TheTechGuide Forum

General Category => Tech Clinic => Topic started by: The Right Moment on January 01, 2007, 08:43:29 PM

Title: Task manager failing to show up.
Post by: The Right Moment on January 01, 2007, 08:43:29 PM

Hello.
I was wondering if anybody could help me with this problem? /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
I've already scanned with TDS3 and it only found a few 'positive identification' files.

Here is my HijackThis log:
 
---------------------start
 
 Logfile of HijackThis v1.99.1
 Scan saved at 6:47:23 PM, on 01/01/2007
 Platform: Windows XP  (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\System32\cisvc.exe
 c:\program files\mcafee.com\agent\mcdetect.exe
 c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
 C:\Program Files\Real\RealPlayer\RealPlay.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
 C:\WINDOWS\System32\wwSecure.exe
 C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
 C:\WINDOWS\System32\cidaemon.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ (http://\"http://www.myspace.com/\")
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...nfVOF74tRr3yi6Z (http://\"http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD+LDHhd+DajHNnIbd6+3z3ms1AsKDH9eUrbeEJi+vlWxDiAcUYwTURNiQYLaPDSBE0Rdm0ZdKIOwhXYYM/TMzdGmLxoXge4fd7wd3UjvPQqMAp0xWDZVmd1mXO18BpFkBsk3MaRBzlyOzJQPrUnfVOF74tRr3yi6Z\")
 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
 R3 - URLSearchHook: (no name) -  - (no file)
 O1 - Hosts: 64.91.255.87 www.dcsresearch.com
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
 O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
 O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
 O4 - HKLM\..\Run: [MCAgentExe]c:\PROGRA~1\mcafee.com\agent\mcagent.exe
 O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
 O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
 O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
 O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
 O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
 O4 - Startup: PowerReg Scheduler V3.exe
 O4 - Global Startup: Block It!.lnk = C:\Program Files\Block It!\blockit.exe
 O4 - Global Startup: svchost.exe
 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000\")
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hurley\Start Menu\Programs\IMVU\Run IMVU.lnk
 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167525339136 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167525339136\")
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab\")
 O17 - HKLM\System\CCS\Services\Tcpip\..\{41399FEB-49D1-47F1-9099-8B1D7F4E22D7}: NameServer = 204.50.251.17 207.107.254.120
 O17 - HKLM\System\CS1\Services\Tcpip\..\{41399FEB-49D1-47F1-9099-8B1D7F4E22D7}: NameServer = 204.50.251.17 207.107.254.120
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
 O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
 O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
 O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
 
---------------------stop
 
 and here is my scandump.txt:
 
---------------------start
 
 Scan Control Dumped @ 18:30:43 01-01-07
 Suspicious Filename: Dual extensions
 File: c:\documents and settings\hurley\local settings\application data\shareaza\incomplete\7xpucrofsodwbjvo645dj42i6ckkb2zx shareaza_2.2.1.0.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\firefox setup 1.0.7.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\firefox setup 1.5.0.6.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\lastfmwindows-1.1.4.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\qxpresssetup_1.1.5.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\shareaza_2.1.0.0.exe
 
 Suspicious Filename: Dual extensions
   File: c:\documents and settings\hurley\my documents\spng2.2.397.exe
 
 Positive identification <Adv> (in archive): Possible keylogger
   File: setup.exe (In c:\documents and settings\hurley\my documents\downloads\shared\(ebook) mathemagic (magic tricks) pdf.zip)
 
 Positive identification <Adv> (in archive): Possible keylogger
   File: setup.exe (In c:\program files\outlook\p.zip)
 
 Positive identification <Adv>: Possible keylogger
   File: c:\program files\outlook\v.tmp
 
 Positive identification <Adv>: Possible keylogger
   File: c:\program files\softnyx\gunbound\npkcusb.sys
 
 Positive identification <Adv>: Possible keylogger
   File: c:\program files\tds3\xdynamic\tds.unpk\v.tmp
 
---------------------stop
 
 My task manager is still not showing up, even after deleting all the positive identification files found in TDS3.

Can somebody please help me?

Title: Task manager failing to show up.
Post by: guestolo on January 01, 2007, 08:46:11 PM

Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix

Title: Task manager failing to show up.
Post by: The Right Moment on January 01, 2007, 09:41:04 PM

When I click Combofix's icon, the screen just pops up and goes away. It doesn't give me any prompts.

Title: Task manager failing to show up.
Post by: guestolo on January 01, 2007, 09:45:03 PM

Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop

• Right click the BFU folder on your desktop, and choose Extract All
  
• Click "Next"
• In the box to choose where to extract the files to, click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
  
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  

[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")[/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (c:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
• Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
  and select alcanshorty.bfu
  
• Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  
• Wait for the complete script execution box to pop up and press OK.
  
• Press exit to terminate the BFU program.
  

Reboot your computer

Back in Windows
Try running Combofix again with the instructions I posted earlier
Post it's log along with a fresh hijackthis log please

Title: Task manager failing to show up.
Post by: The Right Moment on January 01, 2007, 10:00:52 PM

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Task manager's working again!
 
 
 Here's my HijackThis log:
 
 ---------------start
 
 Logfile of HijackThis v1.99.1
 Scan saved at 9:55:47 PM, on 01/01/2007
 Platform: Windows XP  (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\System32\cisvc.exe
 c:\program files\mcafee.com\agent\mcdetect.exe
 c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
 C:\Program Files\Real\RealPlayer\RealPlay.exe
 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 C:\WINDOWS\System32\wwSecure.exe
 C:\WINDOWS\System32\cidaemon.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\MSN Messenger\msnmsgr.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\explorer.exe
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\Program Files\HijackThis\HijackThis.exe
 
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ (http://\"http://www.myspace.com/\")
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...nfVOF74tRr3yi6Z (http://\"http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD+LDHhd+DajHNnIbd6+3z3ms1AsKDH9eUrbeEJi+vlWxDiAcUYwTURNiQYLaPDSBE0Rdm0ZdKIOwhXYYM/TMzdGmLxoXge4fd7wd3UjvPQqMAp0xWDZVmd1mXO18BpFkBsk3MaRBzlyOzJQPrUnfVOF74tRr3yi6Z\")
 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
 R3 - URLSearchHook: (no name) -  - (no file)
 O1 - Hosts: 64.91.255.87 www.dcsresearch.com
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
 O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
 O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
 O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
 O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
 O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
 O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
 O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
 O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
 O4 - Startup: PowerReg Scheduler V3.exe
 O4 - Global Startup: Block It!.lnk = C:\Program Files\Block It!\blockit.exe
 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000\")
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hurley\Start Menu\Programs\IMVU\Run IMVU.lnk
 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab\")
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167525339136 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167525339136\")
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (http://\"http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab\")
 O17 - HKLM\System\CCS\Services\Tcpip\..\{41399FEB-49D1-47F1-9099-8B1D7F4E22D7}: NameServer = 204.50.251.17 207.107.254.120
 O17 - HKLM\System\CS1\Services\Tcpip\..\{41399FEB-49D1-47F1-9099-8B1D7F4E22D7}: NameServer = 204.50.251.17 207.107.254.120
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
 O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
 O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
 O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
 
 ---------------stop
 
 
 And here's the Combofix log:
 
 ---------------start
 
 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Hurley\Desktop"
 
 (((((((((((((((((((((((((((((((   Files Created from 2006-12-01 to 2007-01-01  ))))))))))))))))))))))))))))))))))
 
 
 2007-01-01    21:52    <DIR>    d--------    C:\bintheredunthat
 2007-01-01    21:48    <DIR>    d--------    C:\bfu
 2007-01-01    17:09    <DIR>    d--------    C:\Program Files\HijackThis
 2007-01-01    17:04    6    --a------    C:\WINDOWS\dcstds3.dll
 2007-01-01    17:01    <DIR>    d--------    C:\Program Files\TDS3
 2006-12-30    19:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
 2006-12-30    19:39    127,208    --a------    C:\WINDOWS\system32\mucltui.dll
 2006-12-29    16:25    <DIR>    d--------    C:\Documents and Settings\Hurley\Application Data\Sony Corporation
 2006-12-29    16:23    6,097    --a------    C:\WINDOWS\system32\drivers\sonyhcb.sys
 2006-12-29    16:23    53,248    --a------    C:\WINDOWS\system32\SONYHCY.DLL
 2006-12-29    16:23    38,739    --a------    C:\WINDOWS\system32\drivers\sonyhcc.sys
 2006-12-29    16:23    3,654    --a------    C:\WINDOWS\system32\drivers\Sonyhcp.dll
 2006-12-29    16:23    299,923    --a------    C:\WINDOWS\system32\drivers\sonyhcs.sys
 2006-12-29    16:23    102,220    --a------    C:\WINDOWS\system32\drivers\sonypvs1.sys
 2006-12-29    16:23    <DIR>    d--------    C:\Program Files\Sony
 2006-12-29    16:23    <DIR>    d--------    C:\Drivers
 2006-12-29    16:20    8,192    --a------    C:\WINDOWS\system32\tsbyuv.dll
 2006-12-29    16:20    49,664    --a------    C:\WINDOWS\system32\vfwwdm32.dll
 2006-12-29    16:20    45,568    --a------    C:\WINDOWS\system32\iyuv_32.dll
 2006-12-29    16:20    36,864    -ra------    C:\WINDOWS\system32\mr310exv.dll
 2006-12-29    16:20    28,672    -ra------    C:\WINDOWS\system32\mr310exd.dll
 2006-12-29    16:20    129,875    -ra------    C:\WINDOWS\system32\drivers\mr97310c.sys
 2006-12-29    16:12    <DIR>    d--------    C:\Documents and Settings\Hurley\Application Data\ArcSoft
 2006-12-29    16:11    212,480    --a------    C:\WINDOWS\PCDLIB32.DLL
 2006-12-29    16:11    163,840    --a------    C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
 2006-12-29    16:09    <DIR>    d--------    C:\Program Files\ArcSoft
 2006-12-29    16:05    73,728    --a------    C:\WINDOWS\system32\mr310ipc.dll
 2006-12-29    16:05    352,256    --a------    C:\WINDOWS\system32\ijl15.dll
 2006-12-29    16:05    102,400    --a------    C:\WINDOWS\system32\mr310ifc.dll
 2006-12-29    16:05    <DIR>    d--------    C:\Program Files\MARS
 2006-12-12    00:48    <DIR>    d--------    C:\Program Files\Neopet Hacking
 2006-12-08    21:48    92,208    --a------    C:\WINDOWS\system32\WING.DLL
 2006-12-08    21:48    188,960    --a------    C:\WINDOWS\system32\WINGDE.DLL
 2006-12-08    21:48    12,800    --a------    C:\WINDOWS\system32\wing32.dll
 2006-12-08    20:41    <DIR>    d--------    C:\Program Files\Cat Daddy Games
 2006-12-07    20:33    <DIR>    d--------    C:\Documents and Settings\Hurley\Application Data\FunWebProducts
 2006-12-07    20:31    <DIR>    d--------    C:\Program Files\MyWebSearch
 2006-12-02    01:09    <DIR>    d--------    C:\WINDOWS\LogFiles
 2006-12-01    14:36    <DIR>    d--------    C:\Program Files\IPSWin
 
 
 ((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
 2007-01-01 21:38    --------    d--------    C:\Program Files\Mozilla Firefox
 2007-01-01 03:57    --------    d--------    C:\Documents and Settings\Hurley\Application Data\Shareaza
 2006-12-31 16:12    --------    d--------    C:\Documents and Settings\Hurley\Application Data\Starware
 2006-12-29 16:23    --------    d--h-----    C:\Program Files\InstallShield Installation Information
 2006-12-29 16:22    --------    d--------    C:\Program Files\Common Files\InstallShield
 2006-12-25 13:11    --------    d--------    C:\Program Files\EA GAMES
 2006-12-22 22:47    --------    d--------    C:\Program Files\Charmed
 2006-12-09 02:30    --------    d--------    C:\Program Files\MSN Messenger
 2006-12-09 02:30    --------    d--------    C:\Program Files\Messenger Plus! Live
 2006-12-08 21:48    --------    d--------    C:\Program Files\Hasbro Interactive
 2006-12-08 18:47    --------    d--------    C:\Documents and Settings\Hurley\Application Data\IMVU
 2006-12-08 15:52    --------    d--------    C:\Program Files\IMVU
 2006-12-07 23:25    --------    d--------    C:\Program Files\Internet Explorer
 2006-12-07 20:31    360448    --a------    C:\Program Files\Uninstall My Web Search.dll
 2006-12-07 20:31    --------    d-a------    C:\Program Files\FunWebProducts
 2006-12-06 14:00    --------    d--------    C:\Program Files\Click'N Design 3D
 2006-12-03 17:05    --------    d--------    C:\Program Files\Visual Boy Advance
 2006-11-25 15:45    --------    d--------    C:\Program Files\Common Files\EasyInfo
 2006-11-25 15:45    --------    d--------    C:\Program Files\Common Files
 2006-11-21 16:27    --------    d--------    C:\Program Files\MessengerPlus! 3
 2006-11-18 23:42    --------    d--------    C:\Program Files\ArtMoney
 2006-11-10 23:34    --------    d--------    C:\Program Files\Common Files\Microsoft Shared
 2006-11-03 22:23    --------    d--------    C:\Program Files\Sims2Pack Clean Installer
 2006-11-03 22:00    --------    d---s----    C:\Documents and Settings\Hurley\Application Data\Microsoft
 2006-11-03 22:00    --------    d--------    C:\Program Files\SimPE
 2006-10-28 08:25    0    --a------    C:\WINDOWS\system32\taskkill.exe
 2006-10-28 08:25    0    --a------    C:\WINDOWS\b.exe
 2006-10-23 16:35    1573208    --a------    C:\WINDOWS\system32\Charmed-WB.scr
 
 
 ((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 *Note* empty entries are not shown
 
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
 "Washer"="C:\\Program Files\\Washer\\washer.exe /0"
 "AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
 "Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
 "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
 "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
 "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
 "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
 "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
 "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
 "mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
 "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
 "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
 
 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
 "DeskHtmlVersion"=dword:00000110
 "DeskHtmlMinorVersion"=dword:00000005
 "Settings"=dword:00000001
 "GeneralFlags"=dword:00000001
 
 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
 "Source"="About:Home"
 "SubscribedURL"="About:Home"
 "FriendlyName"="My Current Home Page"
 "Flags"=dword:00000002
 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
   00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
 "CurrentState"=hex:04,00,00,40
 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
   ff,ff,04,00,00,00
 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
   00,00,01,00,00,00
 
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
 "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
 
 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
 "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
 "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
 "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
 "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
 
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000091
 
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "dontdisplaylastusername"=dword:00000000
 "legalnoticecaption"=""
 "legalnoticetext"=""
 "shutdownwithoutlogon"=dword:00000001
 "undockwithoutlogon"=dword:00000001
 
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000091
 
 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000091
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
 "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
 "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
 "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
 "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
 
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]    
 "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
 
 Completion time: 07-01-01 21:54:14.85
 C:\ComboFix.txt ... 07-01-01 21:54
 
 ---------------stop
 
 
 Thank you for helping me fix it. /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
 Is there anything else I need to do?

Title: Task manager failing to show up.
Post by: guestolo on January 02, 2007, 12:25:19 AM

Can you supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

+How did you get your hands on a copy of TDS3?
Just wondering, was it able to update?

Also, enquiring, is this a legal version of XP, I notice no Windows updates, just checking

Title: Task manager failing to show up.
Post by: The Right Moment on January 02, 2007, 11:43:47 PM

Uninstall list:

---------------start

Ad-aware 6 Personal
Adobe Acrobat 5.0
AI RoboForm (All Users)
AOL Instant Messenger
ArcSoft PhotoImpression 4
Backyard Basketball 2004
Block It!
Boobinator
Camera Driver
CEP - Color Enable Package
Click'N Design 3D
DFX for Windows Media Player
DiamondCS TDS-3
Disciples: Sacred Lands
DivX
DivX Converter
DivX Player
DivX Web Player
eGames GameButler
Game Book Player
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Last.fm Player 1.1.4
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
Memware 2.1.005
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Milton Bradley Classic Board Games
Mozilla Firefox (1.5.0.9)
MUSICMATCH® Jukebox
Nero - Burning Rom
NetBattle
Parker Brothers Classic Card Games
Puzzle Pirates
QuickTime
Q-Xpress Installer 1.1.5
RealPlayer Basic
RollerCoaster Tycoon 2
School Tycoon
Security Update for Windows XP (KB896423)
Shockwave
SimPE 0.44c (alpha)
Sims2Pack Clean Installer
Sony Picture Utility
Sony USB Driver
Starware 4.2.0.0
The Game Of Life
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The WB Fall 2005 Screen Saver
TV Guide Crosswords
Update for Windows XP (KB898461)
Viewpoint Media Player
Winamp (remove only)
Window Washer
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver

---------------stop

 

I got TDS3 from Tucows, by searching on Google.
No, it couldn't update.

And yes, this is a legal version of XP. As you can see from the uninstall list, I updated today.

Thanks again. /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Task manager failing to show up.
Post by: guestolo on January 03, 2007, 01:11:40 AM

You may want to uninstall TDS3, it's out of date and not developed any further

Also, I would uninstall Starware 4.2.0.0 from add/remove programs
Read more here
http://www.symantec.com/security_response/...-050313-4341-99 (http://\"http://www.symantec.com/security_response/writeup.jsp?docid=2005-050313-4341-99\")

Additionally, you have a very old version of Ad-Aware installed
and we should update your version of Sun Java, malware can exploit holes in older versions and infect you
While in add/remove programs remove the following
Ad-aware 6 Personal
Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 6

Reboot the computer

Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
After successfully updating
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
Go to the following link to install the latest version of Sun Java
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
I would do the Windows OFFLINE installation
Save the installer to desktop>>Double click to install>>Follow the prompts
After it is installed you can delete the installer from desktop

Post back a fresh hijackthis log afterwards, we'll see what we're left with

+Download and unzip to a folder of it's own on desktop
http://metallica.geekstogo.com/findlop.zip (http://\"http://metallica.geekstogo.com/findlop.zip\")

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the contents into your next post.