Author Topic: help please, task manager not showing up... (Read 10185 times)

Havasivi · « **on:** February 18, 2005, 01:57:09 PM »

Hi!
I have a problem with my task manager to show up when i press CTRL ALT DEL. (also when i right click and choose task manager)

Sometimes i can see it for a brief second but then it closes, also at startup it works but after a certain program starts (not sure wich) it closes as usual.
This also happens with regedit and services.msc in the "Run..." thingie.
I suspect a virus or something but i have searched for viruses with NOD32 both in normal windows and in safe mode, and i havn't found anything.

I see people have posted Hijackthis logs so i guess i should too...

here it is:

Logfile of HijackThis v1.99.0
Scan saved at 18:59:40, on 2005-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program\Winamp\winampa.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
E:\Program\RedLine\Taskbar.exe
C:\WINDOWS\System32\wsmct.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\System32\DNSCHDQV.EXE
E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program\GrabClipSave\GrabClipSave.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
E:\program\redline\gameutil.exe
E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Winamp\winamp.exe
E:\Program\Alias\Maya6.0\docs\Wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program\Eset\nod32krn.exe
E:\Program\Alias\Maya6.0\docs\jre\bin\java.exe
E:\Program\RealVNC\VNC4\WinVNC4.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nemo\Mina dokument\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\System32\NaviHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\Program\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RedLine Taskbar] E:\Program\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Config] DNSCHDQV.EXE
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Steam] "e:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [GCS] "C:\Program\GrabClipSave\GrabClipSave.exe"
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Windows Config] DNSCHDQV.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C9DF7C-B0B9-4DD5-BC8A-DDC82D201555}: NameServer = 81.26.226.3,81.26.229.3
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server - Unknown - E:\Program\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver - Unknown - C:\WINDOWS\System32\winpnp32.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - E:\Program\RealVNC\VNC4\WinVNC4.exe

------------------------------
here it ends

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Ok i'm gratefull for any reply and help i can get, thanks in advance.

PS. sorry if the english sucks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> i'm swedish

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

guestolo · « **Reply #1 on:** February 18, 2005, 03:04:12 PM »

I'm stepping out for a bit
Can I get you to do me a favor

I need you to update your version of Hijackthis
You can get the latest copy from my signature below
Save it to a Permanent folder

Post back a log from this version

Havasivi · « **Reply #2 on:** February 18, 2005, 07:57:25 PM »

thanks for the reply

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
the site were down or something so i couldn't answer before but here's another log with the newer Hijackthis.

---------------------------------start
Logfile of HijackThis v1.99.1
Scan saved at 01:45:22, on 2005-02-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wsmct.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program\Winamp\winampa.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
E:\Program\RedLine\Taskbar.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\DNSCHDQV.EXE
E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program\GrabClipSave\GrabClipSave.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
E:\program\redline\gameutil.exe
E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Winamp\winamp.exe
E:\Program\Alias\Maya6.0\docs\Wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program\Alias\Maya6.0\docs\jre\bin\java.exe
E:\Program\RealVNC\VNC4\WinVNC4.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Documents and Settings\Nemo\Mina dokument\Unzipped\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\System32\NaviHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\Program\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RedLine Taskbar] E:\Program\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Config] DNSCHDQV.EXE
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Steam] "e:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [GCS] "C:\Program\GrabClipSave\GrabClipSave.exe"
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Windows Config] DNSCHDQV.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C9DF7C-B0B9-4DD5-BC8A-DDC82D201555}: NameServer = 81.26.226.3,81.26.229.3
O20 - Winlogon Notify: WB - C:\Program\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - E:\Program\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\Program\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

----------------end

i think it looks the same but then again, i don't get much of it at all...
anyways i'm sitting here happily waiting for a reply

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> (not now.. i'm going to bed

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> good night)

guestolo · « **Reply #3 on:** February 19, 2005, 01:05:46 AM »

Quote

the site were down or something so i couldn't answer before but here's another log with the newer Hijackthis

No worries, I had the same trouble accessing the site on my side

Download the trial version of tds-3 anti trojan from here:
http://www.diamondcs.com.au/tds/downloads/...s/tds3setup.exe
Install it and Restart your computer when prompted
Don't run a scan yet

When your back in Windows it's important to update the latest RADIUS database

IMPORTANT>>>Right click the link below, select "save target as" or save link as
http://www.diamondcs.com.au/tds/radius.td3
Save it to the directory where you installed TDS-3
The default location should be
C:\Program Files\TDS3
Allow it to overwrite the previous radius.td3

If your unsure how to update it follow the instructions from this link
http://tds.diamondcs.com.au/index.php?page=update
Follow the Manual update procedure
Again, don't run a scan yet

Print this out or save to a Notepad file for easy access

Restart into Safe mode without Network connection
You can do this by tapping the F8 key as The system is booting up

Launch TDS-3. In the top bar of tds window click system testing> full systemscan.
Let it completely finish scanning---Even if it appears to hesitate at times
Detections will appear in the lower pane of tds window after the scan is finished Right click the list> select save as txt.>> save this to a convenient location, I'll need to see it later

After saving the scandump.txt go ahead and right click the list of alarms again, this time select delete...only delete those with POSITIVE IDENTIFICATION

Restart back to Normal mode
Post a fresh Hijackthis log and the scandump.txt from TDS-3

Havasivi · « **Reply #4 on:** February 19, 2005, 11:22:19 AM »

Yay, great thanks!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> taskmanager is working again.
thank you thank you thank you

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />
it took a long time to scan but it was worth it.

here's the logs if you still wanna see them:

------------------start
Logfile of HijackThis v1.99.1
Scan saved at 17:14:37, on 2005-02-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program\Winamp\winampa.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program\Logitech\iTouch\iTouch.exe
E:\Program\RedLine\Taskbar.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
E:\Program\Alias\Maya6.0\docs\Wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program\Eset\nod32krn.exe
C:\Program\GrabClipSave\GrabClipSave.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
E:\Program\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program\RealVNC\VNC4\WinVNC4.exe
E:\program\redline\gameutil.exe
E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program\Winamp\winamp.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nemo\Mina dokument\Unzipped\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\System32\NaviHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\Program\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RedLine Taskbar] E:\Program\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Config] DNSCHDQV.EXE
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Steam] "e:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [GCS] "C:\Program\GrabClipSave\GrabClipSave.exe"
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C9DF7C-B0B9-4DD5-BC8A-DDC82D201555}: NameServer = 81.26.226.3,81.26.229.3
O20 - Winlogon Notify: WB - C:\Program\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - E:\Program\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\Program\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

-----------------end

and:

--------------------start

Scan Control Dumped @ 17:09:16 19-02-05
Positive identification: Worm.Win32.Small.b
File: c:\windows\system32\winpnp32.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\nemo\mina dokument\mina filer\bsplayer100.811.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\documents and settings\nemo\mina dokument\mina filer\cs\furious sp\furioussp.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\documents and settings\nemo\mina dokument\mina filer\cs\furioussp\furioussp.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\nemo\mina dokument\mina filer\max payne 2\hellsing.mod.exe

Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL)
File: c:\documents and settings\nemo\mina dokument\mina filer\the punisher\punisherscoretrainer\trainer.exe

Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL)
File: c:\documents and settings\nemo\mina dokument\mina filer\thief 3\t3trainer15\thief 3 +15 trainer.exe

Positive identification: Riskware.ProcessRestart
File: c:\program\logitech\desktop messenger\8876480\6.1.4.61-8876480l\program\restart.exe

Suspicious Filename: Dual extensions
File: c:\program\messenger plus! 3\plugins\stuffplug-ng\talker.bub.vbs

Positive identification: RAT.Spyboter.fn
File: c:\recycler\nprotect\00024892.exe

Positive identification: RAT.Spyboter.fn
File: c:\windows\system32\dnschdqv.exe

Positive identification: RAT.Spyboter.fn
File: c:\windows\system32\wingated.exe

Positive identification: Worm.Win32.Small.b
File: c:\windows\system32\winpnp32.exe

Positive identification: DDoS.RAT.rBot.att
File: c:\windows\system32\wsmct.exe

Positive identification: RAT.Agent.dn
File: c:\windows\system32\wtmsv.exe

Suspicious Filename: Dual extensions
File: d:\backup\mina dokument\mina filer\bsplayer100.811.exe

Positive identification <Adv>: Possible WebDownloader
File: d:\backup\mina dokument\mina filer\cs\furious sp\furioussp.exe

Positive identification <Adv>: Possible WebDownloader
File: d:\backup\mina dokument\mina filer\cs\furioussp\furioussp.exe

Suspicious Filename: Dual extensions
File: d:\backup\mina dokument\mina filer\max payne 2\hellsing.mod.exe

Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL)
File: d:\backup\mina dokument\mina filer\thief 3\t3trainer15\thief 3 +15 trainer.exe

Suspicious Filename: Dual extensions
File: d:\backup\program\messenger plus! 3\plugins\stuffplug-ng\talker.bub.vbs

Suspicious Filename: Dual extensions
File: d:\my downloads\dc++\converting to vcd from avi,divx,dv,asf,mov,smr,wmv,mpeg tmpgenc-0.11.26.110.exe

------------------end

again thank you thank you thank you!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #5 on:** February 19, 2005, 12:01:21 PM »

Let's get rid of the leftovers

I need you to do a couple of things
I've uploaded a couple of files at the bottom of this reply box
NoNav.zip and RemoveWin.zip
Save them both to your desktop and UNZIP the contents to your desktop
We'll need these later

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
When Installing Ad-Aware may update and start a scan
Ensure it is updated but don't run a scan yet

Print the rest of this out or save it to a Notepad file on the desktop for reference

Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\System32\NaviHelper.dll

O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe

O4 - HKLM\..\Run: [Windows Config] DNSCHDQV.EXE
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe

O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe

O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart into Safe mode

Delete these files if found
C:\foo.mht <--file
C:\WINDOWS\Debug\dcpromo.log <--file

Double click on NoNav.reg and allow it to merge to the registry
Double click on RemoveWin.reg and allow it too

Go to START>>RUN>>type in
%temp%
Hit OK
Click EDIT>>SELECT ALL
Delete the Selected

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content

Stay in safe mode
Open Ad-Aware
Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Post back with a fresh Hijackthis log

Could you also
===Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the Whole contents of the Quote box to notepad, not including the word Quote
In Notepad click FILE>>SAVE AS
Name the file as LSA.bat
and save it on the Desktop

Quote

regedit /e LSA.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"

Double click on LSA.bat
A new file will be produced called LSA.reg
Right click on LSA.reg and select EDIT
Copy and paste back the contents, thanks

Havasivi · « **Reply #6 on:** February 19, 2005, 02:24:00 PM »

Ok i've scanned with ad-aware and it found 5 things that i removed.
I also removed those things you said in Hijackthis.
How do you know what to be removed? i didn't see anything wierd with those files, but i guess you're the pro here so you know best.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I couldn't find C:\foo.mht but i found something similar and i removed that one and another file that had the same filesize that i didn't know what it was. And i also removed C:\WINDOWS\Debug\dcpromo.log. And all temp files.
And i did the other thing you said.

So here's the LSA.reg file:

---------start
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000001

---------end >>Edited unneeded entries ~guestolo~

and the Hijackthis logfile:

---------start
Logfile of HijackThis v1.99.1
Scan saved at 20:07:12, on 2005-02-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\Program\Winamp\winampa.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
E:\Program\RedLine\Taskbar.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
E:\Program\Alias\Maya6.0\docs\Wrapper.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program\GrabClipSave\GrabClipSave.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\Program\Eset\nod32krn.exe
C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
E:\Program\Alias\Maya6.0\docs\jre\bin\java.exe
E:\program\redline\gameutil.exe
E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program\RealVNC\VNC4\WinVNC4.exe
E:\Program\Winamp\winamp.exe
C:\Documents and Settings\Nemo\Mina dokument\Unzipped\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\Program\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RedLine Taskbar] E:\Program\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "E:\Program\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Steam] "e:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [GCS] "C:\Program\GrabClipSave\GrabClipSave.exe"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C9DF7C-B0B9-4DD5-BC8A-DDC82D201555}: NameServer = 81.26.226.3,81.26.229.3
O20 - Winlogon Notify: WB - C:\Program\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - E:\Program\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\Program\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

--------end

Okay i think that's it, thank you again for your help. I think that one annoying popup i've been having actually has stopped now

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #7 on:** February 19, 2005, 02:54:01 PM »

Just one last thing and I'll leave you alone

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Go to start>>Run>>type in regedit
Hit OK
Navigate to this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

as follows>>Expand(+)
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Control
Left click and Highligt Lsa

On the right hand side look for this entry with the exact name
restrictanonymous

Right click on it and left click Modify
Change the value data to 0
Hit OK
Exit the Registry Editor

If everything is running better

You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link
Scroll down and click on IE-SPYAD.EXE Free! or IE-SPYAD2.EXE Free!

Regular IE-Spyad for the individual user or IE-Spyad 2 for global protection(All users) on your computer
You only need one or the other

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection

This entry in your log
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
Is related too TDS-3, as mentioned it's good for 30 days
You may choose to hold onto for the full amount of time
If you do you should Manually update TDS-3 again before your time expires and run another scan
After you uninstall TDS-3 and restart your computer if that entry is still in your Hijackthis log you can have Hijackthis fix it......
Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Havasivi · « **Reply #8 on:** February 20, 2005, 03:29:56 PM »

ok, i think i have done all that now.
thank you once again

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> hopefully everything will work fine from now on.

Thank you!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />

guestolo · « **Reply #9 on:** February 20, 2005, 03:58:27 PM »

Thanks for posting back
I'll lock this topic as your problems appear to be resolved
If you need it reopened PM a Mod or the site Admin
Supply a link to this thread

TheTechGuide Forum

News:

Author Topic: help please, task manager not showing up... (Read 10185 times)

Havasivi

help please, task manager not showing up...

guestolo

help please, task manager not showing up...

Havasivi

help please, task manager not showing up...

guestolo

help please, task manager not showing up...

Havasivi

help please, task manager not showing up...

guestolo

help please, task manager not showing up...

Havasivi

help please, task manager not showing up...

guestolo

help please, task manager not showing up...

Havasivi

help please, task manager not showing up...

guestolo

help please, task manager not showing up...