Sources C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B7K51QHK\go[1].htm C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJ56YQU1\g_default[1].gif C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJ56YQU1\sunnyvidall.wmv[1].jpg C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\03FXJEB2\red_btn[1].gif C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\03FXJEB2\Blonde_chick_swallowing_dick_large[1].jpg C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJ56YQU1\terrisummersbgvid008.wmv[1].jpg Malwarebytes' Anti-Malware 1.18 Database version: 880 3:00:53 PM 22/06/2008 mbam-log-6-22-2008 (15-00-53).txt Scan type: Quick Scan Objects scanned: 39735 Time elapsed: 6 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\syscmd (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\syscmd\mscmp.inf (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\syscmd\uninstall.bat (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:13:38 PM, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\MESSENGER\MsnMsgr.Exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\LimeWire\LimeWire.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207390382000 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google UPDATER Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6431 bytes I'm going at sea for 5 days (work) on Monday, so if I'm not replying right away it means that I dont have access to this web site from work. If you could also send me the information on my work e-mail so I can try stuff when I'm sailling that would be great. heres my work email : email address removed due to security reasons1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no actual program will be removed): - F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe - O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 4. Click on Fix checked button. 5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - shell.exe file from C:\WINDOWS 8. Restart in Normal Mode. 9. Post new HijackThis log.I noticed in Safe mode that I had an administrator accound and I dont recall setting up one... I had the choise between Administrator and Xartaf ( the only one supesed to be there.) It doesnt appear on the normal start up and I cant see it since I dont have access to control panel... I tought it might be usefull to let you know. and by the way Thx for you time it is very nice for you to do this! Here is the new scan. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:20:20 PM, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207390382000 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5514 bytes Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. Still no access to Control Panel? I cant get to the propreties of My computer. The restriction is still there... Should I try to go on Save mode again and try to figure out the hole administrator account that only shows there? Try to make it available to the normal mode... to awser your question I still dont have access to control panel.Download, and run Remove Restrictions Tool: http://www.raymond.cc/blog/archives/2007/06/28/restore-task-manager-regedit-and-folder-options-disabled-by-virus/The last program that you got me to install did the job perfectly. Now I have full access back. Thank you so much for your help and your time! You're very welcome Happy computing!

Discussion

No Comment Found

Related InterviewSolutions