I am running Windows Xp SP2 and I was online a bit ago and I think I caught something bad online because I lost my task manager it now says "Task manager has been disabled by your administrator" I have never disabled it and I am the only user on this pc there is no other acct.

Let's have another look

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

This wont remove infection but should get your task manager back

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

HiJack this

Log file attached

Restart your computer

Launch Spybot S&D

Click on the Recovery Icon

Select anything there and Purge at the top - red X

Then run a new scan with Hijackthis and attach here,

1) your infection is back
2) I thought you removed Norton

New log file

No I never got rid of Norton but the problem I had before was gone.

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

The link above does not download it. The box comes up to save the file so I click save file and it just goes away?

I got it in ie srry

After

I attached a log of HJT after combofix

Combofix log

Srry I didint read Combofix log attached

can you also attach C:\combofix.txt

it is above named log.txt. I havent done anything since the last post and now my pc is going crazy it keeps opeing blank ie pages (my default browser is firefox) and some icons just appearde on my desktop named error cleaner, privacy protector and Spyware&Malware Protection, What the?

And Now I have a window that keeps poping up sayingWindows has detected a Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection. I just keep closing it.

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply with a fresh Hijackthis log

Both

Here they r

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Code:

[b]REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad][/b]

Close Notepad.



You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O21 - SSODL: DrvChk - {79434c55-a887-4ed1-91c4-b203c689f6d5} - C:\WINDOWS\Resources\DrvChk.dll (file missing)
O21 - SSODL: omlbpkaw - {9B9A3222-80AD-41F9-B758-F1DB740914D3} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {F7E11537-24B8-4CAF-9B0D-8111233F5365} - C:\WINDOWS\pmsoarbf.dll (file missing)

Select Fix Checked

Close Hijackthis

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Restart your computer into normal mode

Run a new scan with Hijackthis and attach the log