Author Topic: [Resolved] Grey out "Task Manager" and "Regedit" and slow PC  (Read 5438 times)

0 Members and 1 Guest are viewing this topic.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25389
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
« Reply #15 on: January 22, 2012, 10:10:15 am »
That actually makes more sense.

Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.



    Now start Malwarebytes' Anti-Malware and update it, then run a full scan (instead of a quick scan) and fix anything it finds, then post the log. If it finds nothing, post that log. [/list]

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #16 on: January 23, 2012, 03:20:12 pm »
    Hi Hoov
    I downloaded and ran rkill, and did a full scan with Malwarebytes
    Both logs are below, the trogen downloader which Malwarebytes found
    Was still on my PC after reboot, I tried to put it in the recycle bin but it wont go.
    I can post on the forum now Hoov, I cant open page one of this thread, but can open page two
    Thanks Hoov
    Mike




    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 23/01/2012 at 16:58:47.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 23/01/2012 at 16:58:53.









    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.23.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Michael :: HOME [administrator]

    23/01/2012 20:41:05
    mbam-log-2012-01-23 (20-41-05).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225537
    Time elapsed: 23 minute(s), 21 second(s)

    Memory Processes Detected: 1
    C:\WINDOWS\Temp\wtdgf.exe (Trojan.Downloader) -> 3596 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\Temp\wtdgf.exe (Trojan.Downloader) -> Delete on reboot.

    (end)

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25389
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #17 on: January 23, 2012, 04:27:42 pm »
    Can you post in this thread using the problem computer?

    If not, please follow the instructions below.


    Open a command prompt (all programs > Accessories > Command Prompt) and type in
    Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #18 on: January 23, 2012, 06:48:32 pm »
    Hi Hoov
    Yes I can post on page 2 of this thread,page one will only open to the 6th post
    Thanks
    Mike

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25389
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #19 on: January 23, 2012, 07:03:35 pm »
    That is crazy. How about Taskmanager and Regedit?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #20 on: January 24, 2012, 04:37:38 am »
    Hi Hoov
    I now have access to Regedit, but I can't access the Task Manager
    I still can't open websites like Symantec and kaspersky
    This is the message I get from Google Chrome when I try to open these websites
    I can't access the cached pages either
    Thanks Hoov
    Mike

    Oops! Google Chrome could not find kaspersky.com
    Try reloading: kaspersky.­com
    Additional suggestions:
    Access a cached copy of ­kaspersky.­com
    Search on Google:
    « Last Edit: January 24, 2012, 07:44:19 am by Hoov »

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #21 on: January 24, 2012, 05:20:18 am »
    Hoov just re booted pc and have lost access to regedit and I can't open my last post on the forum, it might be because I entered the text address to security websites

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #22 on: January 24, 2012, 05:31:46 am »
    Hoov can you edit my post to remove the link to kaspersky I may be able to access this thread again then thanks
    Mike

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25389
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #23 on: January 24, 2012, 07:44:36 am »
    * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #24 on: January 24, 2012, 03:07:50 pm »
    Hi Hoov
    Just ran combofix, the log is below
    Still can't post on the forum or access certain websites and
    Task manager and regedit still won't open, its driving me mad
    Thanks
    Mike






    ComboFix 12-01-23.02 - Michael 24/01/2012  20:44:29.2.1 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1023.640 [GMT 0:00]
    Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ABP470N5
    -------\Service_abp470n5
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-12-24 to 2012-01-24  )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2003-03-31 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2003-03-31 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2003-03-31 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2003-03-31 12:00   354816   ----a-w-   c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2003-03-31 12:00   152064   ----a-w-   c:\windows\system32\schannel.dll
    2011-11-04 19:20 . 2003-03-31 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-03-31 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-03-31 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
    2011-11-03 15:28 . 2003-03-31 12:00   386048   ----a-w-   c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2003-03-31 12:00   1292288   ----a-w-   c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2003-03-31 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2003-03-31 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
    [-] 2008-04-14 . 1F88124CA9E09DEF4FD7BD7E9977D023 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    (((((((((((((((((((((((((((((   SnapShot@2012-01-21_14.10.22   )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-24 17:37 . 2012-01-24 17:37   16384              c:\windows\Temp\Perflib_Perfdata_5fc.dat
    + 2012-01-24 20:49 . 2012-01-24 20:49   16384              c:\windows\Temp\Perflib_Perfdata_5e0.dat
    + 2012-01-24 20:49 . 2012-01-24 20:49   16384              c:\windows\Temp\Perflib_Perfdata_218.dat
    + 1999-11-24 17:40 . 1999-11-24 17:40   40960              c:\windows\system32\VBAME.DLL
    + 1998-03-24 20:54 . 1998-03-24 20:54   15872              c:\windows\system32\SCP32.DLL
    + 1998-08-09 10:07 . 1998-08-09 10:07   94208              c:\windows\system32\MSSTKPRP.DLL
    + 1998-06-17 18:08 . 1998-06-17 18:08   53248              c:\windows\system32\MFC42ENU.DLL
    + 1998-03-26 00:00 . 1998-03-26 00:00   38160              c:\windows\system32\MAPISRVR.EXE
    + 1999-10-17 19:01 . 1999-10-17 19:01   26384              c:\windows\system32\FM20ENU.DLL
    + 2001-01-22 03:25 . 2001-01-22 03:25   32768              c:\windows\system32\ATHPRXY.DLL
    + 2012-01-24 12:28 . 2012-01-24 12:28   90112              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   45056              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   22528              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   30720              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   16384              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   34304              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   81920              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   3584              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   8192              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   2560              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2000-04-03 17:52 . 2000-04-03 17:52   151552              c:\windows\system32\RDOCURS.DLL
    + 1998-12-08 18:53 . 1998-12-08 18:53   212480              c:\windows\system32\PCDLIB32.DLL
    + 2000-05-23 21:45 . 2000-05-23 21:45   118784              c:\windows\system32\MSSTDFMT.DLL
    + 2000-05-11 13:06 . 2000-05-11 13:06   397312              c:\windows\system32\MSRDO20.DLL
    + 1998-10-01 12:00 . 1998-10-01 12:00   520128              c:\windows\system32\MAPI.DLL
    + 2012-01-24 20:49 . 2012-01-24 20:49   112584              c:\windows\system32\FNTCACHE.DAT
    + 2012-01-16 17:20 . 2008-04-13 18:53   635904              c:\windows\network diagnostic\xpnetdiag.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   114688              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2012-01-24 12:28 . 2012-01-24 12:28   167936              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    + 1999-10-17 19:01 . 1999-10-17 19:01   1129232              c:\windows\system32\FM20.DLL
    + 2012-01-24 12:28 . 2012-01-24 12:28   3485184              c:\windows\Installer\dee5f.msi
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-16 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1710184]
    "DiskeeperSystray"="d:\diskeeper 9 profesional\DkIcon.exe" [2004-10-04 249944]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 93184]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 161184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)
    "DisableRegistryTools"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
    backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2011-05-26 15:04   1659776   ----a-w-   c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12   1773056   ----a-w-   c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-12-01 07:54   147456   ----a-r-   c:\windows\SOUNDMAN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-01-16 18:57   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Nvidea driver october 2011\\setup.exe"=
    "c:\\WINDOWS\\system32\\nvsvc32.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
    "c:\\PROGRA~1\\Motive\\ASSTCO~1\\MOTIVE~1.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SOUNDMAN.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BT Broadband\\Help\\bin\\matcli.exe"=
    "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
    "c:\\WINDOWS\\system32\\netsh.exe"=
    "c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=
    "d:\\Diskeeper 9 profesional\\DkService.exe"=
    "d:\\Diskeeper 9 profesional\\DkIcon.exe"=
    "c:\\Program Files\\BT Broadband\\Help\\bin\\mpbtn.exe"=
    .
    R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/01/2012 20:32 13225]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/01/2012 19:44 2330944]
    S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ABP470N5
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004Core.job
    - c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004UA.job
    - c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 20:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2376)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\RUNDLL32.EXE
    d:\diskeeper 9 profesional\DkService.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-24  20:52:51 - machine was rebooted
    ComboFix-quarantined-files.txt  2012-01-24 20:52
    .
    Pre-Run: 50,447,446,016 bytes free
    Post-Run: 50,457,931,776 bytes free
    .
    - - End Of File - - 96CEA6A801589B31220E5C395BEDFB14

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25389
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #25 on: January 24, 2012, 03:17:52 pm »
    I know what the problem is, but before we change it, we need to make sure that your computer is clean, the fact that you have a hard time posting here because of a security site address means you are still infected.

    Open a command prompt (all programs > Accessories > Command Prompt) and type in
    Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





    • If an infected file is detected, the default action will be Cure, click on Continue.





    • If a suspicious file is detected, the default action will be Skip, click on Continue.





    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #26 on: January 25, 2012, 01:19:23 pm »
    Hi Hoov
    Two logs for you to have a look at
    First one is the ipconfig log
    And the second is the TDSSKiller
    Hope it all makes sense Hoov
    Thanks again
    Mike




    Windows IP Configuration



            Host Name . . . . . . . . . . . . : home

            Primary Dns Suffix  . . . . . . . :

            Node Type . . . . . . . . . . . . : Unknown

            IP Routing Enabled. . . . . . . . : No

            WINS Proxy Enabled. . . . . . . . : No

            DNS Suffix Search List. . . . . . : home



    Ethernet adapter Local Area Connection:



            Media State . . . . . . . . . . . : Media disconnected

            Description . . . . . . . . . . . : Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller

            Physical Address. . . . . . . . . : 00-11-09-DA-1F-0E



    Ethernet adapter Local Area Connection 3:



            Connection-specific DNS Suffix  . : home

            Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2

            Physical Address. . . . . . . . . : 00-11-09-DA-1F-0F

            Dhcp Enabled. . . . . . . . . . . : Yes

            Autoconfiguration Enabled . . . . : Yes

            IP Address. . . . . . . . . . . . : 192.168.1.65

            Subnet Mask . . . . . . . . . . . : 255.255.255.0

            Default Gateway . . . . . . . . . : 192.168.1.254

            DHCP Server . . . . . . . . . . . : 192.168.1.254

            DNS Servers . . . . . . . . . . . : 192.168.1.254

            Lease Obtained. . . . . . . . . . : 25 January 2012 15:14:12

            Lease Expires . . . . . . . . . . : 26 January 2012 15:14:12










    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #27 on: January 25, 2012, 01:24:23 pm »
    I cant post the second log Hoov
    This is the message I get
    Thanks
    Mike

    HTTP Error 403 Forbidden
    You don't have permission to access

    /simplemachinesforum/index.php?action=post2;start=15;board=10 on this server.

    Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Request Entity Attack: Repeated!&#x020

    If you get this message in error, please contact the ADM1N and provide the date and time of this message.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25389
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #28 on: January 25, 2012, 01:42:20 pm »
    Please zip it up and attach it.

    Are you connected to the internet thru a router?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline mike44

    • Bronze Member
    • Posts: 63
    Re: [In Progress] Grey out "Task Manager" and "Regedit" and slow PC
    « Reply #29 on: January 25, 2012, 03:13:31 pm »
    Hi Hoov
    The scan log is below
    Thanks
    Mike