Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 · (Edited)
1.) I recently noticed I cant launch task manager. I tried ctrl + alt + delete, and I tried right clicking the taskbar, and i ran taskmgr.exe.. I can't fix it.

2.) I had this 1 spyware rogue virus (i forgot what its called) its (name) (name) version 5.4 or something. Anyways I launched the computer in safe mode, used Hijack This and fixed what ever I felt doesn't belong, I also just downloaded and used a program called SpyNoMore 2.67 (none found)
but I wanna run a check up of what I need so heres the log.
-------------------------------~L~O~G~-----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:24 PM, on 5/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\ALCXMNTR.EXE
C:\AVG\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
C:\AVG\avgwdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\dmadmin.exe
C:\AVG\avgam.exe
C:\AVG\avgrsx.exe
C:\AVG\avgnsx.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
\?\globalroot\D:\WINDOWS\system32\lmn_setup.exe
\?\globalroot\D:\WINDOWS\system32\rundll32.exe
D:\Program Files\SpyNoMore\SNM.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\SYSTEM32\Userinit.exe,D:\WINDOWS\system32\twex.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\BitComet\tools\BitCometBHO_1.3.3.2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\AVG\avgtray.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe D:\WINDOWS\system32\autochk.dll,[email protected]
O4 - HKLM\..\Run: [SNM] D:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [autochk] rundll32.exe D:\DOCUME~1\NETWOR~1\protect.dll,[email protected]
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00DA599 - D:\WINDOWS\system32\__c00DA599.dat
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\AVG\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 3446 bytes
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Hello and Welcome to TSF
The Security Forum no longer uses HijackThis as their initial analysis tool.

Please follow their pre-posting process outlined here:

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help , as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your thread.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top