TechSpot

Task Manager and NOD32 Errors

By genexion
Sep 16, 2005
  1. Hey guys,

    recently my desktop has been having problems opening task manager (i've seen other threads about this, but hopefully i get specific advice) and when i renamed it to finally open it, i coulnd't click on any of the processes or highlight them to turn them off..it was as if they were all highlighted. Also when I want NOD32 to scan my system for infected files, after I click the Scan button, nothing happens.

    I did a system scan with Hijack This! and I hope it helps in figuring out what's wrong. I'm sure it's a trojan or something. Right now i'm also running Adaware to do a full system scan. Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 2:59:27 PM, on 9/16/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\WINDOWS\lsa.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\System32\vrw.exe
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\WINDOWS\System32\tbctray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Ad-Aware SE Personal\Ad-Aware Personal.exe
    C:\Documents and Settings\Gene\Desktop\HijackThis-1.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] marya.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
    O4 - HKLM\..\Run: [MS-DOS Security Service] ms-dos.pif
    O4 - HKLM\..\Run: [Virus Detector] detector.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
    O4 - HKLM\..\Run: [Windows ASN Service] vrw.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dvnhkjIgsuyohcVael] C:\WINDOWS\System32\oslxqwdvukibq.exe
    O4 - HKLM\..\Run: [jaxvJ] C:\WINDOWS\System32\oiinehbjtkdnx.exe
    O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] marya.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
    O4 - HKLM\..\RunServices: [MS-DOS Security Service] ms-dos.pif
    O4 - HKLM\..\RunServices: [Virus Detector] detector.exe
    O4 - HKLM\..\RunServices: [Windows ASN Service] vrw.exe
    O4 - HKLM\..\RunServices: [dvnhkjIgsuyohcVael] C:\WINDOWS\System32\oslxqwdvukibq.exe
    O4 - HKLM\..\RunServices: [jaxvJ] C:\WINDOWS\System32\oiinehbjtkdnx.exe
    O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] marya.exe
    O4 - HKCU\..\Run: [MS-DOS Security Service] ms-dos.pif
    O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
    O4 - HKCU\..\RunServices: [MS-DOS Security Service] ms-dos.pif
    O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O15 - Trusted Zone: *.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ojwrdsqz.exe
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E3AED7AD-A01F-404C-AD33-7F77F03174DF}: NameServer = 64.105.204.26 64.105.124.154
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: w8c6s4xcm66.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe
     
  2. IronDuke

    IronDuke TS Rookie Posts: 856

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...