Over 1 million tech questions and answers.

Task Manager Disabled, Virus Alert Next To Clock, And Rqrkexqq.dll Appeared!

Q: Task Manager Disabled, Virus Alert Next To Clock, And Rqrkexqq.dll Appeared!

Hi,I am running Windows XP Pro with AVG free and i downloaded a file that i that i thought was safe.it installed shortcuts to url's for privacy protectors and others. My Start bar is missing "all programs" and settings, search etc. next to files there is a clock and next to that is VIRUS ALERT! and i have a icon on the taskbar that says i have been infected and have to download a program. i ran security task manager and removed a couple infected Sys32 files that were reported "!Elderado" (dont know what it means) oh yeah and this is a screenshot.
virus_alert.gif 251.37KB
18 downloads Im running malware bytes now.EDIT: MALWARE BYTES LOGMalwarebytes' Anti-Malware 1.23Database version: 1008Windows 5.1.2600 Service Pack 212:35:23 AM 7/30/2008mbam-log-7-30-2008 (00-35-23).txtScan type: Quick ScanObjects scanned: 46395Time elapsed: 33 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 50Registry Values Infected: 9Registry Data Items Infected: 16Folders Infected: 11Files Infected: 54Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\rqRKEXqQ.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rightonadz (Adware.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{fbf85a20-ff88-4c46-90fb-b023e5c4eca0} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrkexqq (Trojan.Vundo) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{b7c0f785-9202-4f82-9389-8552e22291aa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{ad680209-3e87-428d-a4e7-c9d46ee39736} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3d937931-f62d-4197-b011-9a8d9e2770f3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7eb73dda-fc6b-4064-8b30-89e6ae779699} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{89305f2a-2124-4804-84fe-09a719b492d0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{f970ba9c-6e8e-4160-93b5-8d774eaeec56} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{fa11f056-3843-4a35-bf43-5b0a70f75a08} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\fdkowvbp.bvar (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbf85a20-ff88-4c46-90fb-b023e5c4eca0} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7eb73dda-fc6b-4064-8b30-89e6ae779699} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-1962836-23470) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.C:\WINDOWS\eblv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\168576FC.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\16867418.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\16868658.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\16869B28.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686A0B6.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686A5D7.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686C2E4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686C96C.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686CE3F.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686D321.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686D803.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686F1D4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686F697.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\1686FF90.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\16868658.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\16869B28.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686A0B6.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686A5D7.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686C2E4.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686C96C.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686CE3F.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686D321.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686D803.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686F1D4.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686F697.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\1686FF90.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.C:\WINDOWS\system32\rqRKEXqQ.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.C:\Documents and Settings\MOMANDDAD\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\MOMANDDAD\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\MOMANDDAD\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\MOMANDDAD\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\MOMANDDAD\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\MOMANDDAD\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.Everything seems to be okay now exept i dont have a background?

RELEVANCY SCORE 200
Preferred Solution: Task Manager Disabled, Virus Alert Next To Clock, And Rqrkexqq.dll Appeared!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Task Manager Disabled, Virus Alert Next To Clock, And Rqrkexqq.dll Appeared!

The same thing happened to me. I got the use of my taskbar back thanks to Spybot Search and Destroy, but I still have the "virus alert!" next to my clock and my C drive doesn't show up under my computer. I also ran SUPERanti spyware and norton 360 and they picked up a few things. Did the virus create a administrator account? I can't seem to get rid of the new account either.

Read other 3 answers
RELEVANCY SCORE 124.8

I have a very similar problem to this person, (http://www.bleepingcomputer.com/forums/topic160500.html) except I am running Windows XP home edition.
I downloaded a file I presumed would be safe, scanned it with Mcafee before opening it and unwittingly installed Total Secure 2009.
My computer then froze up so I had to restart. On restart, I managed to scan using Mcafee and Ad-aware, Mcafee found RemAdm-Generic (C:\windows\system32\LMInit.dll), Ad-aware found a few PuP's I removed.
I then restarted again, and a new account had been created "Admin" and I couldn't open the task manager on other accounts.
I tried to run MBAM, but after 3-4ish minutes the computer logged me out, then froze on the login screen.
Anyone help out? I don't like having to restart every 3-4 minutes

A:Task manager - disabled, computer freezes up after a short period of time, "VIRUS ALERT!" on the right of clock

First:Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

Read other 4 answers
RELEVANCY SCORE 108.4

I have an infected computer which i am trying to clean, but I am not able to remove all of the viruses or reverse the corrupted settings. The Administrator account has no problems whatsoever, but the other users all have Virus Alert! next to the clock. Also, the Start menu does not have All Programs listed. And, when I press Ctr-Alt-Delete, I get a message that says the Administrator account removed premission to use the task manager. Here is my HiJack This log (main.txt)Deckard's System Scanner v20071014.68Run by Other user on 2008-06-23 16:09:39Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as Other user.exe) ------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:33 PM, on 6/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevic... Read more

A:Virus Alert! Next To Clock, No All Programs Or Task Manager

Hello singlemp,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 102.8

Hello, I have read up on those who have had the same problems as me. I have followed those solutions but yet still have problems.

What Is Currently Wrong
Virus alert in taskbar
all programs disabled
run is disabled
cant access my documents or my computer
desktop wallpaper is on (desktop active recovery)

What I have done to try and fix the problem

Installed AVIRA Antivirus
AVG Anti virus
SUPERantispyware
Malwarebytes

I have used all these softwares, run full scans. In total they must of found in between 400-500 spyware and antivirus.

They have all been quarantined and deleted. Yet problem still remains!

Please Help!!
 

A:Need Help. Virus Alert! in taskbar. Task Manager, All Programs & Run Disabled!!

Read other 16 answers
RELEVANCY SCORE 96.8

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

A:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

Read other 3 answers
RELEVANCY SCORE 94.8

Heya! This is my third time doing this (*shame*). I've been pretty good about safe searching, but made a poor decision last night.
Now I'm paying for it and my desktop is disabled, firefox is disabled, my user settings are restricted so I can't alter files or access task manager or settings, helpful websites such as this one are blocked, security updates fail to work for my anti virus/spyware, most hyperlinks that work, take me to a different destination, and many of my programs such as hijack this and others do not load.
After booting in safe mode, tricky backdoor browsing and deleting some files I think were bad, I could get hjt and DSS to run in normal mode. I did all of what I could in the pre-posting steps, but many of them could not be completed. My apologies for that and for deleting some of the malicious files prematurely, but it was the only way I felt I could get a worthwhile log. You guys have never let me down, so here I am asking for your help again!

So here's the DSS log. I copied from my computer via a flash drive...

Deckard's System Scanner v20070426.43
Run by Ocha on 2008-07-11 at 13:11:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ocha.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:11: VIRUS ALERT!, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2... Read more

Read other answers
RELEVANCY SCORE 90

Hello guys, this is my first post here. I have problem last few days. It could be some sort of malware or virus which cant be detected with AVG antivirus or Ad aware. This lap top hasnt been connected online for quite a while and problems started after used my USB flash disk. After that i couldnt open Task Manager(neighter with right click on task bar - text faded, nor with ctrl-alt-delete) or regedit. Also i cant boot into safe mode (when it starts, suddenly blue screen appears for a milisecond and computer restarts). I cant start AVG system scan, it reports that "application cannot run due to an error while verifying its electronic certificate". I can run AVG guard though. There was problem with C disk (i couldnt open it with double click and i had to use "explore" ). I resolved it by deleting "autorun.ini" file thru command prompt (it was hidden file and, another problem that occured, i cant edit folder options to make hidden files visible). There is also problem with language bar which is disabled and cannot be re-enabled cause its button is faded, though i dont care much about it.

I manage to enter to Task manager and regedit using trick with gpedit.msc. In "User configuration/Administrative templates/System/Ctrl+Alt+Del options/Remove task manager", default value is"not configured". I put disabled and i can use Task manager OR regedit again, but ONLY once! After i open and close ONE of those, i cant re-open it withou... Read more

A:Task Manager and regedit disabled, safe mode disabled, virus scan disabled... :s

It sounds very much like a virus. If you can get on the internet google regtools.vbs that script file should get your regedit working again but don't know for how long if it is a virus.

Read other 7 answers
RELEVANCY SCORE 89.6

virus alert is in my task bar. the clock is reading in the 24 hour mode. I downloaded hijack this and have a file saved. I'm hoping for some helpMod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

A:Virus Alert Is In My Task Bar Next To The Clock

Hi uoi, and welcome to BleepingComputer.Please read this guide before going any further.

Read other 1 answers
RELEVANCY SCORE 85.6

Hi,

Ive had, what I believe to be a backdoor trojan on my computer for about 6 weeks now. It started with a malicious pop up which kept appearing making it look like i had loads of viruses and telling me that I needed to buy this virus scanner and my computer would not power off when shutting down. I knew I had a virus so I tried to use my scanner malwarebytes but it would not open, the virus had got to that as well. Eventually I tried copying malwarebytes to a removable media and managed to scan that way. I had lots of trojans including koobface. My computer was still really slow after the scan and they had not been properly deleted because each scan kept bringing the trojans again.

The next problem was my internet browser would not work, i eventually fixed it (cant remember how) but i believe the virus caused this. Then was the disabling of task manager, regedit and gpedit, which i have found by reading forums how to get this enabled again. I have since downloaded AVG, this tells me i have a trojan horse called 'generic7' again I keep scanning, the same viruses are found and deleted then on reboot they are there again. I also noticed that when i can access task manager some proccesses such as windows defender are really high and the only way to run the computer without it crashing/slowing down is to terminate the proccess. One new thing that has only just started to happen is that the ?task manager/ regit disable has by administrator? pop up sometimes appears and cant be... Read more

A:Task Manager Disabled, Regedit disabled, virus scanners detect but dont delete properly

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!==========I need a more detailed view of your computer.Please do this..............Download random's system information tool (RSIT) by random/random from... Read more

Read other 29 answers
RELEVANCY SCORE 82.4

Ok, here is what happened.

After I got on the internet this morning,windows started going crazy with pop ups saying that I had a infection and it stated opening up my internet windows randomly and prompting me to use Vista scan and other programs to correct the problem. I downloaded and used Avast! Now all the infections are gone but "Virus Alert!" is still in the system tray. Task manager still don't work (it says it has been disabled by the administrator, but im on the only account on my computer), and All programs is missing form my start menu along with everything on the right side of the start menu except for Set Program Access. Any help resolving this problem would be great

Here is my system info

Microsoft Xp Sp2
eMacnines 2005

Here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05: VIRUS ALERT!, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common ... Read more

A:Virus Alert!, Task Manager etc. Help!

Hi Lynn2009

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

Plese scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you... Read more

Read other 1 answers
RELEVANCY SCORE 82.4

I have spent a lot of time trying to clean my computer from a softpedia file encryption download. It immediately put a fake virus alert on my desktop, disabled my desktop options in display, and has disabled task manager. I have done a deep scan via safe mode, and also ran superantispyware, which found and quarantined 2 trojans and a rogue.fakealert/wallpaper. However, the display options are still disabled, as well as task manager. I know my system is not clean yet. Attached is my hijackthis log. If anyone has any ideas on what I can do as I wait for a return phone call from the company that handles our a/v (usu. 2-3 days wait!~) I would appreciate any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:28 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOW... Read more

A:Help please, malware or trojan (fake virus alert, disabled task mgr)

Never mind! I did another scan while I was at lunch, this time with Malwarebytes, and it caught everything that the others missed. It fully removed the sinister junk that softpedia allowed on my computer. BOO! HISS! I was led to believe that softpedia.com was a reputable site with safe downloads. NOT SO! BEWARE OF THEIR GARBAGE.
 

Read other 2 answers
RELEVANCY SCORE 80.8

Basically i have a disabled task manager and some sort of virus that is completely messing up my computer. On my desktop it says:"warning spyware threat has been detected on your pc" and i also have a small yellow triangle on the bottom right of the screen that keeps popping up saying pc running slow due to spyware.
I have never tried removing anything like this so i am quite worried at doing it myself however i tried numerous anti-virus's such as adaware,spyware doctor and comodo. Howrever due to these not working i removed them. I also tried regedit.exe found the disable task manager file and changed the dword info to 00000000 but still appearing on desktop.
My last attempt before paying someone to remove this was a link for this site where i followed instructions on the "5 steps" however i have no idea if i have done everything right!
I ran the panda scan and downloaded the other 2 items and then the hijackthis thingymibob and am really unsure what to do next.
I would really appreciate some help and hopefully ppl are not put off by a computer illiterate female lol xx
Here is the log from hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:01, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\... Read more

A:disabled task manager virus and new to this ...please help!!!!

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 80.8

Hi, today when I was online I made the mistake of trying to click out of an ad that popped up on my browser... and now my computer is a little messed up.

Whenever I try to open up the task manager, it says "the task manager has been disabled by the administrator" and little popups appear every 30 seconds or so...

I'd really appreciate some help, thanks



heres the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:59, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldtserv.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMB... Read more

A:virus: task manager disabled

I ran a system restore last night and I fixed the problem. So I dont need any help

Read other 1 answers
RELEVANCY SCORE 80.8

Hi

I noticed a day or two ago that software was running extremely slow. Getting sick of waiting I hit ctrl-alt-del and got a pop up box saying "Task Manager has been disabled by your administrator". I'm on my own standalone pc and am the only user and I haven't knowingly disabled the task manager. Suspicious, I ran AVG but found no viruses. I then ran AdAware and got some privacy things - but nothing malicious. Then spybot popups started appearing asking me about registry changes. Unsure, I clicked deny - but they kept on appearing. I shut down and re-started and let spybot run. It took all day - it was so slow. It came up with some problems, but then the system hung when clicked to clean up. The problems were.....

Microsoft.WindowsSecurityCentre.TaskManager
Virtumonde
Virtumonde.dll
Zlob.Downloader.vcd

I'm now getting random IE windows opening, and my computer isn't responding at the proper speed - for example although I'm typing correctly, the pc isn't picking up all my key presses so I'm going back to re-type all the time.

I've also noted that all my system restore points seem to have vanished.

I'd really appreciate some help. I'm using XP. My PC is quite old - a pentium.

Many thanks

Paul
 

Read other answers
RELEVANCY SCORE 80

i jus got a whole bunch of viruses. and when i push ctrl+alt+del to open up task manager it says: Task Manager has been disabled by your administrator. can someone plz me how to enable it again?
 

A:Solved: Please HELP virus. TASK MANAGER DISABLED

Read other 16 answers
RELEVANCY SCORE 80

Please can someone help analyse my Hijackthis log and advise what to do. My display is disabled and I have no access to my C drive.Help save my laptop - Thanks RobStartupList report, 05/08/2008, 21:48:18StartupList version: 1.52.2Started from : C:\Documents and Settings\Robert\Desktop\HiJackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\eManager\anbmServ.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\keyhook.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Arcade\PCMService.exeC:\Program Files\Launch Manager\QtZgAcer.EXEC:\Program Files\Common Files\Real\Updat... Read more

A:Task Manager And Display Disabled With Virus

Hi

Looks like you've posted startuplist instead of HijackThis log. If you still need help with this do the following to get latest hjt log:
Do a system scan only
* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Read other 3 answers
RELEVANCY SCORE 80

I've got a virus on my system (XP Home SP3). When I plug in my flash drive it says the drivers been installed but then the drive doesn't appear, so I can't copy malwarebytes from the flash drive onto my comp. The virus also seems to have blocked access to any site I try to go to to download malwarebytes. If I try to open task manager it says that it has been disabled by the administrator.

Does anyone have any ideas how I can re enable my USB ports or any ideas how I can copy malwarebytes onto my computer?

Cheers

Mark
 

Read other answers
RELEVANCY SCORE 80

Alright I have been infected by god knows what virus. All I know it has disabled my Taskmanager and Registy Editor. Also slowed my Internet connection down. Also interfering with antivirus that I will attempt to install. I formatted my comoputer twice and the virus is still here. Something I have never seen before. Its weird. I have 2 Hard Drives...do i need format my other drive to? I think its a worm. The goes into anything that i connect to my computer I have my drivers located on that D drive. If I burn the drivers to a disc wil i be burning the worm with it to? This is a nasty worm I hope you all can help me thank you.

Read other answers
RELEVANCY SCORE 80

Recently my task manager was disabled somehow, but I managed to reopen it using a command to change the value of a reg file it worked up until my computer is rebooted. Any help is appreciated thanks. Heres my log file:Logfile of HijackThis v1.99.1Scan saved at 7:13:50 PM, on 15/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXED:\Program Files\MessengerPlus!\MsgPlus.exeD:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Messenger\msmsgs.exeD:\Program Files\AIM95\aim.exec:\program files\mcafee.com\agent\m... Read more

A:"task Manager Has Been Disabled By Administrator" Virus?

I've done what I can to try and fix this but it hasn't worked.
Any help is appreciated please.

Read other 3 answers
RELEVANCY SCORE 80

Hi, I'm new here!
I tried to open task manager and i got the message "task manager has been disabled by your administrator" !!!
I didn't make any change in registry so I think is a virus; I tried to kill the guy but in vain so I reinstalled windows, I formated drive C on wich I only have Windows...was everything fine until I imported the files in outlook after I reinstalled Microsoft Office. I was reading that is a virus coming by e-mails.
I can't install any antivirus and before when I had the antivirus installed would not let me start it
That's all I can tell you.
Please help!!! I'm so mad about this! u cant belive it
Thank you.
 

A:task manager has been disabled by your administrator virus HELP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:09 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\DOCUME~1\pepenele\LOCALS~1\Temp\hdhmra.exe
C:\DOCUME~1\pepenele\LOCALS~1\Temp\sgnti.exe
C:\DOCUME~1\pepenele\LOCALS~1\Temp\ssxl.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Streets & Trips\Streets.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.co... Read more

Read other 1 answers
RELEVANCY SCORE 80

hey guys, need help.
picked up a virus, it has disabled task manager and all run commands, regedit.exe, also cant open malwarebytes, or superantispyware, to attempt to get rid of it?

hjt log.
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:07, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1161798129\ee\aolsoftware.exe
c:\program files\common files\aol\1161798129\ee\aolsoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\... Read more

A:virus! disabled task manager and regedit + hjt

ok after some time fiddling around, got task manager and regedit back. but virus still there and still cant open malwarebytes
 

Read other 1 answers
RELEVANCY SCORE 80

hello i need help with this because it keeps coming back even though i have tried hijack and a bunch of other ones i do everything right by going into regedit and deleting it but it comes back after like 5 seconds the task manager and regedit only work for awhile too with the fixes and i have reformatted my computer like 4 times nothing works need help pls and thank you i also have this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:44 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\andrewdo\LOCALS~1\Temp\wineakit.exe
C:\DOCUME~1\andrewdo\LOCALS~1\Temp\winlhitdp.exe
C:\DOCUME~1\andrewdo\LOCALS~1\Temp\naoa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WIND... Read more

A:task manager and regedit disabled by virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 80

I have a laptop along with this desk top at my home. One of my teens went to a web site with the laptop and installed some wallpaper that I think had a virus. (As info, it's got pictures of flowers and zebras on the wallpaper.)

Now the laptop is practically inoperable... extremely slow, and I can tell something is running on it, but have no idea what. I CANNOT even get to the internet using that PC because is is so slow (i.e. I click on something and it takes 30 mins or more to do anything.)

I tried doing a control alt delete, but the task manager button is grayed out and I can't even get into to see what processes are running. The only thing I know is that when I boot up the system, I get a message where it looks like the pc is trying to go out to the internet to do something, and a box comes up saying

cannot open mnubx.exe.tmp

I also get these pop ups asking if I want to "enhance my internet experience"... I read the terms of agreement and say something about EnBrowser.

My problem is I don't know exactly what I can do since I can't use Task Manager and I can't get to the internet with this PC. I'm currently trying another option of getting to the internet now... will post again in a while... was just hoping someone may be able to tell me something that would help me getting started in correcting this problem.

Thanks in advance for any help.
 

A:Task Manager Disabled - Zebra Virus?

This will fit on a floppy

Click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
Scroll down to the download section

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 2 answers
RELEVANCY SCORE 80

Hello,

Got a virus that disabled regedit and task manager. users/tyler/appdata/roaming/OvVb4FSsCcpW.exe is what keeps attempting to make changes to my computer. I can provide a hijackthis log if necessarry.

Thanks.

A:Task Manager and Regedit disabled by virus

Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make ... Read more

Read other 3 answers
RELEVANCY SCORE 80

Help please...Errors/Problems:"Task Manager has been disabled by your administrator"Desktop background replaced with "Warning! Spyware threat has been detected on your..."Pop-up from task bar "Your Computer is not protected" or "warning your computer is infected"LoadLibrary Manager ErrorSysrlb32.exeTried:Adaware (ran twice)Spybot (ran twice)Housecall Anti VirusMcAfee AVERT StingerSmitfraudfixLog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:44 AM, on 10/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files�... Read more

A:Virus Infected, Task Manager Disabled, Etc.

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 79.6

Hello, i'm new to this site, so if i say something stupid please be understanding.
(i'm running vista to clarify)

I had a while ago gotten a virus which would play sounds randomly, and i was able to temporarily fix it by going to task manager and killing the process. after a while the virus stopped bugging me (i guess the antivirus software caught the culprit.)

recently i downloaded an installer, and it happened again. this time i hit ctrl alt del, and task manager had been removed from the list. i tried accessing it through control panel and it told me it had been blocked by the administrator (me) i then looked up how to re-enable it, and went to run REGEDIT and that was blocked too. i've tried several scripts to re-enable regedit, all to no avail.

whenever the sound stops playing i get a message saying:
"Host Process for Windows Services stopped working and was closed

A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

i also found these 2 files in system configuration: BtwSrv (by Microsoft Corporation) and fastnetsrv Service (by Sigma Designs Inc)

I googled the second one, and found it to be a virus (yayy google!)
I am unsure about how to remove these, and i also found several remote applications which i would like to disable... help would be appreciated

McAfee identified a virus and removed it, however it keeps re-appearing

Detected: Artemis!F245638D7283 (Trojan),
Artemis... Read more

A:Random Sound Virus + Registry editor and task manager disabled by virus

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for malware removal assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 79.2

Hello,

I was just trying to run my task manager and it keeps giving me this error that it's been disabled by the administrator. Which of course I had nothing to do with. Then I looked at my start menu for the 'run' command and it's gone. I'm pretty sure my computer is infected. I attached my hijackthis log, cos I noticed it contained some suspicious material. And also a virus scan log from 03/30/2010

I also noticed that about 500mb are missing from my C drive.

I'm now running a complete virus scan with ESET NOD32 program.

A:Virus disabled my task manager and ate my disk space! Please help!

Hi there,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Read other 2 answers
RELEVANCY SCORE 79.2

I have windows xp computer, with 512 ram.

I think my computer is infected with a virus that boots itself up after every restart, even if I already eliminated it (or so it seems).

Task manager gets disabled, won't let me run HJT. Have disinfected with Malwarebytes, Dr. Web, and Spybot S&D. The first two always find comine.exe, and Spytbot finds Hugipon-something.

Sometimes the screen will go blank except for a small window in the upper left corner that says something about finding personalized configuration for comine.exe. Have had this problem for over a week now, and I haven't been able to get rid of it completely, because it always seems to come back.

Would appreciate any help with this, as it's driving me nuts.
 

Read other answers
RELEVANCY SCORE 79.2

I brought my friend's pendrive when i opened it i saw a autorun.ini and i suddenly removed the pendrive .And when i press Ctrl + Alt +Del my taskmanger was gone it has been disabled by the administrater and same with regedit .I tried The Gpedit.msc method and it just enabled the taskmanager for 2 or 3 seconds after that again it showed problem.I scan my computer with AVG 8 latest It showed a lot of TANATO.M Virus in almost every exe of my games ,softwares and even system files,I deleted many files through AVG and then i uninstalled AVG becasue i wont let me open any thing .PLEASE HELP i also cant copy and paste any files as it freezes my COmputer

HERE IS MY HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:35 PM, on 6/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\syst... Read more

Read other answers
RELEVANCY SCORE 79.2

Hi,

Since my computer has been infected by some virus it goes so slowly and i have some function disabled loke reg edit and task manager...

Can i receive some help?

TNX a lot!

Alexej.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Alexej at 20:35:55.28 on 2009-11-08
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.3070.2554 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE20-534A-7C92-A010-1600080015C0}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
D:\Programmi\Java\jre6\bin\jusched.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Programmi\... Read more

A:INFECTED WITH SEVERAL VIRUS, task manager- regedit disabled

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

Here's my HJT logfile. I've done what I know so far, and before I start picking at my system files one at a time, I'd like to know if anyone here can help.


Logfile of HijackThis v1.99.1
Scan saved at 9:41:59 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Downloa... Read more

A:Regedit/Task Manager/gpedit disabled. Possible virus. Help

Hello Karma Walker and welcome to TSF,

Please--do not go picking away at your system files one by one.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

******************************************

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on " Recommended actions" and then select " Quarantine".
Under "Reports"Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

------------

Please download Brute Force ... Read more

Read other 4 answers
RELEVANCY SCORE 78.4

I was on my computer when suddenly a "Anti Virus" program popped up saying my computer was infected. It was running some type of scan and was using the name Microsoft. It didn't look real, so I closed it. Then I tried to run my McAfee and a popup came up saying that it couldn't run, along with my Malwarebytes. I had recently gotten and Ipod and I was downloading (illegally :[) music from Jamglue. Then more popups came up saying my system was infected expect these were red as opposed to the original white "Anti Virus" one. The "Anti Virus" one had a little shield in the right hand corner of my screen on the toolbar. I then did a system restore after my computer wouldn't let me access the Task Manager. Upon doing a System Restore, I tried to upload my webcam it it said

"E:\Redist\MSI31\ProdEnum.exe" and "E:\\Setup\Setup.exe"

I then did a combofix and have redownloaded Malwarebytes and installed McAfee. I ran scans with both, and both said nothing.

I think I have been infected with "Vundo" or something before this.

Help is much appreciated. Thank You!

Read other answers
RELEVANCY SCORE 78.4

Basically, my cousin tried downloading these fake facebook password crackers and they had viruses. Now If i try to system restore, it fails because the file (C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHA0922H\all[2].js)
can't be extracted.
Furthermore I can't access such a file.
I tried using HJT and i have the log which i will leave at the end.
When i try to access task manager it says it has been disabled by the administrator. Same with Registry Editor. Also, When i try to access safe mode, I can't select safe mode or any other option and the timer just runs out and the computer starts up normally. Can anyone help me?
Here's the log by the way.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:12 PM, on 7/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Users\Chris\Downloads\HijackThis.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.... Read more

A:Virus disabled Task Manager, Regedit, and Safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409028 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 2 answers
RELEVANCY SCORE 78.4

Hi!

I'm new and apologize if this question has been answered already. I tried to search the forum but got confused.

Anyway, I've got Windows XP:
- When I try to open the Task Manager I get the message "Task Manager has been disabled by your administrator".
- The Run command (and the Turn off computer button) has disappeared from my Start menu, and when I try Window+R I get "This operation has been cancelled due to restrictions in effect on this computer."

I've tried to clean up by removing all Temporary internet files. I've run AVG Anti-Virus which found one virus. I've run AVG Anti-Spyware and removed all threats. But I still can't use the Task Manager or the Run command.

There is another account on this computer (both has administrative rights), which has no problems. And from that I can create a new account, also without any problems. So... should I just delete this account and that will remove the problem?

I also have a Hijack log if you'd like to see it...

Grateful for help,
Marina
 

A:Virus problems: task manager disabled, operation restrictions

Read other 7 answers
RELEVANCY SCORE 78.4

I am not sure of the name of the virus, I know that it initially was a process called SCVHost.exe, trying to impersonate SVCHost.exe. My log is as follows

Logfile of HijackThis v1.99.1
Scan saved at 7:22:10 AM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsch... Read more

Read other answers
RELEVANCY SCORE 78.4

when i click ctrl+alt+del it says task manager has been disabled by your administrator

my start menu has become empty.. the programs link itself has disappeared.. when i open 'my computer' i cannot see the 'c' or 'd' drives... 'e' and 'f' drives are visible

i also get annoying pop-ups all the time.. the pop says "windows security alert... windows has detected spyware and malware.. etc etc "
and another comes near task bar " system has detected virus activities etc.. please use recommended antispyware program"
and another pop up saying "spyware alert.. worm.win32netbooster detected on your machine etc etc"

i have 3 new internet shortcuts on my desktop.. they are error cleaner, privacy protector and spyware and malware protector..

and one more thing .. there is a message "VIRUS ALERT" right next to my system time..

my internet is slow as well and keeps disconnecting

please help

A:Virus Attack! Task Manager Has Been Disabled.. C And D Drives Not Visible

When a computer is this infected, it's best if we know what operating system you have and what anti-malware programs are already installed, so we can try to help you get control back.See if you can install MBAM and start the processhttp://www.bleepingcomputer.com/forums/ind...mp;#entry811062

Read other 6 answers
RELEVANCY SCORE 78.4

Hello all. I recently got hit with a virus, I was able to remove it by logging in to safe mode and then using system restore to restore back to a recent point. I am running Vista Ultimate x64 by the way. As stated in the title, taskmgr and regedit have been disabled by the administrator, and there's probably more where that came from. The virus is most likely not present on the computer anymore since I scanned it, however still a slight chance that it may be under the radar. Also, my applications seem to turn off for no reason whatsoever, which is unprecedented and probably caused by the virus - it happens after about 10 minutes or so, but it really is just random. It makes it hard to download large files since they just shut off.I created a HiJackThis log yesterday, here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:50:02 PM, on 1/18/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Users\U1895~1.OFA\AppData\Local\Temp\seqxo.exeC:\Users\U1895~1.OFA\AppData\Local\Temp\winkacbd.exeC:\Users\U1895~1.OFA\AppData\Local\Temp\winmnplst.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Micr... Read more

A:task manager and redegit "disabled by administrator" and more - virus aftermath

Hello agtownzWelcome to BleepingComputer ========================Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.===========================================Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Under Additional Scans click the checkboxes in front of the following items to select them:
File - Lop check
File - Purity Scan
Under Basic scans:
Rootkit Search -YesDo not change any... Read more

Read other 1 answers
RELEVANCY SCORE 77.6

Hi,
I am using Windows XP Home. My Laptop is infected by Virus. So when i try to access task Manager it is saying, Task Manager is disabled by administrator even though i have admin Privilages. I went through several forums and found i can enable it by Regedit. But when i try to oepn regedit again it is also saying Regedit has been disabled by Administrator. I am not able to see the folder options also.I think all these are due to virus.When i scan my computer using Trend Micro Pc-cillin i found a virus which is not fixed by that software. Name is "WORM SOHANAD.DW" and the software is saying manually delete the file which is located in the folloing path

"c:\windows\system32\scvshosts.exe" But i could not able to delete the file .So could you please let me know how shoul i get rid off the virus and how to enable my Task Manager, Regedit and Folder ootions.

Quick help is appreciated. I am suffering and trying all possible solutions for past one week. But no success.

Thanks
Naga Kumar

A:Restore Task Manager, Regedit and Folder Options Disabled by Virus

Hi dasariraja and welcome to TSF !

First thing is to get rid of the virus, then we'll provide you with the steps needed to restore your missing options.

Please follow the "HJT - 5 steps against malware" link in my sig. Read the instructions there very carefully. If there's some step that you can't take just skip it and post your final logs in a new thread in the HijackThis section. Our security analysts will review them and get back to you. Please be patient as that section is usually very busy.

If you can't access the control panel for the first step, try running appwiz.cpl from start => run to access the add/remove programs utility.

Read other 1 answers
RELEVANCY SCORE 77.6

Who ever can help me I'm really frustrated. I have a trojan I think, but I can't seem find anything that can help me clean this thing up. I've killed many viruses going the regedit route before, but only if I've been able to get information on what course to take. I'm not an Einstein, but I can fix this if anyone can give me a clue as to what is going on.
 

A:I think a virus has disabled my Task Manager, Norton Internet Security, and Anti-Vir

Read other 9 answers
RELEVANCY SCORE 77.6

Hi,I have just bought a new laptop a few days ago with Vista Home Premium installed and noticed I cannot open Task Manager - it is greyed out when I right-click on the bottom windows bar or it says I don't have admin permissions to open it if I run 'taskmgr' in desktop search, but I am the admin account on the machine. So I installed AVG free 8.5 and ran it and it found the Win32/Tanatos virus infection on my new pc - it listed it once and did not find anything else other than this. So AVG quarantined the virus for me. Then I ran AVG in safe mode again to make sure and it did not find it again so it looks as if the virus is gone. However I am still unable to access the Task Manager so I fear the pc may still be infected?Background:For the first 2 days no antivirus was installed on the computer but it had an internet connection active and I had surfed the internet. I had also copied all my .dbx outlook express files to my new laptop from my old laptop via an external harddisk flash drive around the time this virus happened, but a scan of my old laptop since using CA Antivirus 09 Paid Verison does not find anything and shows the old laptop as clean. (I have not yet scanned the external harddisk flash drive).I read this thread with interest: http://www.bleepingcomputer.com/forums/t/177279/please-help-infected-with-win32heur-and-win32tanatosm/ and noticed it mentions utorrent. I had also downloaded an .exe utorrent file but did not execute it (I stupidly thought I might install i... Read more

A:Win32/Tanatos Virus causing disabled Task Manager on Vista

Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

Read other 16 answers
RELEVANCY SCORE 77.6

hi guys..

I have this problem for days now and it's really making me go crazy.
these are the symptoms:

- task manager and registry disabled.
- safe mode disabled. I can't get to safe mode. It always restarts whenever I do it.
- I noticed that every anti-virus and anti malware tool i use starts at first. but the next time you're gonna use it, it won't start anymore.. it says that the file is corrupt or system error, etc.

I do hope you could help me out with this because i don't wanna reformat my hard drive again.. T_T

oh and by the way, these are the tools i used during my attempt to cleanse my pc:
hijack this
Cure it
Combo fix
Trojan Remover
Process Explorer
fixdownadup.exe (symantec tool)
Anti Downadup (bitdefender tool)

None of it worked. Probably because I can't run get in to safe mode and run it there..

Oh, and by the way, i found a file here in a flash drive which is attached to this pc.. i opened up the autorun.inf in notepad and this is what i found:

[AutoRun]
;SfOnphibvqt NXpbX vwjt
;xKPxfAGc sIgHQVhEtwbeUoJG
Open =bjlyg.pif
;ljVjTi QlnUjlebHfdKyT YEsuoSmcgXpmQmibHw rwkckiyxpT cyrEj wQmnfv
shelL\oPEN\DEFAuLt=1
;unEJEqEnTcngeeEAY
shell\opEN\cOmmANd = bjlyg.pif
;
Shell\ExploRe\CoMmand = bjlyg.pif
shEll\AUTOPlay\COMmaND=bjlyg.pif

This is the worst virus i've encountered so far and any help would be very, very much appreciated. ^_^

A:need help identifying this virus.. disabled task manager, registry and SAFE MODE

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


A Reminder....

As seen in Post #2 of our sticky topic 'NEW INSTRUCTIONS Read this Before Posting For Malware Removal Help'

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

I believe I have a virus, but have no clue how to stop it. Today I put a SD card in my computer's card reader, but it never read the card. I clicked the drive it was supposed to be in and my computer froze. Ctrl Alt Del didn't work, so I restarted my computer manually. The computer's start up took around 20 minutes to complete. I tried opening AVG Anti Virus Free but it won't open. My computer's firewall was shut off, and it wouldn't even let me access the firewall's settings. Mal Ware Bites and SUPERAntiSpyware Free do actually open, but I am unable to update the definitions. When I try updating definitions, Mal Ware Freezes and won't close, and SUPERAntiSpyware Free tells me it can't close because "it is locked in the system". Please help me out.

A:super slow xp start up, disabled firewall, won't open AVG, task manager, etc. virus?

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You migh like to run the following tool on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 75.2

Since about 5 minutes after going online today two copies of this process have appeared in task manager. I've had it happen before and i had some severe trouble with my computer a while later. The file is digitally signed by avg and it lurks somewhere within c:\users\myusername\appdata\roaming . there is also another copy of it within c\:programdata\ this second copy is the one which is mentioend in shceduled tasks, the first copy is the one which is running right now and set for startup. It also made two scheduled tasks (as seen through ccleaner's list of startups and scheduled tasks) one which runs it at startup, one which delete it from the system but that second one isn't set to run until 6th december. I don't think it's malicious but it is certainly weird, and when it first started (about five minutes after logging on and connecting to the internet via ethernet cable) i was checking my emails via google chrome (i use chrome to visit gmail and bbc sites, firefox for all other browsing) and the coloured border round the browser flickered and flashed a bit. It was the flickering and flashing that made me think "better check task manager" and hence i saw these two processes had popped up. It's a bit weird and i would like some advice on whether i should be concerned, the flashing and flickering creeped me out a little but i know this file is digitally signed and i have seen it happen before (i did several rounds of system restoring and reinstalling of programs between then a... Read more

A:Avg-Secure -Search-Update_1114av.exe has appeared in task manager

AVG Security Toolbar and AVG Secure Search (created by the makers of AVG Anti-virus) are optional add-ons when installing their anti-virus product if you choose "Customized" install instead of "Express". Since most folks choose an Express install they usually are not aware these options are also being installed as they are pre-checked by default during installation. Some users have also reported that after AVG auto-updates, it will install the toolbar as a browser add-on without input from the user.AVG Security Toolbar and AVG Secure Search are also commonly bundled as an option with other free software users may download and install. Many folks overlook that option since it is pre-checked by default and they unknowingly install it. For example, the toolbar is bundled with PDFCreator.So even if you decline the option to use these add-ons when installing AVG anti-virus, you may still end up finding them on your system some point after an AVG update or by unknowingly downloading and installing another program where they have been bundled. This also explains how those who never used AVG anti-virus also sometimes find AVG Secure Search and the Security Toolbar installed. Be careful what you download and read everything during the installation.How To Disable AVG Secure Search Provider In BrowsersHow to uninstall AVG Secure Search in Firefox, Internet Explorer and ChromeHow To Disable AVG Search From New TabHow to remove AVG Toolbar, Homepage and Secure Search from your browser wit... Read more

Read other 11 answers
RELEVANCY SCORE 73.6

hi, this is the tenth time i have tried to post this as my computer keeps freezing up.

The problem started when i logged onto my PC the other day. before i logged onto my user account a "googleupdate.exe" application error box appeared. when i got onto my account a black box appeared on the screen briefly aswell as a message saying something about "personalising DCOM service ( i disabled DCOM service when i seen the message"). i connected to the internet and went to google. everything was normal up until i clicked on a search result, which opened up a new tab with a completely irrelevant page such as myspace or britannia search. I then noticed that my Mcafee total protection 2009 had been disabled and would not re-open. i was not able to open any anti-malware programs, aswell as HJT. sometimes the screen will just go black, forcing me to restart. task manager and regedit are also disabled by admin ( i am the administrator). IE also tries to open on its own occasionally.

******************************************************************************************************************
here is my DDS report:
DDS (Ver_09-05-14.01) - NTFSx86 MINIMAL
Run by grant at 15:30:45.98 on Tue 06/09/2009
Internet Explorer: 6.0.2900.2180
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============
... Read more

A:anti-malware disabled, search engine redirect, task manager disabled

Hi granty17,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.In case the malware prevented installing or running Malwarebytes, don't spend much time on it and let me know quickly.Please download Malwarebytes' Anti-Malware from one of these locations:malwarebytes.orgmajorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart ... Read more

Read other 13 answers
RELEVANCY SCORE 73.6

I've been searching all over the interwebs and have found several tips on how to fix the task manager and regedit, but nothing has worked so far. I CAN enable them, but they just get disabled again after a few seconds. I've had this problem for a few months now. I'm not sure how it started, because I was away at college, and then I came back to my PC being all messed up.More recently, I came back home again yesterday, and now, right-clicking folders CRASHES MY COMPUTER! What the hell! I searched Google and found a few webpages about the problem but haven't really found anything that seems... relevant. One site talks about DivX, another talks about some windows update... I dunno. I haven't really tried to fix this problem yet, but I'm sure it's unrelated to my other ones. Besides, it doesn't seem like I can fix it without regedit and my task manager anyway.Someone on another forum told me to run ComboFix so I did, but I dunno what to do with the info it searched up, so I'll just post it here.ComboFix 09-05-24.01 - Jefferson Lam 05/24/2009 13:39.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1537 [GMT -7:00]Running from: c:\documents and settings\Jefferson Lam\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))... Read more

A:Task manager disabled, regedit disabled, and right clicking folders crashes explorer.exe

Hello somedumbgamer,Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.Regards, The weatherman

Read other 1 answers
RELEVANCY SCORE 73.6

I was having a problem with the message "Windows Security Alert Warning! Potential Spyware Operation!" popping up. I found this forum in an online search and followed the instructions to download "Super anti spyware". I followed the instructions and did the scan and that particular problem seemed to be fixed.

But now I have no control panel. If I press "contrl-alt-delete" it tells me that the "tast manager has been disabled by the administrator" and if I try to go to "add/remove programs" it tells me that "this problem has been cancelled due to restrictions in effect on this comptuer".

So evidently I didn't get rid of all of the problem. What else can I do to fix this? Thank you in advance for your help.
 

A:Add Remove Programs Disabled, No Control panel, Task Manager Disabled

Read other 11 answers