I am running Windows Xp SP2 and I was online a bit ago and I think I caught something bad online because I lost my task manager it now says "Task manager has been disabled by your administrator" I have never disabled it and I am the only user on this pc there is no other acct.
Task Manager
- Thread starter kpbradley
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
Let's have another look
Highjackthis Instructions
This wont remove infection but should get your task manager back
Download to your Desktop this self-extracting ZIP archive FixPolicies.exe
• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
Highjackthis Instructions
- Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
- Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
- After installing, the program launches automatically, select Scan now and save a log
- After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
This wont remove infection but should get your task manager back
Download to your Desktop this self-extracting ZIP archive FixPolicies.exe
• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
Blind Dragon
Posts: 3,774 +4
Restart your computer
Launch Spybot S&D
Click on the Recovery Icon
Select anything there and Purge at the top - red X
Then run a new scan with Hijackthis and attach here,
1) your infection is back
2) I thought you removed Norton
Launch Spybot S&D
Click on the Recovery Icon
Select anything there and Purge at the top - red X
Then run a new scan with Hijackthis and attach here,
1) your infection is back
2) I thought you removed Norton
Blind Dragon
Posts: 3,774 +4
Combofix
Combofix will automatically save the log file to C:\combofix.txt
- Download Combofix to your desktop.
- Double click combofix.exe & follow the prompts.
- A window will open with a warning.
- When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Combofix will automatically save the log file to C:\combofix.txt
Blind Dragon
Posts: 3,774 +4
can you also attach C:\combofix.txt
it is above named log.txt. I havent done anything since the last post and now my pc is going crazy it keeps opeing blank ie pages (my default browser is firefox) and some icons just appearde on my desktop named error cleaner, privacy protector and Spyware&Malware Protection, What the?
And Now I have a window that keeps poping up sayingWindows has detected a Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection. I just keep closing it.
Blind Dragon
Posts: 3,774 +4
CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply with a fresh Hijackthis log
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply with a fresh Hijackthis log
Blind Dragon
Posts: 3,774 +4
Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.
Close Notepad.
You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into Safe Mode
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O21 - SSODL: DrvChk - {79434c55-a887-4ed1-91c4-b203c689f6d5} - C:\WINDOWS\Resources\DrvChk.dll (file missing)
O21 - SSODL: omlbpkaw - {9B9A3222-80AD-41F9-B758-F1DB740914D3} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {F7E11537-24B8-4CAF-9B0D-8111233F5365} - C:\WINDOWS\pmsoarbf.dll (file missing)
Select Fix Checked
Close Hijackthis
Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
Code:
[b]REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad][/b]Close Notepad.
You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O21 - SSODL: DrvChk - {79434c55-a887-4ed1-91c4-b203c689f6d5} - C:\WINDOWS\Resources\DrvChk.dll (file missing)
O21 - SSODL: omlbpkaw - {9B9A3222-80AD-41F9-B758-F1DB740914D3} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {F7E11537-24B8-4CAF-9B0D-8111233F5365} - C:\WINDOWS\pmsoarbf.dll (file missing)
Select Fix Checked
Close Hijackthis
Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
- Status
Similar threads
Latest posts
-
How to play PS1 Doom on PC (and why you might want to)- Thrackerzod replied
