Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot access task manager and regedit


  • This topic is locked This topic is locked
3 replies to this topic

#1 irbat

irbat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 02 April 2010 - 09:17 PM

Hello,

As I couldnot access task manager and the programs did not start properly on my laptop (XP Home Edition Service Pack 3), I decided to format it but after I had transferred my files to another laptop via lan, this recenty formatted working one (Windows Vista Home Premium Service Pack 2) started to behave like the previous one. I cannot access task manager, also the programs run slow. What should I do now?

I have downloaded Combofix, Hijack this, mbam, spybot and SuperAntiSpyware desperately, in the hope that one of them will solve the problem but nothing changed after I scanned both of the computers with them. (I also get a blue screen while I try to scan the computer with XP via combofix)

Thank you in advance for the answers which may help me to get rid of this problem.







Edited by irbat, 02 April 2010 - 09:54 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 irbat

irbat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 03 April 2010 - 02:32 AM

QUOTE
Hello,

As I couldnot access task manager and the programs did not start properly on my laptop (XP Home Edition Service Pack 3), I decided to format it but after I had transferred my files to another laptop via lan, this recenty formatted working one (Windows Vista Home Premium Service Pack 2) started to behave like the previous one. I cannot access task manager, also the programs run slow. What should I do now?

I have downloaded Combofix, Hijack this, mbam, spybot and SuperAntiSpyware desperately, in the hope that one of them will solve the problem but nothing changed after I scanned both of the computers with them. (I also get a blue screen while I try to scan the computer with XP via combofix)

Thank you in advance for the answers which may help me to get rid of this problem.




Hello again,

As I had no replies for my previous post and my problem still exists, I went on searching forum looking for how to enable my task manager and I have succeed using one of the programs from the recommended sites here. But the my blue screen problem BAD_POOL_HEADER (on XP) and slow working (XP & Vista) continued, then I searched for viruses on both of them and I have these logs.

for xp;

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2010 8:56:34 AM
mbam-log-2010-04-03 (08-56-34).txt

Scan type: Quick scan
Objects scanned: 67415
Time elapsed: 48 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Knidos \Local Settings\Temp\esekka.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\fiid.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\kuvnl.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\sqglha.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\wingchsyx.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\winihvc.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\winixcc.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\winqjedqr.exe (Worm.Spambot) -> Delete on reboot.
C:\Documents and Settings\Knidos \Local Settings\Temp\winwoemvu.exe (Worm.Spambot) -> Delete on reboot.




and for Vista;

ComboFix 10-04-01.02 - irbat 03.04.2010 3:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1033.18.1917.940 [GMT 3:00]
Running from: c:\users\irbat\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 01:06 . 2010-04-03 01:06 -------- d-----w- c:\users\irbat\AppData\Local\temp
2010-04-03 01:06 . 2010-04-03 01:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-03 01:06 . 2010-04-03 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-02 23:40 . 2010-04-02 23:40 52224 ----a-w- c:\users\irbat\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-02 23:40 . 2010-04-02 23:40 117760 ----a-w- c:\users\irbat\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-02 23:39 . 2010-04-02 23:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-02 23:39 . 2010-04-02 23:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 23:39 . 2010-04-02 23:39 -------- d-----w- c:\users\irbat\AppData\Roaming\SUPERAntiSpyware.com
2010-04-02 23:39 . 2010-04-02 23:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-02 23:37 . 2010-04-02 23:37 388096 ----a-r- c:\users\irbat\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 23:37 . 2010-04-02 23:37 -------- d-----w- c:\program files\TrendMicro
2010-04-02 21:58 . 2010-04-02 21:59 -------- d-----w- c:\users\irbat\AppData\Roaming\uTorrent
2010-04-02 21:24 . 2010-02-25 08:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-02 21:24 . 2010-02-25 07:56 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-02 21:24 . 2010-02-25 07:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-02 21:24 . 2010-04-02 21:24 -------- d-----w- c:\users\irbat\AppData\Roaming\TuneUp Software
2010-04-02 21:24 . 2010-04-02 21:24 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-02 21:24 . 2010-04-02 21:25 -------- d-----w- c:\programdata\TuneUp Software
2010-04-02 16:01 . 2010-04-02 16:01 -------- d-----w- c:\program files\Synaptics
2010-04-02 15:30 . 2010-04-02 15:30 -------- d-----w- c:\windows\system32\ca-ES
2010-04-02 15:30 . 2010-04-02 15:30 -------- d-----w- c:\windows\system32\eu-ES
2010-04-02 15:30 . 2010-04-02 15:30 -------- d-----w- c:\windows\system32\vi-VN
2010-04-02 15:15 . 2010-04-02 15:15 -------- d-----w- c:\windows\system32\EventProviders
2010-04-02 14:49 . 2009-04-11 06:28 550400 ----a-w- c:\windows\system32\rpcss.dll
2010-04-02 14:48 . 2009-04-11 06:28 642560 ----a-w- c:\windows\system32\rasgcw.dll
2010-04-02 14:47 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-04-02 14:21 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-02 14:21 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-03-18 17:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-17 19:01 . 2010-03-17 19:01 -------- d-----w- C:\PerfLogs
2010-03-14 07:16 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-03-14 07:16 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-03-14 07:16 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll
2010-03-14 07:16 . 2008-01-19 07:37 1675264 ----a-w- c:\windows\system32\xpssvcs.dll
2010-03-14 07:16 . 2008-01-19 05:31 8322048 ----a-w- c:\windows\system32\spwizimg.dll
2010-03-14 07:14 . 2008-01-19 07:37 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-03-14 07:13 . 2008-01-19 07:37 72192 ----a-w- c:\windows\system32\wpclsp.dll
2010-03-14 07:12 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-03-14 07:12 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-03-14 07:12 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2010-03-13 23:32 . 2010-03-13 23:32 -------- d-----w- c:\users\irbat\AppData\Roaming\Media Player Classic
2010-03-13 21:57 . 2010-03-13 22:07 680 ----a-w- c:\users\irbat\AppData\Local\d3d9caps.dat
2010-03-13 12:25 . 2010-03-13 12:25 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-13 12:25 . 2010-03-13 12:25 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-13 12:21 . 2010-03-13 12:21 37888 ----a-w- c:\windows\system32\printcom.dll
2010-03-13 12:20 . 2010-03-13 12:20 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-03-13 12:19 . 2010-03-13 12:19 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-03-13 12:19 . 2010-03-13 12:19 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-03-13 12:16 . 2010-03-13 12:16 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-13 12:16 . 2010-03-13 12:16 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-13 01:31 . 2010-03-13 01:31 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-03-13 01:31 . 2010-03-13 01:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-03-13 01:31 . 2010-03-13 01:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-03-13 01:31 . 2010-03-13 01:31 23552 ----a-w- c:\windows\system32\lpk.dll
2010-03-13 01:31 . 2010-03-13 01:31 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-03-13 01:31 . 2010-03-13 01:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-03-13 01:26 . 2010-03-13 01:26 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-03-13 01:26 . 2010-03-13 01:26 272896 ----a-w- c:\windows\system32\polstore.dll
2010-03-13 01:24 . 2010-03-13 01:24 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-03-13 01:24 . 2010-03-13 01:24 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-13 01:20 . 2010-03-13 01:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-03-13 01:20 . 2010-03-13 01:20 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-03-13 01:20 . 2010-03-13 01:20 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-03-13 01:20 . 2010-03-13 01:20 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-03-13 01:20 . 2010-03-13 01:20 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-03-13 01:20 . 2010-03-13 01:20 17920 ----a-w- c:\windows\system32\netevent.dll
2010-03-13 01:20 . 2010-03-13 01:20 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-03-13 01:20 . 2010-03-13 01:20 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-03-13 01:20 . 2010-03-13 01:20 10240 ----a-w- c:\windows\system32\finger.exe
2010-03-13 01:17 . 2010-03-13 01:17 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-03-13 01:17 . 2010-03-13 01:17 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-03-13 01:17 . 2010-03-13 01:17 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-03-13 01:17 . 2010-03-13 01:17 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-03-13 01:17 . 2010-03-13 01:17 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-03-13 01:17 . 2010-03-13 01:17 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-03-13 01:15 . 2010-03-13 01:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-03-13 01:15 . 2010-03-13 01:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-03-13 01:15 . 2010-03-13 01:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-03-13 01:15 . 2010-03-13 01:15 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-03-13 01:14 . 2010-03-13 01:14 9728 ----a-w- c:\windows\system32\lsass.exe
2010-03-13 01:14 . 2010-03-13 01:14 72704 ----a-w- c:\windows\system32\secur32.dll
2010-03-13 01:14 . 2010-03-13 01:14 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-03-13 01:14 . 2010-03-13 01:14 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-03-13 01:14 . 2010-03-13 01:14 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-03-13 01:14 . 2010-03-13 01:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-03-13 01:13 . 2010-03-13 01:13 2868224 ----a-w- c:\windows\system32\mf.dll
2010-03-13 01:13 . 2010-03-13 01:13 98816 ----a-w- c:\windows\system32\mfps.dll
2010-03-13 01:13 . 2010-03-13 01:13 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-03-13 01:13 . 2010-03-13 01:13 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-03-13 01:13 . 2010-03-13 01:13 2048 ----a-w- c:\windows\system32\mferror.dll
2010-03-13 01:10 . 2010-03-13 01:10 71680 ----a-w- c:\windows\system32\atl.dll
2010-03-13 01:03 . 2010-03-13 01:03 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-03-13 01:02 . 2010-03-13 01:02 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-03-13 01:02 . 2010-03-13 01:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-03-13 01:02 . 2010-03-13 01:02 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-03-13 00:50 . 2010-03-13 00:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-13 00:50 . 2010-03-13 00:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-13 00:48 . 2010-03-13 00:48 623616 ----a-w- c:\windows\system32\localspl.dll
2010-03-13 00:44 . 2008-01-19 07:34 15872 ----a-w- c:\windows\system32\hcrstco.dll
2010-03-13 00:44 . 2006-11-02 09:46 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-03-13 00:40 . 2010-03-13 00:40 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-03-13 00:37 . 2010-03-13 00:37 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-03-13 00:36 . 2010-02-24 07:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-13 00:28 . 2010-03-13 00:28 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-13 00:28 . 2010-03-13 00:28 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-13 00:28 . 2010-03-13 00:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-13 00:28 . 2010-03-13 00:28 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-13 00:28 . 2010-03-13 00:28 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-13 00:28 . 2010-03-13 00:28 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-13 00:28 . 2010-03-13 00:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-13 00:28 . 2010-03-13 00:28 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-13 00:28 . 2010-03-13 00:28 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-13 00:11 . 2010-03-13 00:11 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-12 23:56 . 2010-03-12 23:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-12 23:56 . 2010-03-12 23:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-12 23:56 . 2010-03-12 23:56 1696768 ----a-w- c:\windows\system32\gameux.dll
2010-03-12 23:55 . 2010-03-12 23:55 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-03-12 23:54 . 2010-03-12 23:54 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-03-12 23:53 . 2010-03-12 23:53 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-03-12 23:53 . 2010-03-12 23:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 23:53 . 2010-03-12 23:53 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 23:53 . 2010-03-12 23:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 23:51 . 2010-03-12 23:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-03-12 23:51 . 2010-03-12 23:51 243712 ----a-w- c:\windows\system32\rastls.dll
2010-03-12 23:50 . 2010-03-12 23:50 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 16:01 . 2010-04-02 16:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-02 15:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-02 15:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-02 15:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-02 15:29 . 2010-04-02 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-17 18:50 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-03-17 18:50 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-13 23:32 . 2010-03-13 23:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-13 11:38 . 2010-03-12 20:02 61712 ----a-w- c:\users\irbat\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:32 . 2007-05-29 15:52 -------- d-----w- c:\programdata\Symantec
2010-03-13 00:40 . 2010-03-13 00:40 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-03-12 23:56 . 2010-03-12 23:56 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-03-12 23:56 . 2010-03-12 23:56 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-03-12 23:56 . 2010-03-12 23:56 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-03-12 23:56 . 2010-03-12 23:56 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-03-12 23:56 . 2010-03-12 23:56 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-03-12 21:52 . 2010-03-12 21:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2010-03-12 21:51 . 2010-03-12 21:51 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A210_05249-TE_PSAEGE-01M00.MRK
2010-03-12 20:26 . 2007-05-29 15:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 20:07 . 2007-05-29 15:33 -------- d-----w- c:\programdata\Toshiba
2010-03-12 20:07 . 2007-05-29 13:52 -------- d-----w- c:\program files\TOSHIBA
2010-03-12 20:07 . 2007-05-29 14:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 20:02 . 2010-03-12 20:02 -------- d-----w- c:\programdata\ToshibaEurope
2010-02-23 06:39 . 2010-04-02 14:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-02 14:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-02 14:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-02 14:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-02 18:00 . 2010-03-13 23:31 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2088688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 194680]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 507904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 167936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 249856]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1529128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 16:40 487424 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:e8,9b,11,48,7a,d2,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2155250528-4047382055-1890483447-1000]
"EnableNotificationsRef"=dword:00000001

R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
TCP: {6F285042-1985-49D0-91EA-8A682BA9F5A8} = 208.67.222.222,208.67.222.220
TCP: {8E55AA44-BCBE-41AB-B0FF-A6DE29BF465E} = 8.8.8.8,8.8.4.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 04:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????i??W????8???`????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-03 04:10:59
ComboFix-quarantined-files.txt 2010-04-03 01:10
ComboFix2.txt 2010-04-03 00:35
ComboFix3.txt 2010-04-02 23:36

Pre-Run: 34.071.326.720 bytes free
Post-Run: 34.040.733.696 bytes free

- - End Of File - - DC746B487B81DD28BFB8786ABB4C0DC8



what should I do next ?





#3 irbat

irbat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 04 April 2010 - 10:50 AM

After various attempts to find what infected my computers, finally I understood that Win32/Sality.AA virus is causing these problems. I have formatted (XP laptop) there was not any solution left sad.gif and scanned (Vista) with CA Anti-Virus and this program has found the viruses and deleted them. Now I can access task manager on both of them without any additional thing, they work fast as they should be and the programs work without problem. Good luck to those who has virus problem and tries to solve. Have a nice day! wink.gif

#4 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:19 PM

Posted 24 May 2010 - 08:21 AM

Since this topic appears to be resolved I shall close it. If there is need of this topic to be reopened please send me or any other moderator a personal message with a request to open and we will do so for you.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users