Jump to content

Can't run task manager


Recommended Posts

Here is the problem : 
- I tried all the ways to open my task manager but can't ,my administration tools also.

- I ran Malwarebytes couple times but still found worms. don't know why .
Here are logs .
1st time.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/4/2014
Scan Time: 6:48:32 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.04.03
Rootkit Database: v2014.07.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290801
Time Elapsed: 9 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 1
Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, 2352, Delete-on-Reboot, [93f0267567144cea88ba0e4c6c94a759]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe, Quarantined, [0e757c1fabd069cd370b2d2d2ed27789], 
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\auto.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], 
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autorun.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], 
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autoruns.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\boot.exe, Quarantined, [3d4623784c2fbc7a1282b5a0d330f60a], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ctfmon.exe, Quarantined, [b1d2623994e746f0bd51ec6a22e154ac], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\procexp.exe, Quarantined, [9de6d8c3077496a083b482d7ab5847b9], 
 
Registry Values: 3
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, C:\WINDOWS\system\KEYBOARD.exe, Quarantined, [691a0299c7b40e28ae9477e3e020a65a]
Risk.HiddenExt, HKLM\SOFTWARE\CLASSES\EXEFILE|NeverShowExt, 1, Quarantined, [d0b3bdde8cef11258539390848bbf50b]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUN.EXE|Debugger, C:\WINDOWS\system32\drivers\drivers.cab.exe, Quarantined, [d3b06d2e95e68caad7edb34fec1705fb]
 
Registry Data: 1
Broken.OpenCommand, HKCR\regfile\shell\open\command, C:\WINDOWS\pchealth\Global.exe, Good: (regedit.exe "Bad: (C:\WINDOWS\pchealth\Global.exe),Replaced,[ffffffffffffffffffffffffffffffff]"), %5
 
Folders: 1
Trojan.Agent, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}, Delete-on-Reboot, [bdc642591368ba7c0f166e250101b848], 
 
Files: 11
Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, Delete-on-Reboot, [93f0267567144cea88ba0e4c6c94a759], 
Worm.AutoRun, C:\Windows\system\KEYBOARD.exe, Quarantined, [691a0299c7b40e28ae9477e3e020a65a], 
Worm.AutoRun, C:\MS-DOS.com, Quarantined, [5d26752685f69e9852f0c694ee128779], 
Spyware.Password, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jsapbguq.exe, Delete-on-Reboot, [86fdd5c6017a6ccadac50d85de236a96], 
Worm.AutoRun, C:\Windows\System32\regedit.exe, Quarantined, [671cc5d67209cc6a1f2385d5a55b38c8], 
Worm.AutoRun, C:\Windows\Help\microsoft.hlp, Quarantined, [b2d1415a0f6c47ef8ab82d2d679953ad], 
Worm.AutoRun, C:\Windows\Media\rndll32.pif, Quarantined, [0e757c1fabd069cd370b2d2d2ed27789], 
Worm.AutoRun, C:\Windows\System32\dllcache\Global.exe, Quarantined, [c9baf9a2b0cb152114c7948de61d2dd3], 
Worm.AutoRun, C:\Windows\System32\drivers\drivers.cab.exe, Quarantined, [691ad2c9bdbe7eb8217b76ac37cc7c84], 
Worm.AutoRun, C:\Windows\Cursors\Boom.vbs, Quarantined, [97ecf0abdaa19e98144d73c5cb384fb1], 
Worm.AutoRun, C:\Windows\PCHEALTH\Global.exe, Quarantined, [fb88d6c5c4b70333c60f1427788bd32d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
. 2nd time
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/4/2014
Scan Time: 8:37:50 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.04.04
Rootkit Database: v2014.07.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292290
Time Elapsed: 10 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 1
Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, 2328, Delete-on-Reboot, [150de8b359223cfa61ee8ad01ce4d927]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig.exe, Quarantined, [56ccb7e4c3b8102673dc7ae02fd1d22e], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\auto.exe, Quarantined, [2bf77b20502be84e8a9afb5adc27bb45], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autorun.exe, Quarantined, [61c15c3fd7a40036b96fce87867dd42c], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\autoruns.exe, Quarantined, [d74bb8e363187bbbf13a42130201bb45], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\boot.exe, Quarantined, [a0823764384369cd736b5401897a49b7], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ctfmon.exe, Quarantined, [53cf4b505724da5cce8ab89e946f21df], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\procexp.exe, Quarantined, [dd451c7fb0cbc175dfa2ef6ac24137c9], 
 
Registry Values: 4
Worm.AutoRun, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, C:\WINDOWS\system\KEYBOARD.exe, Quarantined, [d84ab0eb9ae19f97e06f0b4f88784ab6]
Risk.HiddenExt, HKLM\SOFTWARE\CLASSES\EXEFILE|NeverShowExt, 1, Quarantined, [889a5a41e8939f973dcb4ef4f2112dd3]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUN.EXE|Debugger, C:\WINDOWS\system32\drivers\drivers.cab.exe, Quarantined, [051d7e1d2a51d462fa1421e29c6734cc]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE|Debugger, C:\WINDOWS\Fonts\Fonts.exe, Quarantined, [26fce8b3bac166d05f751546956e639d]
 
Registry Data: 1
Broken.OpenCommand, HKCR\regfile\shell\open\command, C:\WINDOWS\pchealth\Global.exe, Good: (regedit.exe "Bad: (C:\WINDOWS\pchealth\Global.exe),Replaced,[ffffffffffffffffffffffffffffffff]"), %5
 
Folders: 1
Trojan.Agent, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}, Delete-on-Reboot, [6db50497fa812f0792ba157e4bb707f9], 
 
Files: 11
Worm.AutoRun, C:\WINDOWS\SYSTEM32\drivers\drivers.cab.exe, Delete-on-Reboot, [232105686b44b2ead8da75512f0ace6b], 
Worm.AutoRun, C:\Windows\System32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe, Delete-on-Reboot, [150de8b359223cfa61ee8ad01ce4d927], 
Worm.AutoRun, C:\Windows\system\KEYBOARD.exe, Quarantined, [d84ab0eb9ae19f97e06f0b4f88784ab6], 
Worm.AutoRun, C:\MS-DOS.com, Quarantined, [a47ef9a22d4e1f17400f8bcf956b3cc4], 
Spyware.Password, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jsapbguq.exe, Delete-on-Reboot, [cb57207b205b84b23e6df2a0a45d7789], 
Worm.AutoRun, C:\Windows\System32\regedit.exe, Quarantined, [c9596338512aab8be867e07ac040a45c], 
Worm.AutoRun, C:\Windows\Help\microsoft.hlp, Quarantined, [ad753566ccaf10264d024515df2136ca], 
Worm.AutoRun, C:\Windows\Media\rndll32.pif, Quarantined, [56ccb7e4c3b8102673dc7ae02fd1d22e], 
Worm.AutoRun, C:\Windows\System32\dllcache\Global.exe, Quarantined, [4ed49506df9c2f07ed3880a237cc06fa], 
Worm.AutoRun, C:\Windows\Cursors\Boom.vbs, Quarantined, [9b87d4c7a8d34ceabdee39ff9370ac54], 
Worm.AutoRun, C:\Windows\PCHEALTH\Global.exe, Quarantined, [a280960590eb8aac63bc2f0dcf34e21e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply...

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin....

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.