HiJack.Task Manager won't delete

I have a computer that started with a disabled keyboard and mouse. It was giving me a code 39 error from the device manager. I got the keyboard fixed but the mouse still won't work. I ran Malwarebytes and it told me that I have hijack.taskmanger. I tried to delete it through Malwarebytes and it won't go away. I have run Super AntiSpyware, ComboFix, Defogger and rrootlog. Files are attached. What do I do now?

 

Hi and welcome to Major Geeks, andersond3851 !

Please attach the log from SAS and also run MGtools.exe as requested.

 

Here are the other two log files. I still can't use the mouse.

 

Deep Freeze is installed but currently, the computer is thawed.

 

C:\Win32.Worm.Downladup.Gen.log <-- Do you know what this is for? If not, please delete.

http://img805.imageshack.us/img805/9659/rktigzy.gif Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the number "2" and press ENTER.
When it is finished -- Notepad will open with the report and the log is saved to your desktop.
Attach RKreport[1].txt to your next message. (How to attach)
You can now type the number "0" and press ENTER to exit RogueKiller.

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 7 (outdated)

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img7.imageshack.us/img7/2461/sase.gif You should have done a Complete Scan with SAS as requested by the Malware Removal Guide. Please do this now and attach the new log.

http://img825.imageshack.us/img825/2648/hjt.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O4 - HKCU\..\Run: [Spyware Doctor with AntiVirus] C:\Documents and Settings\administrator.MCKENZIESCHOOLS\Desktop\sdasetup_revwire207[1].exe -min

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]FileLook::[/COLOR]
C:\WINDOWS\system32\lskhook64.dll
C:\WINDOWS\system32\lskhook.dll
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\All Users\Application Data\PC Tools
[COLOR="DarkRed"]Registry::[/COLOR]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor with AntiVirus"=-
[HKEY_USERS\S-1-5-21-4248204202-3445848085-1788652111-500\Software\Microsoft\Windows\CurrentVersion\run]
"Spyware Doctor with AntiVirus"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[COLOR="DarkRed"]SecCenter::[/COLOR]
AV: AVG Anti-Virus Network Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img254.imageshack.us/img254/945/baticonxp.gif Now run the attached .bat file (info.bat) and attach the log it creates on your desktop (info.txt). (How to attach)

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

I have run most of the programs. Combo Fix with the script locked up the computer and never gave me a log. All other logs are posted. Thanks. The mouse still does not work. Thanks.

 

http://img805.imageshack.us/img805/9659/rktigzy.gif Open RogueKiller

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the number "5" and press ENTER.
When it is finished -- Notepad will open with the report and the log is saved to your desktop.
Attach RKreport[2].txt to your next message. (How to attach)
You can now type the number "0" and press ENTER to exit RogueKiller.

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run


You attached the .bat file I sent you. I need the log from running the .bat file. It is called info.txt and it is on your desktop.
Please run this again and attach the log to your next message.

http://img600.imageshack.us/img600/2693/mgtools.gif Now download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

Thanks for all of your help. Files that you requested are attached.

 

Is this a PS/2 or USB mouse?

Even after that fix I gave you which seemed successful according to the log. Your new MGlogs.zip states:

Code:

    i8042 Keyboard and PS/2 Mouse Port Driver -i8042prt- is NOT running  
  
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: i8042prt
        TYPE               : 1   KERNEL_DRIVER 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\DRIVERS\i8042prt.sys  
        LOAD_ORDER_GROUP   : Keyboard Port  
        TAG                : 4  
        DISPLAY_NAME       : i8042 Keyboard and PS/2 Mouse Port Driver  
        DEPENDENCIES       :   
        SERVICE_START_NAME :  

 

It is a USB mouse. Does that matter?

 

Yes. Have you tried a PS/2 mouse? Have you tried a different USB mouse? We're trying to figure out if it's just that mouse or if it's all types of mice.

Run the below scan too:

http://img706.imageshack.us/img706/3941/minitoolbox.gif Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

• List Devices -> All
• List last 10 Event Viewer log

Press Go and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.

 

Hey:

Here is the result file from the Mini Tool Box.

The mouse still won't work. Do you think I should reimage?

 

No, try the below instead:

http://img843.imageshack.us/img843/5891/erunt.gif Backup Your Registry with ERUNT

• Please download Erunt
• Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

========WARNING========
The below is specifically for andersond3851's computer
Do NOT run the below if you are not andersond3851
Doing so may damage your PC!
========WARNING========

Attached is i8042.zip

Inside is i8042.reg
Extract i8042.reg to your desktop.
Now merge it into your registry by double-clicking it.
If you received a successful message, reboot your PC and continue with the steps below the green line:
If you did NOT receive a successful message, STOP and let me know.

______________________________________________________________

Once you have rebooted, test your mouse.
Regardless if it works now or not, run c:\MGtools\GetLogs.bat and attach the latest MGlogs.zip to your next message. (How to attach)

Also you neglected to answer my previous questions:

• Have you tried a PS/2 mouse?
• Have you tried a different USB mouse?

 

Thank you for your help on this. We finally gave up. We put in a new hard drive.

 

You're welcome. Surf safely!