We help IT Professionals succeed at work.

My task manager and registry got disabled!

1,198 Views
Last Modified: 2013-12-03
It all started from my thumb drive. I have no idea how my thumb drive got infected by something, which I believe is a virus. All the folders in my thumb drive become .exe files and when I accidentally run one of these folders(which is actually .exe file), it got into my computer and screwed up everything.

This virus disabled not only my task manager and also my registry. When I run them, it says that it has been disabled by my administrator when I am the administrator myself! Also, the virus disabled my right click as well. Now, I cannot do any right clicks on my mouse and it is very very difficult for me to do many things. Apart from these, it also added a file called systemID shortcut into the startup folder of my program files menu. I tried to go to the properties of the shortcut to see where the main file is at. But whenever I click on the shortcut details tab, it says that my computer do not have enough memory. But since I know this is going to be something which will start everytime I run the computer, I deleted the shortcut away. It didn't add back after that though. I don't really know what else has the virus done but these are all that I have found this far.

I don't know what virus is this and I have no idea what the hell it has done to my computer. I have Norton but my subscription has ended and my updates are pretty old. I did a scan but it says my computer has no infected files. I couldn't do a system restore either because I didn't turn it on before this happened. I tried to run msconfig to unload certain startups but unfortunately, it says that access is denied because of some administrative rights, which should not appear because first, I am the administrator and second, I have done this before and it works fine. So I have tried all I can but luck is not with me.

I was kind of frustrated and downloaded a programme which allows me to access the registry keys using their programme. So since I thought I have access to the registry already, I changed the values or the disabletaskmanager and registry, hoping that I can turn on those, but I realised something weird. I am supposed to change the values of the keys to 0. The new value is reflected at the side of the key, which shows like 0x00000(0). But when I double click on the key again, the value in the field for me to change the value is 2, instead of 0. It happens even after I try a few more times. This is weird because it suppose to show the present value, isn't it?

And my thumb drive, all my folders have become .exe files. Their icons are the usual Windows folder image but is obviously fake because it has some jagged black borders around them which shows the transparency of the icons are not done properly. Are these folders going to remain this way and all the files that were used to be in them be all gone?

This is driving me crazy and I have no idea how I could solve this. I really hope someone else who knows the symptoms can help me.

Thanks a lot!
Comment
Watch Question

CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Mohammed HamadaSenior IT Consultant
CERTIFIED EXPERT

Commented:
I have not read your question, coz when im blind i can say that this is a trojan, spyware that has done these restrictions to your system/account.

Use the following Programs:-

1- hijackthis   ->> scan and remove all the nasty entries.
2- cwshredder >> download and scan your pc.
3- Adaware Professional or Personal >> download and scan.
4- ewido latest version " AVG Anti spyware" --> download and scan.
5- spybotsd14 spybot search and destroy..

Download your antivirus's latest updates and scan.

After you do all these scan, restart your computer and check if hijackthis will report any bad entries, fix and do the same thing with all the previous programs and make sure the system will be healthy again.
CERTIFIED EXPERT
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
after much checking and searching the net, i realise that it is a virus called Trojan.Win32.Disabler.i that has infected my computer.
there are two files in it, systemID.pif and another Flashy.exe
I have deleted both of them but all my task manager, regedit and others are still disabled. i just realised that my folder options in the menu is also gone. and my settings for the folder options are changed to what the virus needed to protect itself and i couldn't change back at all.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Deleting the files doesn't undo the registry entries made by the virus.
Any chance of looking at your hijackthis logfile?
CERTIFIED EXPERT
Top Expert 2007

Commented:
That's why it's a much better solution to use a tool because it handles not only the bad files but it also revert the registry entries back to their default values.

Looks like you have other nasties there, the  trojan you're talking about only removes "folder options" but your regedit and task manager are disabled as well that's why I thought of the Alcan worm because those are common symptoms of Alcan.
CERTIFIED EXPERT

Commented:
that virus will cause task manager and the taskbar as well as other programs to close when you mouse over them.  For complete removal steps see here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-102817-0918-99&tabid=3
Hope this helps, if not holler.
Jappo

Author

Commented:
here is a log of the hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:51:26 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\F-Secure\Common\FSM32.EXE
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\Macromedia\Flash Media Server 2\FMSEdge.exe
E:\Program Files\Macromedia\Flash Media Server 2\FMSCore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
E:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
E:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\Program Files\F-Secure\Anti-Virus\fsqh.exe
E:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\F-Secure\FSAUA\program\fsaua.exe
E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\Program Files\F-Secure\FSGUI\fsguidll.exe
E:\Program Files\F-Secure\FSGUI\fsavgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
F1 - win.ini: run=Bpcpost.EXE
O1 - Hosts: 67.15.120.40 www.somethingleet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PopupBlocker.Handler - {96F511A3-F99D-44F0-A5DE-7AB7452CB92E} - C:\Program Files\Edanmo's VB Page\Shell Extensions\DLLs\popblck.dll
O2 - BHO: RdrHeckMulti - {A1CCFC84-1487-A05E-AA86-B6CEC1A66AB7} - C:\PROGRA~1\SECOND~1\timetest.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &VB Knowledge Base Search - {BD905548-E9DA-4A37-98E7-3A67495DF69C} - C:\Program Files\Edanmo's VB Page\Shell Extensions\Explorer Bands\compatible\shlbands.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {B4231530-8B01-CB4F-33D4-15D154198ED1} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/features/dictionary/quickDictionary.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Sothink SWF Decompiler - d:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120125733296
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - E:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Flash Media Server (FMS) (FMS) - Macromedia, Inc. - E:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe
O23 - Service: Flash Media Administration Server (FMSAdmin) - Macromedia, Inc. - E:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\mysql\bin\mysqld-nt.exe

CERTIFIED EXPERT
Top Expert 2007

Commented:
You're right riteheer! I didn't look there, :) I got used to Alcan disabling those 3 utilities I mentioned, lol.

rogerfreak,
I guess if you already deleted the file then this is just registry leftovers you can fix:
O3 - Toolbar: (no name) - {B4231530-8B01-CB4F-33D4-15D154198ED1} - (no file)  
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)  
O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe


You can manually fix the disabled registry entries(for folder options, task manager and regedit), or run SDFix., who knows it might even find a bot in there, :)
It kills Bot variants and restores the HOSTS file to MS Default, removes DisableRegistryTools/TaskManager restrictions and Policy Run Keys if present.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
Please then reboot your computer in [b]Safe Mode[/b] by doing the following:
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.

[*] In Safe Mode, right click the SDFix.zip folder and choose "Extract All",
[*] Open the extracted folder and double click "RunThis.bat" to start the script.
[*] Type "Y" to begin the script.
[*] It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] Your system will take longer that normal to restart as the fixtool will be running and removing files.
[*] When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
[*] Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back
Mohammed HamadaSenior IT Consultant
CERTIFIED EXPERT

Commented:
Your hıjackthıs report
http://www.hijackthis.de/logfiles/494816b1e704bc8f2eea0c77911b2aad.html

please try checkıng the programs ı posted above...!

Author

Commented:
a a report from the SDFix is at http://www.geocities.com/rogerfreak/Report.txt

most of the things seem to be back again except one thing, which i find is quite amazing. all the things which i have found disabled so far are back again except the right click menu on my desktop and other places.

i have set the nocontextmenu in the registry back to 0 and it should work. i found it weird because it doesnt work still, i tried to plug in with my other mouse(which i use for my laptop) and to my surprise, the right click ability is fine on that mouse which i use for my laptop. i then plug off the mouse which cannot right click and plug it into my laptop to try. the right click still didn't work even when plugged into the laptop! i began to wonder if the right button on the mouse is faulty now. i couldn't believe a trojan that just adjusts my registry and spoil my mouse? or there is something which the trojan has done to the mouse as well?
Mohammed HamadaSenior IT Consultant
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
i have tried all of those but the mouse, just that particular mouse is not working. it was working fine before the computer was infected by the virus.
Mohammed HamadaSenior IT Consultant
CERTIFIED EXPERT

Commented:
can you scan by hijackthis and post it once again please?
CERTIFIED EXPERT
Top Expert 2007

Commented:
Some trojans can definitely messed up your mouse functions, they can even reverse the left and right functions so the right click does what the left click did and the left click takes on the functions that the right click used to have. They can also make your CDROM/DVD drive opens and close etc.
But if you're sure now that your pc is clean, somehow the damage done to your mouse' rightclick function is irrepairable, it happens sometimes unfortunately.
Or maybe it was also a coincidence that the mouse rightclick button is on its way out, this is the third mouse I'm using now on same pc.
You might just have to buy a new mouse.

Author

Commented:
looks like it's really time to change my mouse then..
thanks a lot people for helping me! :)
CERTIFIED EXPERT

Commented:
Glad to help roger.... Thanks and holler if you need anything....
Jappo
CERTIFIED EXPERT
Top Expert 2007

Commented:
No problem, glad to know you had it sorted out.
Sorry you have to buy a new mouse,
I don't have much luck with mice lol (I had 2 microsoft's optical mouse) the one I'm using now is Belkin's optical and it's been nearly a year and been great so far.

Thanks for the points!
~rpg
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.