TechSpot

Task Manager

By kpbradley
Apr 17, 2008
  1. I am running Windows Xp SP2 and I was online a bit ago and I think I caught something bad online because I lost my task manager it now says "Task manager has been disabled by your administrator" I have never disabled it and I am the only user on this pc there is no other acct.
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Let's have another look

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.


    This wont remove infection but should get your task manager back

    Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

    • Double-click FixPolicies.exe
    • Click the Install button on the bottom toolbar of the box that will open.
    • The program will create a new Folder called FixPolicies
    • Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
    • A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
     
  3. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    HiJack this

    Log file attached
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Restart your computer

    Launch Spybot S&D

    Click on the Recovery Icon

    Select anything there and Purge at the top - red X

    Then run a new scan with Hijackthis and attach here,

    1) your infection is back
    2) I thought you removed Norton
     
  5. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    New log file

    No I never got rid of Norton but the problem I had before was gone.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  7. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    The link above does not download it. The box comes up to save the file so I click save file and it just goes away?
     
  8. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    I got it in ie srry
     
  9. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    After

    I attached a log of HJT after combofix
     
  10. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    Combofix log

    Srry I didint read Combofix log attached
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    can you also attach C:\combofix.txt
     
  12. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    it is above named log.txt. I havent done anything since the last post and now my pc is going crazy it keeps opeing blank ie pages (my default browser is firefox) and some icons just appearde on my desktop named error cleaner, privacy protector and Spyware&Malware Protection, What the?
     
  13. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    And Now I have a window that keeps poping up sayingWindows has detected a Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection. I just keep closing it.
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply with a fresh Hijackthis log
     
  15. kpbradley

    kpbradley TS Enthusiast Topic Starter Posts: 114

    Both

    Here they r
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.
    Code:
    [b]REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad][/b]
    Close Notepad.



    You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run Hijackthis and Select Do A System Scan Only
    Put a check mark next to the following entries:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O21 - SSODL: DrvChk - {79434c55-a887-4ed1-91c4-b203c689f6d5} - C:\WINDOWS\Resources\DrvChk.dll (file missing)
    O21 - SSODL: omlbpkaw - {9B9A3222-80AD-41F9-B758-F1DB740914D3} - C:\WINDOWS\omlbpkaw.dll (file missing)
    O21 - SSODL: pmsoarbf - {F7E11537-24B8-4CAF-9B0D-8111233F5365} - C:\WINDOWS\pmsoarbf.dll (file missing)


    Select Fix Checked

    Close Hijackthis

    Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

    Restart your computer into normal mode

    Run a new scan with Hijackthis and attach the log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...