Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Regedit and Taskmgr "Disabled by Administrator" [Solved]


  • This topic is locked This topic is locked

#31
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Still locked out.


ComboFix 13-02-24.01 - Administrador 25/02/2013 14:57:45.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.958.600 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\csrss.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 17:47 . 2013-02-25 17:47 133430 ----a-w- c:\windows\system32\rundat.exe
2013-02-25 17:40 . 2013-02-25 17:40 108342 ----a-w- c:\windows\goxobx.exe
2013-02-25 17:34 . 2013-02-25 17:34 -------- d-----w- C:\_OTL
2013-02-25 16:50 . 2013-02-25 17:48 1088822 ----a-w- c:\windows\sys.exe
2013-02-25 06:04 . 2008-04-14 07:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-02-25 06:02 . 2008-04-14 10:48 32768 ------w- c:\windows\system32\asr_pfu.exe
2013-02-25 06:02 . 2008-04-14 10:48 10752 ------w- c:\windows\system32\smtpapi.dll
2013-02-25 06:02 . 2008-04-14 10:48 9728 ------w- c:\windows\system32\rwnh.dll
2013-02-25 06:02 . 2008-04-14 10:48 1306624 ------w- c:\windows\system32\dllcache\msxml6.dll
2013-02-25 06:02 . 2008-04-14 10:47 103424 ------w- c:\windows\system32\dllcache\dpcdll.dll
2013-02-25 06:02 . 2008-04-14 10:25 90624 ------w- c:\windows\system32\dllcache\msxml6r.dll
2013-02-25 06:02 . 2008-04-14 03:15 46592 ------w- c:\windows\system32\drivers\irbus.sys
2013-02-25 06:02 . 2008-04-14 03:13 9728 ------w- c:\windows\system32\comsdupd.exe
2013-02-25 06:00 . 2013-02-25 06:02 -------- d-----w- c:\windows\ServicePackFiles
2013-02-25 05:58 . 2006-12-29 03:31 19569 ----a-w- c:\windows\000001_.tmp
2013-02-25 05:58 . 2013-02-25 06:02 -------- d-----w- c:\windows\EHome
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\wbem\snmp
2013-02-25 04:00 . 2013-02-25 06:01 -------- d-----w- c:\windows\system32\oobe
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\xircom
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\srchasst
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\msagent
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\archivos de programa\microsoft frontpage
2013-02-25 03:16 . 2013-02-25 17:48 108342 ----a-w- c:\windows\java.exe
2013-02-23 03:46 . 2013-02-23 03:46 -------- d-----w- c:\archivos de programa\Disk Heal
2013-02-23 00:37 . 2013-02-23 00:37 880640 ----a-w- c:\windows\system32\safari.exe
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2013-02-22 04:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 04:24 . 2013-02-22 04:24 -------- d-----w- c:\archivos de programa\Defraggler
2013-02-22 04:12 . 2001-08-22 18:34 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 04:02 . 2008-04-14 02:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[7] 2008-04-14 . 85B88C504D1527978F1C2FBE6A41E799 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[7] 2008-04-14 . A9A84CFC20D5F4C609E9CBF9491B8DF6 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[7] 2008-04-14 . 12CE2CACCF25D99944CA69F6A3A83441 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SarbyxTrayClock"="c:\archivos de programa\SarbyxTrayClock\trayclock.exe" [2006-10-19 60928]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"AVG_TRAY"="c:\archivos de programa\AVG\AVG2012\avgtray.exe" [2012-01-24 2490208]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 921536]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Dnscache"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgtray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"=
"c:\\Archivos de programa\\SarbyxTrayClock\\trayclock.exe"=
"c:\\Archivos de programa\\WinZip\\WZQKPICK32.EXE"=
"c:\\WINDOWS\\System32\\cmd.exe"= c:\\WINDOWS\\system32\\cmd.exe
"c:\\Archivos de programa\\Microsoft Application Virtualization Client\\sftlist.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE"=
"c:\\Archivos de programa\\Archivos comunes\\Java\\Java Update\\jusched.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\1.3.21.135\\GoogleCrashHandler.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\inf\\unregmp2.exe"=
"c:\\WINDOWS\\system32\\safari.exe"=
"c:\\Archivos de programa\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3020:TCP"= 3020:TCP:cevoqtg
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [10/07/2011 21:14 23120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/03/2012 0:31 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 2:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/07/2011 21:14 295248]
R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2012\avgwdsvc.exe [02/08/2011 2:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [27/02/2010 21:33 899488]
R2 MBAMScheduler;MBAMScheduler;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/02/2013 1:30 398184]
R2 sftlist;Application Virtualization Client;c:\archivos de programa\Microsoft Application Virtualization Client\sftlist.exe [02/12/2009 17:23 553320]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [22/06/2007 8:36 229592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2013 1:30 21104]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 17:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 17:23 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 17:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 17:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe [02/12/2009 17:23 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 2:25 4502880]
S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2013 1:30 756072]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [10/07/2011 21:14 134608]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/07/2011 21:14 24272]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 2:21 16720]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 2:30 32592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kkwebzkt
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.75.0.4 200.75.25.224
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-cpjksvxxyviutjyixjx - (null)\cpjksvxxyviutjyixjx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\system32\rundat.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\safari.exe
.
**************************************************************************
.
Completion time: 2013-02-25 15:05:47 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-25 18:05
ComboFix2.txt 2013-02-25 08:16
.
Pre-Run: 60.175.196.160 bytes libres
Post-Run: 60.120.944.640 bytes libres
.
- - End Of File - - 1E65748748B60601FBAF824A222B32AD
  • 0

Advertisements


#32
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Internet working very iffy now, getting a lot of 104 error on Chrome.
  • 0

#33
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello XXX


Lets see if this will run now.

Dr.Web CureIt

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply .

Gringo
  • 0

#34
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
"Hijack this" log? I don't think you have told me to download nothing with that name.
  • 0

#35
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
skip that I didn't see that in there


gringo
  • 0

#36
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
having a lot of problems with internet now, trying to download the program just opens up an empty tab and most sites I try to open turn up as errors,mostly 104.
  • 0

#37
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Download Windows Repair (all in one) from here.

Install the program then run



Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode

After that come back and tell me if that has made a difference.

Gringo
  • 0

#38
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
finally managed to get drwebcureit downloaded, but as soon as I run it, it immedately closes =(
  • 0

#39
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
OK try and run windows repair all


I don't like the way that this one is going - to be on the safe side I would back up anything that cannot be replaced
  • 0

#40
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It requires the windows XP CD, which I don't have. =(
  • 0

Advertisements


#41
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I would like you to try and make a new user account and see if you still has problems - http://help.expedien..._profiles.shtml
  • 0

#42
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
created new user,problems persist.
  • 0

#43
DannieRay

DannieRay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Tried to start windows in safe mode, computer automatically reboots.
  • 0

#44
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello DannieRay



I have been going over the report a few times over the last few days and have not come up with anything new to try - considering the problems we keep having I think it would be best to go ahead and reload windows



gringo
  • 0

#45
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP