urgent help!! virus or what??

i m not able to install some programs on my clean installed win xp sp3 on my system
those programs include : all the antivirus's , they just wont run the setup including eset nod32 , avira and avast,

i m not able to access task manager by pressing alt+ ctrl+ del keys , it gives me the following ,message "" task manager has been disabled by your adminstrator "

googling for this led me to find a temp solution to this but it reappears when i reboot

secondly my audio hardware is not detected , i m not able to install the software setup file , same problem like antivirus- the program just doesn't run

thirdly, when i run media player classic latest version 5.44 its says RUNTIME ERROR

MICROSOFT VISUAL C++ RUNTIME LIBRARY
R6002- FLOATING POINT SUPPORT NOT LOADED

however the km player is playing videos without the audio

NOW THE PROBLEM IS THAT SYSTEM WAS JUST RUNNING FINE , DONT KNOW WAT SUUDENLY HAPPENED IT STARTED SHOWING ALL THE ABOVE SAID PROBLEMS ,
SO I DECIDED TO DO A CLEAN INSTALL AS MOSTLY THAT SOLVES THE PROBLEMS FOR ME

but not this time
even after clean install i m facing the same problem

my sytem is without an antivirus now , no audio

wat cud be the problem
is it HDD bad sector problem or what?

please help

thanks in advance!!

Mate most probably ur HDD is full of viruses. So i would recommend u to take it to ur friend whom pc is fully protected with a good antivirus and store ur data temporarily on his pc. Then completely format all ur partitions and perform a clean installation. After that take ur data back from ur friend's pc after installing antivirus in ur pc.

Hoping this'll help u.

but how come this happened
i always had the updated version of antivirus

and wat if it infects my frinds pc as well ,

Did u install the XP we were discussing that day? from unknown source?

no its the original one with sp2

Your system is very nicely infected, and looks like a combination of a few.

Run a SDAT from McAfee to verify:

McAfee, Inc. - Downloads - Virus Protection - DAT Files

And post back what you find.

Have you already done a check with HijackThis? Post the output of that too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:57 AM, on 11/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C8216F4-B708-42F5-AAA3-D66DBE4ACE78}: NameServer = 218.248.240.79 218.248.240.179
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 3179 bytes

I had faced similar problem many times, it was indeed a Virus.

Your all partitions are infected with Virus, even if you format primary partition, it will be still sitting there with other partitions with Autorun files which are hidden..

Do following

> Burn latest Norton Internet Security 2010 Trial on CD at friends computer..

> Clean install windows and don't click on any partition.

> Install Norton from CD..

> Run Full system scan

I have faced a similar problem where the virus doesnt let you run setups and specially disables the shields of antivirus softwares.

Solution: Download Dr. Web CureIt trial version. Its a standalone antivirus system which never gets detected by viruses. This should work well.

Do post the outcome if you follow my advice.

C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe

both the above things (as per your hijackthis report) are viruses/malware for sure !!!
registry editor has been disabled by the malware.
If the reg editor or the task manager is disabled, then its a sign of infection for sure...

Solution :

1st step:

run system restore and restore sytem to a date when your system was working fine
ensure your system is O.K now.
then switch off system restore on all drives (this will remove the system restore points so that if any virus/malware resident in these locations will be removed as well)
now switch system restore on.

IF this doesnt solve the issue then....

2nd step:


just get active boot disk or download it and burn to cd. boot system from disk. You will get graphical user interface like windows. Save all your data to a particular location in your HDD. Now wipe of the entire c drive by formatting it. remove any .inf files especially the autorun.inf file which exist in the root folder of other partitions. also remove the recycle bin, system volume info and other windows related directories from all the partitions.

Your system shud be in this state:-
C drive - fully formatted
other partiions - only folders which you require should exist and unwanted files/folders in the root directory to be removed
If your unable to delete certain windows related directories, then try to rename it
(all the above to be done from within active boot disk screen)

install winxp. See what happens and get back to me...

Mohit try downloading COMBOFIX and run it.

Dude its a malware so use any anti spyware software . For me k7 total security worked download it and scan your drive I had the same problem

nothing working!!

You can try installing vista or win 7.and then scan your system. It has user activation settings which will help you to enable or disable some unknown softwares from installing .then scanning would be easier or else try on the new setup.if the os does remain in hanging state after booting then it could be a case of dying hard disk.

scan results in progress




complete scan!!

D:\Dumps\Nero\nero6.3.03\NBR6303eng.exe - Win32/Sality.NAU virus

this is the virus shown by eset nod32 - Win32/Sality.NAU virus

Infected with Win32/Sality.NAO Virus

this is the same thing- very bad virus!!