| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 61145 | 2005-08-26 04:04:00 | Help with Task Manager please. | MasturJeff (7803) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 383792 | 2005-08-26 04:04:00 | I hit CTRL ALT DLT and the Task Manager just will not come up. Here's my hijack log: Logfile of HijackThis v1.97.7 Scan saved at 10:58:55 PM, on 8/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\progra~1\mcafee\mcafee antispyware\MssCli.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\winupdates\winupdates.exe C:\Program Files\WinZip\WZQKPICK.EXE c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dudez\ProtoWall\ProtoWall.exe C:\Documents and Settings\Owner\My Documents\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\inv5ah0l.slt\prefs.j s) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\mcafee antispyware\MssCli.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Spyware Doctor (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: HiDownload (HKLM) O16 - DPF: Yahoo! Chess - download.games.yahoo.com O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - fpdownload.macromedia.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - active.macromedia.com O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - pdl.stream.aol.com :help: |
MasturJeff (7803) | ||
| 383793 | 2005-08-26 04:33:00 | Don't know why it's happening with the info you've provided but you can download this in the meantime www.dougknox.com And go here to readup on it http://www.dougknox.com/ >Lefthand menu >WinXP Utilities >Create Emergency Copies of Critical XP System Utilities (9th on list) And your copy of Hijack is out of date Latest version is: v1.99.1 |
bartsdadhomer (80) | ||
| 383794 | 2005-08-26 04:35:00 | Tick these. Close browsers. Tick fix checked. Reboot. Update windows as shown in the link below. securityresponse.symantec.com C:\Program Files\winupdates\winupdates.exe This is Gaobot, a worm. 04 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto Part of Gaobot Also try an online scan. http://housecall.trendmicro.com/ O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Not nasty but not needed See if u can use ccleaner and remove those 04 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto, relating to Gaobot under the tools / startup tab. |
Speedy Gonzales (78) | ||
| 383795 | 2005-08-26 04:49:00 | Thanks once again Speedy, I'm scanning with Trend Micro. I'll report back in an hour or two when it's finished. I'm not going to touch anything else until it's done scanning. | MasturJeff (7803) | ||
| 383796 | 2005-08-26 04:55:00 | No worries :) Umm if that site does nothing , or doesnt detect anything, try trojan remover . simplysup . com/tremover/" target="_blank">www . simplysup . com Even tho some worms etc may affect this, they'll have a hard time, since this program uses random file name generation, and worms etc wouldnt know all the names it generates! Also the latest version of trojan remover will scan running processes . So, if Gaobots is still running now, hopefully it'll detect and kill it! Its got a few Gaobot defs in it . So, it may remove it, and its entries . |
Speedy Gonzales (78) | ||
| 383797 | 2005-08-26 04:58:00 | I used CCleaner and got rid of that winupdates thing. | MasturJeff (7803) | ||
| 383798 | 2005-08-26 05:06:00 | I used CCleaner and got rid of that winupdates thing . Good! Thats a start . At least it wont run, when u reboot . Just in case it rears it ugly head again, once u reboot, check Ccleaner again . Or try task manager once u reboot . It should hopefully open! |
Speedy Gonzales (78) | ||
| 383799 | 2005-08-26 05:11:00 | Crap I have to register for Trojan Remover, it says my 30 day trial already expired... | MasturJeff (7803) | ||
| 383800 | 2005-08-26 05:14:00 | Ah ok then, well u cant use Trojan Remover then lol. Unless you want to buy it online. | Speedy Gonzales (78) | ||
| 383801 | 2005-08-26 05:28:00 | Trend Micro: Scanning Process:91% - 0 infections so far. |
MasturJeff (7803) | ||
| 1 2 3 4 5 6 7 | |||||