[Retobezz]

I can't run Windows Task Manager.
I tried ctrl+alt+delete but it's not working.
I tried system restore and still nothing happened.

My computer runs normal but I can't open some programs sometimes.

I've scan it through my anti-virus and it says no virus detected.

And additional to my problem Security Update for Windows XP (KB2481109)cannot be installed.
I tried to install it manually and it says. I lack prerequisites on c:\windows\KB2481109.log

I'll attach KB2481109.log for you to see.
Hope that you'll save my laptop from all this problems.

Attached Files

•  KB2481109.log   33.54KB   297 downloads

[Advertisements]

Hi Retobezz,

My name is Salagubang and welcome to Geekstogo.

Sorry for the delay. Do you still need assistance fixing your machine?

[Salagubang]

Hi Retobezz,

My name is Salagubang and welcome to Geekstogo.

Sorry for the delay. Do you still need assistance fixing your machine?

[Retobezz]

Yes, I do need assistance for my computer.

The update has been fixed and the only problem left

is

I can't run task manager.

Hope you could help me with this one.

[Salagubang]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply

[Retobezz]

Hello Sal,

Sorry for the late reply. The program OTL is not responding after 10 mins. when I run the quick scan.
It's stuck when it comes to scan the DOS folder.

[Salagubang]

Lets try this one.

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[Retobezz]

Hi Sal!

Haven't logged in my computer for few days.
But I'm back.

I've done what you've said on the 2nd program.
I also got the log file attached.

Attached Files

•  log.txt   19.11KB   125 downloads

[Salagubang]

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.



Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

[Retobezz]

It really did took time for me to finish the scan.

But hey! I did got everything done.

And files all attached.

Attached Files

•  mbam-log-2011-06-13 (02-42-55).txt   1.2KB   103 downloads
•  report.txt   3.38KB   130 downloads
•  avptool_sysinfo.zip   24.8KB   97 downloads

[Salagubang]

That took care some of the nasties. I still see unusual entries in the log that needs further investigating. Hold on in there.


Step One

• Re-run AVPTool
• Select the Manual Disinfection tab
• Where it states Step 3 paste in the following disinfection script and press execute
  
  

  begin
  SetAVZPMStatus(True);
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
   QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{9A2D4FCD-F085-43E1-8E8F-82E1F1C48945}\Downloadexe.exe','');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

• Your system will reboot on completion, if it does not please do so yourself
• On completion please run another analysis scan and attach the zip file

Step Two

• Download aswMBR.exe ( 511KB ) to your desktop.
• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
  
• Click Save log button and Save the aswMBR.log to the desktop
• Post content of that log here for me

Step Three

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply

How is the computer running?

[Retobezz]

My computer seems to be running better this time, thanks to you.

done everything you've said.

and I got all files saved.

and yey! I got my task manager back.

Attached Files

•  aswMBR.txt   1.44KB   102 downloads
•  OTL.Txt   112.51KB   154 downloads
•  2nd scan.txt   4.16KB   171 downloads
•  Extras.Txt   48.82KB   166 downloads

[Salagubang]

One more, we're nearly done.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\4777890.sys -- (setup_9.0.0.722_13.06.2011_04-52drv)
  DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\47778901.sys -- (47778901)
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buzqo.com/?cfg=2-401-0-...
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZLfox000&ptb=0bLhYblNtmH_G9KKLuVUpw
  FF - prefs.js..browser.search.defaultthis.engineName: "Softonic English Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
  FF - prefs.js..browser.search.selectedEngine: "Ask"
  FF - prefs.js..browser.startup.homepage: "http://www.buzqo.com/?cfg=2-401-0-..."
  [2011/03/27 05:12:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\extensions\[email protected]
  [2011/05/10 09:14:43 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\searchplugins\ask.uk.xml
  [2010/01/20 12:14:44 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\searchplugins\conduit.xml
  [2010/11/22 10:08:32 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\searchplugins\mywebsearch.xml
  [2011/05/24 06:32:09 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
  [2011/03/27 05:11:37 | 000,000,000 | ---D | M] (Softonic English Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
  [2011/03/27 05:12:16 | 000,000,000 | ---D | M] (Online Radio India Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\extensions\{952d8189-ea25-431b-8ed6-7758dcc933d1}
  [2011/03/27 05:12:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nb5smtyq.default\extensions\[email protected]
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Plants vs. Zombies\pvz\setup\PlantsVsZombiesSetup-en.exe/license.exe/alg.exe
  C:\Program Files\Plants vs. Zombies\Plants vs Zombies\license.exe/alg.exe
  C:\Program Files\Plants vs. Zombies\pvz\Plants.vs.Zombies.v1.2.0.1065-EMBER.rar/setup/PlantsVsZombiesSetup-en.exe/license.exe/alg.exe
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Retobezz]

I got 2 files as log.

Attached Files

•  06142011_073937.log   17.38KB   96 downloads
•  OTL.Txt   99.87KB   101 downloads

[Salagubang]

Congratulations, the machine is clean.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix

• Click the Start button
• Click Run...
• Type Combofix /Uninstall in the run dialog box and click OK

Remove Other Tools

• Download OTC to your desktop and run it
• Click CleanUp! to begin the cleanup process and remove our tools, including this application
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Clean Temporary Files

• Download TFC to your desktop
• Open the file and close any other windows
• It will close all programs itself when run - make sure to let it run uninterrupted
• Click the Start button to begin the process - the program should not take long to finish its job
• Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:

• Go to Tools (drop-down menu at the top of the window)
• Go down and click Folder Options
• Click on the View tab
• Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
• Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
• Click Apply, and then Ok at the bottom.
• Close the window

And oh, don't forget to take care of the dodgy plantz vs zombie game - parts of it are being flagged by the antivirus as bad.


++++++++++++++++++++++++++++++++++++


Below are links to several programs that will help protect your computer.

Anti-Spyware
I recommend downloading and installing any of the following applications.

• SpywareBlaster keeps spyware from installing on your system - read the tutorial here
• SpywareGuard protects your browser and computer in real time - read the tutorial here
• SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here

++++++++++++++++++++++++++++++++++++

Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

• Windows Update (2000/XP) or Windows Update (Vista)
• Java
• Adobe Reader
• Adobe Flash Player

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.

• Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
• ERUNT (Emergency Recovery Utility NT) - a registry backup utility
• Cobian Backup - a very good backup utility - read the tutorial here
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there!

[Retobezz]

Thank you!

I'll donate some other time.

You helped me a lot!