Let's take care of Task Manager, and Regedit...
Please go to to Start > Run
Highlight and copy each of the following (one at a time), and place in the Open area.
Then, click: Enter/OK after each one:
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Next, download Unhide.exe to your Desktop:
If the file does not download, copy/paste the following link >without brackets< in the address bar of your browser:
For XP, double-click on Unhide.exe
Allow the program to run.
This program removes the hidden attribute from all the files on your hard drives.
Now, download iExplore.exe, a renamed copy of rKill:
If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:
Save the file to the Desktop, and double-click on it.
Ignore any messages, and allow the file to run until the command window closes.
Save ComboFix.exe to your Desktop!!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through these links: http://www.bleepingcomputer.com/for...
XP - Double-click on ComboFix.exe to run the program.
Follow the prompts.
XP users (only) - install the Recovery Console when presented the option!!
Click on ‘Yes‘, to continue scanning for malware.
When finished, CF produces a report.
Since this report can also be quite large, please go to the ‘Uploading’ website:
In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”
Please copy the 'Download link', and provide it in your reply.
1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals