Guys I need some help this is nasty.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Problems like this can be caused by many things! Some malware and some not. We need to get more information. A HijackThis log alone is not adequate. However as a start attach a HJT log. Please try to make sure it is installed and renamed as requested in step 7 of the READ ME otherwise, the infection that may be at the root of your problem will not completely show.

What happens if you boot into Safe Mode?
What happens if you use a different user account in normal boot mode?


Note that even without a Start button, you can run many things from Task Manager. Just click File, New Task (Run...) and enter what what you want to run. Try these:
explore.exe <--- this is Windows Explorer and may even bring up your Desktop if it runs
iexplore.exe <-- Internete Explorer
regedit.exe <-- the Windows Regitry Editor. I just want to see if it works.
cmd.exe <--- the Windows command prompt. I just want to see if it works.


Also can you download onto another PC and burn to CD, floppy, or flashdrive. If so, then do the below which are from the READ ME and then get them copied over to the problem PC from either a windows command prompt or from Windows Explore if you get it to run.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended.

• Using GetRunKey
• Using ShowNew

• Locate the getrunkey.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) DO NOT attach any other file. The log is named runkeys.txt. We do not need any of the other 20 or so temp files that are created. They will all be deleted when you terminate GetRunKey by closing the notepad window. This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment when you come back to post your results.
• Please make sure you close the popup notepad window with the runkeys.txt log in it before running ShowNew in the below step.
• Locate the shownew.bat file and double click on it to run it. It will create a file named newfiles.txt in the root of drive C: (C:\newfiles.txt) . This log will also popup in a notepad window which your can just close. Upload the newfiles.txt file here as an attachment when you come back to post your results.

 

While I see a couple of things to fix, I do not expect that they would be the cause of all the problems you have describe. Let's fix them and see what happens, but I would expect no major change.

First a question! When you run explorer.exe manually, does your Desktop (icons, start button...etc) return.

Now see if you can uninstall this: Need2Find Bar

Even if uninstall does not work, continue with the below.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O18 - Filter: text/html - (no CLSID) - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Need2Find <--- the whole folder:
C:\WINDOWS\IECodecPlg.dll

Now run Ccleaner

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

 

You're welcome! After the reinstall, you should work your way thru the below to help keep you secure:

How to Protect yourself from malware!