[Resolved] Grey out "Task Manager" and "Regedit" and slow PC

[Hoov]

That actually makes more sense.

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

Now start Malwarebytes' Anti-Malware and update it, then run a full scan (instead of a quick scan) and fix anything it finds, then post the log. If it finds nothing, post that log. [/list]

[mike44]

Hi Hoov
I downloaded and ran rkill, and did a full scan with Malwarebytes
Both logs are below, the trogen downloader which Malwarebytes found
Was still on my PC after reboot, I tried to put it in the recycle bin but it wont go.
I can post on the forum now Hoov, I cant open page one of this thread, but can open page two
Thanks Hoov
Mike




This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 23/01/2012 at 16:58:47.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 23/01/2012 at 16:58:53.









Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: HOME [administrator]

23/01/2012 20:41:05
mbam-log-2012-01-23 (20-41-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225537
Time elapsed: 23 minute(s), 21 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\wtdgf.exe (Trojan.Downloader) -> 3596 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\Temp\wtdgf.exe (Trojan.Downloader) -> Delete on reboot.

(end)

[Hoov]

Can you post in this thread using the problem computer?

If not, please follow the instructions below.


Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

[mike44]

Hi Hoov
Yes I can post on page 2 of this thread,page one will only open to the 6th post
Thanks
Mike

[Hoov]

That is crazy. How about Taskmanager and Regedit?

[mike44]

Hi Hoov
I now have access to Regedit, but I can't access the Task Manager
I still can't open websites like Symantec and kaspersky
This is the message I get from Google Chrome when I try to open these websites
I can't access the cached pages either
Thanks Hoov
Mike

Oops! Google Chrome could not find kaspersky.com
Try reloading: kaspersky.­com
Additional suggestions:
Access a cached copy of ­kaspersky.­com
Search on Google:

[mike44]

Hoov just re booted pc and have lost access to regedit and I can't open my last post on the forum, it might be because I entered the text address to security websites

[mike44]

Hoov can you edit my post to remove the link to kaspersky I may be able to access this thread again then thanks
Mike

[Hoov]

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[mike44]

Hi Hoov
Just ran combofix, the log is below
Still can't post on the forum or access certain websites and
Task manager and regedit still won't open, its driving me mad
Thanks
Mike






ComboFix 12-01-23.02 - Michael 24/01/2012  20:44:29.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1023.640 [GMT 0:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-24 to 2012-01-24  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-03-31 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-03-31 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-03-31 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21 . 2003-03-31 12:00   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-03-31 12:00   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2003-03-31 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-03 15:28 . 2003-03-31 12:00   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-03-31 12:00   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2003-03-31 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2008-04-14 . 1F88124CA9E09DEF4FD7BD7E9977D023 . 93184 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-21_14.10.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 17:37 . 2012-01-24 17:37   16384              c:\windows\Temp\Perflib_Perfdata_5fc.dat
+ 2012-01-24 20:49 . 2012-01-24 20:49   16384              c:\windows\Temp\Perflib_Perfdata_5e0.dat
+ 2012-01-24 20:49 . 2012-01-24 20:49   16384              c:\windows\Temp\Perflib_Perfdata_218.dat
+ 1999-11-24 17:40 . 1999-11-24 17:40   40960              c:\windows\system32\VBAME.DLL
+ 1998-03-24 20:54 . 1998-03-24 20:54   15872              c:\windows\system32\SCP32.DLL
+ 1998-08-09 10:07 . 1998-08-09 10:07   94208              c:\windows\system32\MSSTKPRP.DLL
+ 1998-06-17 18:08 . 1998-06-17 18:08   53248              c:\windows\system32\MFC42ENU.DLL
+ 1998-03-26 00:00 . 1998-03-26 00:00   38160              c:\windows\system32\MAPISRVR.EXE
+ 1999-10-17 19:01 . 1999-10-17 19:01   26384              c:\windows\system32\FM20ENU.DLL
+ 2001-01-22 03:25 . 2001-01-22 03:25   32768              c:\windows\system32\ATHPRXY.DLL
+ 2012-01-24 12:28 . 2012-01-24 12:28   90112              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   45056              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   22528              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   30720              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   16384              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   34304              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   81920              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   3584              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   8192              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   2560              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-04-03 17:52 . 2000-04-03 17:52   151552              c:\windows\system32\RDOCURS.DLL
+ 1998-12-08 18:53 . 1998-12-08 18:53   212480              c:\windows\system32\PCDLIB32.DLL
+ 2000-05-23 21:45 . 2000-05-23 21:45   118784              c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-11 13:06 . 2000-05-11 13:06   397312              c:\windows\system32\MSRDO20.DLL
+ 1998-10-01 12:00 . 1998-10-01 12:00   520128              c:\windows\system32\MAPI.DLL
+ 2012-01-24 20:49 . 2012-01-24 20:49   112584              c:\windows\system32\FNTCACHE.DAT
+ 2012-01-16 17:20 . 2008-04-13 18:53   635904              c:\windows\network diagnostic\xpnetdiag.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   114688              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2012-01-24 12:28 . 2012-01-24 12:28   167936              c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 1999-10-17 19:01 . 1999-10-17 19:01   1129232              c:\windows\system32\FM20.DLL
+ 2012-01-24 12:28 . 2012-01-24 12:28   3485184              c:\windows\Installer\dee5f.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1710184]
"DiskeeperSystray"="d:\diskeeper 9 profesional\DkIcon.exe" [2004-10-04 249944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 93184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 161184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04   1659776   ----a-w-   c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1773056   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-01 07:54   147456   ----a-r-   c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-16 18:57   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Nvidea driver october 2011\\setup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\PROGRA~1\\Motive\\ASSTCO~1\\MOTIVE~1.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\matcli.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=
"d:\\Diskeeper 9 profesional\\DkService.exe"=
"d:\\Diskeeper 9 profesional\\DkIcon.exe"=
"c:\\Program Files\\BT Broadband\\Help\\bin\\mpbtn.exe"=
.
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/01/2012 20:32 13225]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/01/2012 19:44 2330944]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1214440339-839522115-1004UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-22 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
d:\diskeeper 9 profesional\DkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-01-24  20:52:51 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-24 20:52
.
Pre-Run: 50,447,446,016 bytes free
Post-Run: 50,457,931,776 bytes free
.
- - End Of File - - 96CEA6A801589B31220E5C395BEDFB14

[Hoov]

I know what the problem is, but before we change it, we need to make sure that your computer is clean, the fact that you have a hard time posting here because of a security site address means you are still infected.

Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[mike44]

Hi Hoov
Two logs for you to have a look at
First one is the ipconfig log
And the second is the TDSSKiller
Hope it all makes sense Hoov
Thanks again
Mike




Windows IP Configuration



        Host Name . . . . . . . . . . . . : home

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller

        Physical Address. . . . . . . . . : 00-11-09-DA-1F-0E



Ethernet adapter Local Area Connection 3:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2

        Physical Address. . . . . . . . . : 00-11-09-DA-1F-0F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.65

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : 25 January 2012 15:14:12

        Lease Expires . . . . . . . . . . : 26 January 2012 15:14:12

[mike44]

I cant post the second log Hoov
This is the message I get
Thanks
Mike

HTTP Error 403 Forbidden
You don't have permission to access

/simplemachinesforum/index.php?action=post2;start=15;board=10 on this server.

Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Request Entity Attack: Repeated!&#x020

If you get this message in error, please contact the ADM1N and provide the date and time of this message.

[Hoov]

Please zip it up and attach it.

Are you connected to the internet thru a router?

[mike44]

Hi Hoov
The scan log is below
Thanks
Mike