i got a virus!!!!!!!!!!....... task manager has been disabled, folder option gone from explorer, pc restarts when i try to use system restore

plz help me

microtrends online virus scanner is a good online scanner to use.
It will let you delete infected files also.

Gunblade...please refrain from answering malware related questions.

csckid...follow the procedure from this thread...http://www.pcguide.com/vb/showthread.php?t=60009

I cant go to any antivirus websites nor update any antivirus software, I have formated c drive still virus is present.. my pen drive has autorun.inf and recycler virus.... and also show all files and folder does not work

plz help

On a known clean machine download and burn to CD the following tools...

HijackThis

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.

Copy MBAM and ComboFix to your desktop...


When you have them burned to CD post back...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:30 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\Nowshad\Desktop\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B00635-6B1A-40CE-8236-5FA7AA2C898D}: NameServer = 10.0.0.1 202.148.61.4
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 2629 bytes

ComboFix 09-02-21.01 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.470 [GMT 6:00]
Running from: ..\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))
.

2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\documents and settings\Nowshad\Application Data\Malwarebytes
2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 16:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 16:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 16:15 . 2009-02-23 16:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-23 16:11 . 2009-02-23 16:15 215,072 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-23 16:11 . 2009-02-23 16:15 7,456 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-23 16:11 . 2009-02-23 16:15 5,660 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-23 16:11 . 2009-02-23 16:15 1,772 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-23 16:09 . 2009-02-23 16:09 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-23 16:09 . 2009-02-23 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-23 15:01 . 2009-02-23 15:01 <DIR> d-------- c:\program files\ESET
2009-02-23 15:01 . 2009-02-23 15:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-23 00:27 . 2009-02-23 16:14 <DIR> d-------- c:\program files\AVG
2009-02-22 22:45 . 2009-02-23 16:10 <DIR> d-------- c:\program files\AntiKopa
2009-02-22 21:47 . 2009-02-23 16:13 <DIR> d-------- C:\HJT
2009-02-22 21:10 . 2009-02-22 21:10 <DIR> d-------- C:\KAV
2009-02-22 01:07 . 2001-08-17 19:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-02-22 01:06 . 2004-08-04 04:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-22 01:06 . 2004-08-04 04:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2009-02-22 01:05 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2009-02-22 01:05 . 2004-08-04 00:56 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll
2009-02-22 01:03 . 2009-02-21 19:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-02-22 01:02 . 2009-02-23 17:17 <DIR> d-------- c:\windows\system32\CatRoot2
2009-02-22 01:02 . 2009-02-22 01:02 <DIR> d-------- c:\windows\system32\CatRoot
2009-02-22 01:02 . 2004-08-04 03:03 1,042,903 -ra------ c:\windows\SET3.tmp
2009-02-22 01:01 . 2009-02-21 19:20 261 --a------ c:\windows\system32\$winnt$.inf
2009-02-21 20:43 . 2009-02-21 20:43 <DIR> d-------- c:\program files\Xinox Software
2009-02-21 20:31 . 2009-02-21 20:31 <DIR> d-------- c:\documents and settings\Nowshad\Application Data\Talkback
2009-02-21 20:17 . 2009-02-21 20:17 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-21 20:08 . 2009-02-21 20:08 <DIR> d-------- c:\program files\Common Files\xing shared


.
(((((((((((((((( Find3M Report )))))))))))))))
.
2009-02-21 14:08 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-21 14:08 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-21 14:06 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 14:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 13:47 --------- d-----w c:\program files\Intel
2004-08-03 19:56 160,132 --sha-r c:\windows\system32\ruvtqvg.dll
.

((((((( Reg Loading Points )))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-02-21 77824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2006-10-06 10:13 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2006-10-06 10:11 98304 c:\windows\system32\igfxtray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2006-10-06 10:10 94208 c:\windows\system32\igfxpers.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"RichVideo"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5343:TCP"= 5343:TCP:xzikjpyc

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2009-02-23 38496]
S2 rvvavosj;Installer Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvvavosj
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe


.
------- Supplementary Scan -------
.
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: {64B00635-6B1A-40CE-8236-5FA7AA2C898D} = 10.0.0.1 202.148.61.4
FF - ProfilePath - c:\documents and settings\Nowshad\Application Data\Mozilla\Firefox\Profiles\kzqucia5.default\
FF - prefs.js: browser.startup.homepage - [url]www.google.com[/url]
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfase rvices.dll


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-02-23 17:19:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\r vvavosj]
"ServiceDll"="c:\windows\system32\ruvtqvg.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\C]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\D]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\E]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\F]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{39110037-0020-11de-ac6c-0018370288db}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f, df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f ,5f,cf,5f,5f,5f,5f,5f,cf,\

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{84606a10-0048-11de-85f3-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee, ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff ,ff,ff,ff,ff,ff,ff,ff,ff,\

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{84606a11-0048-11de-85f3-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{84606a12-0048-11de-85f3-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"

[HKEY_USERS\S-1-5-21-1960408961-1604221776-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{84606a13-0048-11de-85f3-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
.
Completion time: 2009-02-23 17:20:57
ComboFix-quarantined-files.txt 2009-02-23 11:20:54

Pre-Run: 10,106,032,128 bytes free
Post-Run: 10,117,509,120 bytes free

192

Give me the MBAM log, too.