problems with pc - task manager disabled, AV turned off and blue circle keeps spining

I need some help with this problem, I have been trying to fix this since 8/12/11
Windows updated on 8/11 and I noticed it took a very, very long time to load up with Windows. I rebooted pc and noticed that it ran very slow(blue circle) and my AV was disabled. I was unsure to use restore because of the windows update (earliest restore date was 8/12).

I googled and found several suggestions...tried them all. I noticed after windows startup a window flashes briefly on the screen (unreadable and goes away, then the AV is disabled (windows flags pc with a message to turn on, but I couldn't) I ran the Sergiwa tool and it found an R-media malware. I removed that with Microsoft malware removal tool, but the window still flashed and AV is turned off a few minutes after windows starts and programs crash. I reboot the pc and I have the options for safe mode and starting windows normally. I can only use the pc in safe mode and when I restart, windows will load and startup programs load and that's when I see the flashing (for one second then it goes away, it is unreadable) window

I was able to restart the AV software with Services, but it won't stay on and the pc crashes after a few minutes after Windows startup. when I use cntrl atl delete, I get a black screen and an error message about "security services are not available and to power off the pc".

I have run the malware removal steps and I'm attaching those files. I did all steps in safe mode and rootrepeal crashed and did not work.

I also have two desktop.ini files on my desktop that were not there before , I think they showed up around the R-media removal time (but I'm not sure).

thanks in advance.

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

Added:
Found out that the flashing window is splashtop remote software on startup- it's not the problem.

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

Hi and welcome to Major Geeks, kola86!

I will be analyzing your logs. Please be patient as there is a lot of information to review.

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but DO NOT CLICK FIX until you exit all explorer windows and all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15784&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

File::
C:\ProgramData\ihfeumzb.qzk
C:\error.fstmp
C:\infect.fstmp
C:\USERS\WEBGIR~1\LOCALS~1\TEMP\BIT43D4.TMP
C:\USERS\WEBGIR~1\LOCALS~1\TEMP\GURB210.EXE
C:\USERS\WEBGIR~1\LOCALS~1\TEMP\GURB210.TMP
C:\USERS\WEBGIR~1\LOCALS~1\TEMP\~DF040~1.TMP

DirLook::
C:\1f2743f470da01f2566a273f43d0299d
C:\39cf3a602d06fb9ae3b0
C:\446d3f2ecd73f4cc7b7e1e20f4
C:\4aa987591ca5b6087f7dfb
C:\5ed0b09b11e3029e21b978d4b9d5f5
C:\6952a9492b02408739a8
C:\946c9019314d6ae412a614fb8e
C:\a989d9f645542ba97eea
C:\aa95f44cd88cf35c08299a
C:\b43592b883eda08a3c5c9fc5c1
C:\b8cc4c53bff625de41
C:\c8f5aedffa86609b74
C:\edfe3d3ef1d6885d8fa70f82c14b
C:\ff7ed2bd88e767a2a9e6902ab0a01909
C:\MSI534ca.tmp
C:\USERS\WEBGIR~1\LOCALS~1\TEMP\COMTYP~1

Folder::
C:\Users\webgirltj\AppData\Local\{11E2636D-BB61-43D1-B4C7-FF194B2A8EA0}
C:\Users\webgirltj\AppData\Local\{25489DE0-4FDA-442E-A0B3-93C27C467F09}
C:\Users\webgirltj\AppData\Local\{74206898-2451-4666-89C8-38627487B45F}
C:\Users\webgirltj\AppData\Local\{942373DE-2A24-46CF-98A3-13F7E85C7939}
C:\Users\webgirltj\AppData\Local\{C2021BEC-CEF2-4AF6-B0FD-93B7046EB443}

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] 

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.




Please download SystemLook by jpshortstuff to your desktop.

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :regfind
  {2D3BC6BC-5E9E4018-B90633BD-2013BB43}
  {E48A9B56-B0C0-420C-9605-22D2DE9B00A0}
  :filefind
  avperf.ini
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (How to attach items to your post)
  Note: The log be found on your desktop entitled SystemLook.txt

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

Now download and install JRE 6 UPDATE 27
See the download links under this icon:

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

*** Let me know how the PC is running after you have completed these steps! ***​

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

ok, I ran everything in your reply...

here are the files

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

here is the MGlogs.zip

I will post later to let you know how my PC is running.

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

"failure to display security and shutdown options"

I got this error message after firefox crashed and I tried to control alt delete

I've had to reboot several times and once I reboot I have the safe mode options - I can only get a normal boot after booting in safe mode....

still getting the spinning blue circle.

 

Re: problems with pc - task manager disabled, AV turned off and blue circle keeps spi

Use MSconfig to setup for Normal Startup Mode

Then reboot your PC
Once you have rebooted your PC:

Run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.