TechSpot

Removed virus/malware, no task manager

By 4d4m
Nov 11, 2009
  1. Greetings and thanks for the help in advance.
    Had a virus of some sort that I quickly rid myself of, believe it got in somewhere between me switching over anti virus programs and multitasking. (just a guess) I noticed I had the virus when the task manager was not opening. Removed infection and task manager still was not opening.
    I have researched all day/week here and tried several different things to bring it back. The best I got was having it flash quickly then disappear (in the bottom tray). I have installed process explorer but I am not exactly sure what I am supposed to be looking for there. I have a clean computer, I just think something got deleted changed somewhere and I cannot get it back. Followed the 8 steps, logs are attached, hoping someone will get me my task manager back. Thanks guys.
    Adam
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    done

    I right clicked the link and saved it as you instructed.(was I supposed to do something else with it, cut and paste somewhere perhaps?)
    I opened the cheddar and enabled everything, the change background display one wouldnt let me enable, but wouldnt let me disable either
    I did all the things in the post about task manager in this forum you linked me to, still no task manager.
    All the systemroot files are where they should be, variables intact
    Environment variable system root is in tact
    I found taskmanager.exe via search as instructed, double clicked, still nothing.
    There is no task manager in right click on my computer
    There is no task manager in system policies to disable (change or delete key) so I tried...
    "If for some reason that doesn't work, I found one case where just typing this into the Run box does the trick, here is the command:
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
    It basically does the same thing of changing it manually in the registry. But just in case.."

    Still nothing. Also checked the Process Explorer program to make sure the option was selected to restore task manager, not replace

    So I guess I need to get task manager back in system polices? I am not a computer guy, I have just been following instruction up to now.

    Thanks
     
  4. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    edit

    I created a disabletaskmgr where it was missing and set the value to 0
    I went into group polices and made sure it was on disable as well
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Startup HijackThis again (Scan Only)
    Locate:
    Place a check (tick) in the box, and then select Fix
    Close HJT

    Download and run AVG Remover: http://www.avg.com/filedir/util/support/avgremover_en.exe
    Your computer may be required to restart

    Download Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Disable protection on Kaspersky Internet Security (or allow any changes that Combofix makes)
    Run Combofix (there are some user inputs along the way - it takes about 10mins to scan)
    Then Restart

    TaskManager should now work, but you are not finished in cleaning your system


    Go to Add/Remove Programs and locate the following (if exist) and uninstall them:
    RoxLiveShare9 P2P
    SUPERAntiSpyware
    WinDefense32

    Then Restart

    Start > Run > Combofix /Uninstall > ok
    Combofix will look like its going to scan again, it won't
    The command will uninstall it

    Startup Malwarebytes again
    Update it
    Run a quick scan
    Remove any found entries

    Download and run TFC by OldTimer
    You may be required to Restart

    Startup CCleaner
    Select the Registry button
    Run a scan
    Fix all issues (no backup required)
    Run this registry scan (and fix) until all registry issues are uncovered and fixed

    Restart
    And provide a fresh HJT scan and log file, as an attachment
     
  6. kritius

    kritius TS Guru Posts: 2,084

    ComboFix uninstall command has changed for the newer versions, please use the updated one
     
  7. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    done

    All instructions are complete with some issues
    -when removing superantimalware or whatever it was called it said it could not completely remove something because I did not have access or permission. That was after it asked if I wanted to delete logs and something else. I selected ignore.
    -I still cannot open taskmgr
    hijackthis log attached.
     
  8. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    edit

    forgot to restart before my log. attached is new log
     
  9. kritius

    kritius TS Guru Posts: 2,084

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  10. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    combofix complete

    Reinstalled combofix ran the scan as requested, log attached
     
  11. kritius

    kritius TS Guru Posts: 2,084

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  12. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    Done

    Combo fix updated and created new restore point. Before the scan was run, a file PEV had a problem and had to close.
    Also, when I activated Kaspersky to come online here, combofix wanted to install some sort of driver, I was hesitant so I Quarantined for now.
    log attached.
     
  13. kritius

    kritius TS Guru Posts: 2,084

    DDS by sUBs
    Please download DDS by sUBs from HERE or HERE and save it to your Desktop.

    Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    • Double click on dds to run it.
    • When done, DDS.txt will open.
    • You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
    • When done, Attach.txt will open.
    • Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.
      Use seperate posts for this
     
  14. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    done

    Should I restore the comfofix cfxxe file I have Quarantined in kas?
    attached is the dds text
     
  15. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    and the attach text file

    attachment attach
     
  16. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    dds

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Administrator at 15:58:35.62 on 11/11/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.888 [GMT -5:00]

    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    mPolicies-explorer: StartMenuFavorites = 0 (0x0)
    mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
    mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
    mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
    mPolicies-explorer: Start_ShowRun = 1 (0x1)
    mPolicies-explorer: Start_ShowSearch = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoResolveTrack = 1 (0x1)
    dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Notify: igfxcui - igfxsrvc.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\k9r7rdqu.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\k9r7rdqu.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

    FF - user.js: browser.sessionstore.resume_from_crash - false
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    S3 AIDA32Driver;AIDA32Driver;c:\documents and settings\administrator\desktop\program setups\aida32pe_393\aida32.sys [2009-4-19 3584]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-11 03:01:04 3532 ----a-w- C:\drmHeader.bin
    2009-10-03 00:39:44 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-09-14 19:42:46 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
    2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
    2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
    2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
    2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL

    ============= FINISH: 15:59:34.17 ===============
     
  17. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/04/2009 7:08:26 PM
    System Uptime: 11/11/2009 2:40:31 PM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P4P800-VM
    Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | CPU 1 | 2593/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 53.006 GiB free.
    D: is FIXED (NTFS) - 75 GiB total, 70.664 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    H: is FIXED (NTFS) - 932 GiB total, 715.178 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Ethernet Controller
    Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_80F81043&REV_02\4&2E98101C&0&40F0
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_80F81043&REV_02\4&2E98101C&0&40F0
    Service:

    ==== System Restore Points ===================

    RP1: 11/11/2009 11:50:07 AM - System Checkpoint

    ==== Installed Programs ======================

    AAC Decoder
    abgx360 v1.0.1
    Acrobat.com
    Activision(R)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Reader 9.1.2
    Adobe Shockwave Player 11.5
    Apple Software Update
    ArcSoft Camera Suite 1.3
    AutoUpdate
    Black's Digital Solution Studio
    BlackBerry Desktop Software 4.3
    Camera Support Core Library
    Camera Window
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon PIXMA iP4000
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PrintToolBox
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    CCleaner
    CDDRV_Installer
    Chinese Traditional Fonts Support For Adobe Reader 9
    CloneCD
    ConvertXtoDVD 3.3.0.96
    Data Lifeguard Diagnostic for Windows
    DiscJuggler
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Drum Controller Standard Tuning Kit
    DVDFab Ghosthunter release 5.2.3.2
    Easy-WebPrint
    FRED (FirstClass 9) Client
    Google Gmail Notifier
    H.264 Decoder
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Intel(R) Extreme Graphics 2 Driver
    Java(TM) 6 Update 17
    Kaspersky Internet Security 2010
    KhalInstallWrapper
    Logitech Registration
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MKV Splitter
    MovieEdit Task
    Moyea FLV Player version 1.6.2.2
    MozBackup 1.4.9
    Mozilla Firefox (3.5.5)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    Nero 7 Lite 7.9.6.0
    OpenOffice.org 3.1
    Pamela Pro 3.5
    PhotoStitch
    PokerStars
    Prio v1.9.7
    QuickTime
    RAW Image Task 1.1
    RealPlayer
    RemoteCapture Task 1.0.3
    Roxio Media Manager
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Segoe UI
    Skype™ 4.0
    SoulSeek 157 NS 13e
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Ulead COOL 360 1.0
    Ulead Photo Explorer 8.0 SE Basic
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976749)
    USB PC Camera (SN9C103)
    VC80CRTRedist - 8.0.50727.4053
    VideoLAN VLC media player 0.8.6c
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Winamp
    Winamp Remote
    Winamp Toolbar
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinPcap 4.0.2
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    11/11/2009 2:26:06 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
    11/11/2009 2:26:06 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    11/11/2009 2:24:08 PM, error: Service Control Manager [7034] - The Windows Resident Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
    11/11/2009 11:47:43 AM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
    11/11/2009 11:47:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/11/2009 10:23:46 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    11/11/2009 10:23:15 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/11/2009 10:22:17 AM, error: Service Control Manager [7034] - The Windows Resident Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
    05/11/2009 6:13:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
    05/11/2009 6:13:36 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  18. kritius

    kritius TS Guru Posts: 2,084

    Yes restore it.

    http://www.avg.com/us-en/download-tools

    Here is a link to the AVG removal tool, you have quite a few remnants on there.

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
  19. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    done

    restored driver from quarantine, double clicked it to open it and allowed it to run through kas.
    ran avgremover a few times, just to be sure. (it kept telling me this will remove avg...in prompt so got a tad confused by the statement.
    reinstalled malware, updated ran quick scan, was done within minutes win nothing found.(?)

    Malwarebytes' Anti-Malware 1.41
    Database version: 3155
    Windows 5.1.2600 Service Pack 3

    12/11/2009 11:04:19 AM
    mbam-log-2009-11-12 (11-04-19).txt

    Scan type: Quick Scan
    Objects scanned: 100700
    Time elapsed: 4 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  20. kritius

    kritius TS Guru Posts: 2,084

    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take quite a long time to download.
    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • [*]Spyware, adware, dialers, and other riskware
        [*]Archives
        [*]E-mail databases
    • Click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View report... at the bottom.
    • Click the Save report... button.
    • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
     
  21. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    error

    Wont let me online scan, i have kaspersky installed on my computer now. i turned it off and it still wont run an online scan.
    here is the error

    The program could not be started.The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



    [ERROR: java.lang.RuntimeException: Kaspersky Online Scanner 7.0 cannot be started because this computer has Kaspersky Internet Security 8.0 (9.0) installed.
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Can you just try this to get Task Manager back (You hadn't completed the regfile before)

    Start > Run > Reg Delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager" /F

    Then right click on your Taskbar and select Task Manager
    Is Task Manager working?
     
  23. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    look what I found

    Task manager is already up and working without editing registry
     
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Oh
    You never stated that this is working now.
    That's good news :)
     
  25. 4d4m

    4d4m TS Rookie Topic Starter Posts: 21

    To sum it up....

    I must have forgotten to check if it was working after the last combofix. So now that it is working, I am good to go, squeaky clean?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...