Author Topic: [Resolved] Grey out "Task Manager" and "Regedit" and slow PC  (Read 5761 times)

0 Members and 1 Guest are viewing this topic.

Offline mike44

  • Bronze Member
  • Posts: 63
[Resolved] Grey out "Task Manager" and "Regedit" and slow PC
« on: January 16, 2012, 03:02:27 pm »
Hello experts
I have a nasty virus, I have just run Malewarebytes the log is below
The virus stops me accessing "Task Manager" and "Regedit" and several other functions
You guys have helped me in the past with my PC woes, so hope you can help me again
Thanks very much
Mike






Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

16/01/2012 20:49:35
mbam-log-2012-01-16 (20-56-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168399
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Michael\Local Settings\Temp\xrts.exe (Trojan.Downloader) -> No action taken.

(end)
« Last Edit: January 16, 2012, 03:16:23 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #1 on: January 16, 2012, 03:20:16 pm »
As you have been helped here, I am going to skip most of the preliminaries. My name is Hoov and I will be helping you with your problem. First I need you to run DDS using the instructions [NEW Instructions!] What Do I Do First? they have been updated recently so please read them and just post the logs back in this thread.

Also if you repaired what Malwarebytes' Anti-Malware found please post the log showing what was fixed. If it was unable to fix what it found, let me know.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #2 on: January 17, 2012, 11:39:50 am »
Thank you Hoov
Firstly, Malewarebytes couldn't remove the problem, I have re-run Malewarebytes and have attached the latest log.

I downloaded dds, ran it, and then deleted it has instructed, both logs are below
Thanks again for your help Hoov

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Michael at 15:57:38 on 2012-01-17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1023.744 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\Michael\LOCALS~1\Temp\winspyifq.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DSLAGENTEXE] c:\program files\bt voyager 205 adsl router\adsl\dslagent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt broadband\help\bin\matcli.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1326729870309
.
============= SERVICES / DRIVERS ===============
.
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\fnihmp.sys --> c:\windows\system32\drivers\fnihmp.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-16 209904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-15 2330944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-16 209904]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
.
=============== Created Last 30 ================
.
2012-01-16 20:04:03   --------   d-----w-   c:\documents and settings\michael\application data\Malwarebytes
2012-01-16 20:03:55   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-01-16 20:03:54   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-16 19:11:44   --------   d-----w-   c:\program files\BT Broadband Desktop Help
2012-01-16 19:02:00   --------   d-----w-   c:\documents and settings\michael\local settings\application data\Temp
2012-01-16 18:57:02   --------   d-----w-   c:\documents and settings\michael\local settings\application data\Google
2012-01-16 18:56:54   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-16 17:56:13   139656   -c----w-   c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 17:56:09   10496   -c----w-   c:\windows\system32\dllcache\ndistapi.sys
2012-01-16 17:55:36   105472   -c----w-   c:\windows\system32\dllcache\mup.sys
2012-01-16 17:53:24   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2012-01-16 17:53:08   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2012-01-16 17:52:44   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2012-01-16 17:52:43   978944   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2012-01-16 17:52:09   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2012-01-16 17:47:36   60416   ----a-w-   c:\windows\ALCFDRTM.VER
2012-01-16 17:47:36   60416   ----a-w-   c:\windows\ALCFDRTM.EXE
2012-01-16 17:47:34   --------   d-----w-   c:\windows\system32\Lang
2012-01-16 17:36:56   --------   d-----w-   c:\windows\system32\scripting
2012-01-16 17:36:56   --------   d-----w-   c:\windows\l2schemas
2012-01-16 17:36:55   --------   d-----w-   c:\windows\system32\en
2012-01-16 17:36:55   --------   d-----w-   c:\windows\system32\bits
2012-01-16 17:33:33   --------   d-----w-   c:\windows\network diagnostic
2012-01-16 17:19:59   12800   ------w-   c:\windows\system32\credssp.dll
2012-01-16 17:19:58   7168   ------w-   c:\windows\system32\bitsprx4.dll
2012-01-16 17:19:58   286720   -c----w-   c:\windows\system32\dllcache\blackbox.dll
2012-01-16 17:19:58   233472   ------w-   c:\windows\system32\azroles.dll
2012-01-16 17:19:58   159232   -c----w-   c:\windows\system32\dllcache\cewmdm.dll
2012-01-16 17:19:57   8192   -c----w-   c:\windows\system32\dllcache\asferror.dll
2012-01-16 17:19:56   136192   ------w-   c:\windows\system32\aaclient.dll
2012-01-16 17:08:05   --------   d-sh--w-   c:\documents and settings\michael\PrivacIE
2012-01-16 17:06:23   --------   d-sh--w-   c:\documents and settings\michael\IETldCache
2012-01-16 16:51:47   --------   d-----w-   c:\windows\ie8updates
2012-01-16 16:51:42   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2012-01-16 16:51:42   602112   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2012-01-16 16:51:42   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-16 16:51:42   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2012-01-16 16:51:42   2000384   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2012-01-16 16:51:42   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2012-01-16 16:51:42   11081728   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2012-01-16 16:50:21   --------   dc-h--w-   c:\windows\ie8
2012-01-16 16:38:46   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2012-01-16 16:37:36   371200   ------w-   c:\windows\system32\browserchoice.exe
2012-01-16 16:36:38   456320   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-01-16 16:36:33   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2012-01-16 16:36:17   357888   -c----w-   c:\windows\system32\dllcache\srv.sys
2012-01-16 16:35:35   81920   -c----w-   c:\windows\system32\dllcache\fontsub.dll
2012-01-16 16:35:35   119808   -c----w-   c:\windows\system32\dllcache\t2embed.dll
2012-01-16 16:35:26   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2012-01-16 16:33:45   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2012-01-16 16:32:41   2066432   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2012-01-16 16:30:41   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2012-01-16 16:30:37   337408   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2012-01-16 16:30:32   331776   -c----w-   c:\windows\system32\dllcache\msadce.dll
2012-01-16 16:29:52   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2012-01-16 16:29:48   203136   -c----w-   c:\windows\system32\dllcache\rmcast.sys
2012-01-16 16:23:18   --------   d-----w-   c:\windows\system32\PreInstall
2012-01-16 16:23:16   --------   d--h--w-   c:\windows\$hf_mig$
2012-01-16 16:04:59   21728   ----a-w-   c:\windows\system32\wucltui.dll.mui
2012-01-16 16:04:58   17632   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2012-01-16 16:04:58   15072   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2012-01-16 16:04:58   15064   ----a-w-   c:\windows\system32\wuapi.dll.mui
2012-01-16 16:04:58   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-01-16 16:03:15   --------   d-sh--w-   c:\documents and settings\michael\UserData
2012-01-16 15:59:23   69120   ----a-r-   c:\windows\system32\SilSupp.cpl
2012-01-16 15:59:23   166400   ----a-r-   c:\windows\system32\drivers\Si3114r5.sys
2012-01-16 15:59:23   10240   ----a-r-   c:\windows\system32\drivers\SiWinAcc.sys
2012-01-16 15:57:58   60160   ----a-w-   c:\windows\system32\drivers\drmk.sys
2012-01-16 15:57:57   129536   ----a-w-   c:\windows\system32\ksproxy.ax
2012-01-16 15:57:34   180480   ----a-r-   c:\windows\system32\drivers\yk51x86.sys
2012-01-15 19:44:19   --------   d-----w-   c:\documents and settings\all users\application data\NVIDIA Corporation
2012-01-15 19:44:15   367936   ----a-w-   c:\windows\system32\nvsvc32.exe
2012-01-15 19:44:15   298816   ----a-w-   c:\windows\system32\nvcolor.exe
2012-01-15 19:44:14   203072   ----a-w-   c:\windows\system32\nvmctray.dll
2012-01-15 19:44:14   16744256   ----a-w-   c:\windows\system32\nvcpl.dll
2012-01-15 19:44:13   602432   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2012-01-15 19:44:13   54272   ----a-w-   c:\windows\system32\nvwddi.dll
2012-01-15 19:44:08   285176   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2012-01-15 19:44:08   285176   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2012-01-15 19:44:08   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2012-01-15 19:43:43   65536   ----a-w-   c:\windows\system32\OpenCL.dll
2012-01-15 19:43:42   17956864   ----a-w-   c:\windows\system32\nvoglnt.dll
2012-01-15 19:43:41   919872   ----a-w-   c:\windows\system32\nvdispco32.dll
2012-01-15 19:43:41   877376   ----a-w-   c:\windows\system32\nvgenco32.dll
2012-01-15 19:43:40   5595136   ----a-w-   c:\windows\system32\nvcuda.dll
2012-01-15 19:43:40   2398016   ----a-w-   c:\windows\system32\nvcuvid.dll
2012-01-15 19:43:40   2099520   ----a-w-   c:\windows\system32\nvcuvenc.dll
2012-01-15 19:43:40   17240064   ----a-w-   c:\windows\system32\nvcompiler.dll
2012-01-15 19:43:39   2449408   ----a-w-   c:\windows\system32\nvapi.dll
2012-01-15 19:43:26   --------   d-----w-   c:\program files\NVIDIA Corporation
2012-01-15 19:38:17   77824   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-01-15 19:38:17   32768   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-01-15 19:38:17   221184   ----a-w-   c:\program files\common files\installshield\iscript\iscript.dll
2012-01-15 19:38:17   221184   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-01-15 19:38:16   675972   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-01-15 18:50:48   --------   d-----w-   c:\documents and settings\michael\local settings\application data\Identities
2012-01-15 17:32:34   --------   d-----w-   c:\windows\system32\wbem\AutoRecover
2012-01-15 17:30:41   --------   d-s---w-   c:\windows\system32\Microsoft
2012-01-15 17:27:22   --------   d-----w-   c:\windows\ServicePackFiles
2012-01-15 17:25:43   2897920   ------w-   c:\windows\system32\xpsp2res.dll
2012-01-15 17:25:22   19528   ----a-w-   c:\windows\002012_.tmp
2012-01-15 17:25:22   --------   d-----w-   c:\windows\system32\ReinstallBackups
2012-01-15 17:25:17   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-01-15 17:24:45   --------   d-----w-   c:\windows\EHome
.
==================== Find3M  ====================
.
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21:44   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-03 15:28:36   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28:36   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08   2192768   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03   2069376   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 15:58:25.21 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 15/01/2012 16:59:49
System Uptime: 17/01/2012 15:42:24 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 2412/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 47.994 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 30.961 GiB free.
E: is FIXED (NTFS) - 87 GiB total, 71.83 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 15/01/2012 17:05:17 - System Checkpoint
RP2: 15/01/2012 17:25:23 - Installed Windows XP Service Pack 2.
RP3: 15/01/2012 19:30:56 - Installed Managed DirectX (0900)
RP4: 15/01/2012 19:44:03 - Update to an unsigned driver
RP5: 16/01/2012 16:22:51 - Software Distribution Service 3.0
RP6: 16/01/2012 16:39:38 - Software Distribution Service 3.0
RP7: 16/01/2012 17:21:00 - Software Distribution Service 3.0
RP8: 16/01/2012 17:58:44 - Software Distribution Service 3.0
RP9: 16/01/2012 19:33:41 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
BT Broadband Desktop Help
BT Broadband Help
BT Voyager 205 ADSL Router
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Malwarebytes Anti-Malware version 1.60.0.1800
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
16/01/2012 20:11:05, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
16/01/2012 16:39:44, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Flash Player (KB923789).
16/01/2012 16:28:46, error: Service Control Manager [7034]  - The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
16/01/2012 16:28:46, error: Service Control Manager [7022]  - The NVIDIA Update Service Daemon service hung on starting.
16/01/2012 15:55:56, error: Service Control Manager [7000]  - The MSICPL service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================

Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #3 on: January 17, 2012, 11:41:20 am »
Malewarebytes log


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

17/01/2012 16:02:57
mbam-log-2012-01-17 (16-30-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221952
Time elapsed: 24 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Michael\Local Settings\Temp\winspyifq.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\ncuirs.exe (Trojan.Downloader) -> No action taken.

(end)

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #4 on: January 17, 2012, 01:56:59 pm »
    Malwarebytes' Anti-Malware shows No action taken for each of the detected problems, did you try to fix the problems?


  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #5 on: January 18, 2012, 05:08:58 am »
Hi Hoov
I check all items to be deleted, then do the reboot, re-scan and they are all back again
When I view the log after reboot it says the items were removed, but if I scan again they all come back
This is the log after reboot, hope this makes sense
Thanks
Mike

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

18/01/2012 10:27:01
mbam-log-2012-01-18 (10-27-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229428
Time elapsed: 27 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Michael\Local Settings\Temp\winqagyal.exe (Trojan.Downloader) -> Delete on reboot.
C:\System Volume Information\_restore{E1BEE7A8-5545-4F24-B0A6-569015C2D5F6}\RP6\A0006946.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1BEE7A8-5545-4F24-B0A6-569015C2D5F6}\RP7\A0007833.exe (FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\doxmx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #6 on: January 18, 2012, 08:08:26 am »
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #7 on: January 19, 2012, 12:10:51 pm »
Hi Hoov
TDDSKiller didn't find any problems
The scan results are below.
Thanks Hoov

P.S. Hoov my infected pc wont open my thread on the forum now
so I'm viewing your posts and replying on my old scrap pc, not sure if my browser is infected.



Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #8 on: January 19, 2012, 12:16:05 pm »
I cant postthe log Hoov ?

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #9 on: January 19, 2012, 08:40:26 pm »
* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mike44

  • Bronze Member
  • Posts: 63
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #10 on: January 21, 2012, 08:29:22 am »
Hi Hoov
I still cant post to the forum on my main PC, anyway this is the combofix log
Thanks Hoov
Mike

ComboFix 12-01-19.02 - Michael 21/01/2012  14:05:25.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1023.689 [GMT 0:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\WINDOWS
c:\windows\system32\rundll32.exe.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-21 to 2012-01-21  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-03-31 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-03-31 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-03-31 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21 . 2003-03-31 12:00   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-03-31 12:00   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2003-03-31 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-03 15:28 . 2003-03-31 12:00   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-03-31 12:00   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2003-03-31 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2003-03-31 12:00   2192768   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04   2069376   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2008-04-14 . 1F88124CA9E09DEF4FD7BD7E9977D023 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1710184]
"DiskeeperSystray"="d:\diskeeper 9 profesional\DkIcon.exe" [2004-10-04 249944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 93184]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04   1659776   ----a-w-   c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1773056   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-01 07:54   147456   ----a-r-   c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-16 18:57   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Nvidea driver october 2011\\setup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\PROGRA~1\\Motive\\ASSTCO~1\\MOTIVE~1.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\matcli.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=
"d:\\Diskeeper 9 profesional\\DkService.exe"=
"d:\\Diskeeper 9 profesional\\DkIcon.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\mpbtn.exe"=
.
R?2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/01/2012 19:44 2330944]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/01/2012 20:32 13225]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DSLAGENTEXE - c:\program files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
HKLM-Run-razertra - d:\razer mouse\razertra.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
d:\diskeeper 9 profesional\DkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-01-21  14:12:41 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-21 14:12
.
Pre-Run: 51,549,413,376 bytes free
Post-Run: 51,667,587,072 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9D0EC89AC7839137C4E99444B946B728

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #11 on: January 21, 2012, 11:20:38 am »
Can you get into the system area's now?

Look around and see if you have any documents or other files missing. If not then try following the instructions below on how to run ccleaner and then see if you can come here and post to this thread with the problem machine.

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline mike44

      • Bronze Member
      • Posts: 63
      Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
      « Reply #12 on: January 21, 2012, 12:40:21 pm »
      Hi Hoov
      I have downloaded and run ccleaner it cleared a lot of junk, I still can't post on the forum Hoov, I'm typeing this on my phone, the forum will only load up to the sixth post Hoov, and stops loading at your 7th post, what to try now Boss ?
      Thanks
      Mike

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25712
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
      « Reply #13 on: January 21, 2012, 04:08:44 pm »
      Please try installing Google Chrome and see if that allows you to post here.

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline mike44

      • Bronze Member
      • Posts: 63
      Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
      « Reply #14 on: January 22, 2012, 06:08:55 am »
      Hi Hoov
      Just installed Google chrome but I still can't post on the forum,I also can't open security websites like Kasparov  and Norton I'm scratching my head at this one :(