TechSpot

Task manager problems

By OneKrnGuy
Feb 14, 2008
  1. hey i just got home and tried to update something then it didnt respond so i tried opening task manager but it didnt load can some 1 help me here are logs o-o


    Deckard's System Scanner v20071014.68
    Run by Tony Do on 2008-02-14 21:05:56
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tony Do.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:57 PM, on 2/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Steam\Steam.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\limewire\limewire.exe
    C:\Documents and Settings\Tony Do\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\TONYDO~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: svchost.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 4772 bytes

    -- Files created between 2008-01-14 and 2008-02-14 -----------------------------

    2008-02-14 20:57:27 3635 --a------ C:\Start_.cmd
    2008-02-14 20:57:26 0 d-------- C:\327882R2FWJFW
    2008-02-14 20:35:19 0 dr-h----- C:\Documents and Settings\Tony Do\Recent
    2008-02-14 20:34:03 0 d-------- C:\Program Files\Yahoo!
    2008-02-14 20:33:53 0 d-------- C:\Program Files\CCleaner
    2008-02-14 20:30:43 0 d-------- C:\Program Files\Lavasoft
    2008-02-14 20:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-14 20:30:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-14 20:30:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-14 20:17:57 0 d-------- C:\Program Files\Trend Micro
    2008-02-14 20:10:27 0 d-------- C:\Documents and Settings\Tony Do\.housecall6.6
    2008-02-13 23:54:12 0 --a------ C:\WINDOWS\b.exe
    2008-02-12 21:55:37 0 d-------- C:\Program Files\Steam
    2008-02-08 01:42:07 0 d-------- C:\Program Files\JitBit
    2008-02-04 04:46:24 0 d-------- C:\Documents and Settings\Tony Do\Application Data\gtk-2.0
    2008-02-04 04:46:24 0 d-------- C:\Documents and Settings\Tony Do\.thumbnails
    2008-02-04 04:44:48 0 d-------- C:\Documents and Settings\Tony Do\.gimp-2.4
    2008-02-03 22:53:59 0 d-------- C:\Program Files\AC Tool
    2008-02-03 12:56:42 0 d-------- C:\Program Files\Common Files\INCA Shared
    2008-01-24 16:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-24 16:37:44 0 d-------- C:\Program Files\NavNT
    2008-01-24 12:22:55 0 d-------- C:\Program Files\Symantec
    2008-01-22 21:34:03 0 d-------- C:\WINDOWS\system32\CBA
    2008-01-22 21:34:02 0 d-------- C:\WINDOWS\system32\AMS_II
    2008-01-22 21:33:58 368912 -----n--- C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
    2008-01-22 21:33:58 77824 -----n--- C:\WINDOWS\system32\ODBCTL32.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
    2008-01-22 21:33:57 251664 -----n--- C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-01-22 21:33:57 169984 -----n--- C:\WINDOWS\system32\MSLTUS35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-01-22 21:33:57 24336 -----n--- C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-01-22 21:33:57 37136 -----n--- C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-01-22 21:33:57 1039360 -----n--- C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-01-22 21:33:57 77824 -----n--- C:\WINDOWS\system32\LOC32VC0.DLL <Not Verified; Intel; Intel loc32vc0>
    2008-01-22 21:29:43 0 d-------- C:\Program Files\Common Files\Symantec Shared


    -- Find3M Report ---------------------------------------------------------------

    2008-02-14 20:30:01 0 d-------- C:\Program Files\Common Files
    2008-02-14 19:31:12 0 d-------- C:\Program Files\LimeWire
    2008-02-14 14:47:53 0 d-------- C:\Documents and Settings\Tony Do\Application Data\LimeWire
    2008-02-13 23:34:19 0 d--h----- C:\Documents and Settings\Tony Do\Application Data\ijjigame
    2008-02-13 00:35:58 0 d-------- C:\Program Files\Trillian
    2008-02-04 04:04:42 0 d-------- C:\Program Files\Common Files\AOL


    -- Registry Dump ---------------------------------------------------------------

    Unable to run batchfile; The process cannot access the file because it is being used by another process.
    ComSpec: C:\WINDOWS\system32\cmd.exe


    -- End of Deckard's System Scanner: finished at 2008-02-14 21:06:14 ------------

    LimeWire version 4.14.10
    Java version 1.5.0_12 from Sun Microsystems Inc.
    Windows XP v. 5.1 on x86
    Free/total memory: 31457080/33357824

    com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid xml.war
    at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:292)
    at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:57)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.limegroup.gnutella.gui.Main.main(Main.java:45)

    STARTUP ERROR!




    FILES IN CURRENT DIRECTORY:
    C:\Program Files\limewire\lib
    LAST MODIFIED: 1203046271955
    SIZE: 0

    C:\Program Files\limewire\LimeWire.exe
    LAST MODIFIED: 1190038754281
    SIZE: 147456
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    First off try restarting, pressing F8 on startup, and select "Last known good configuration"

    Other than that I'll need a lot more information
    Windows version?
    Computer make model?
    Tried to update what?
    Is Antivirus updated and running?
     
  3. OneKrnGuy

    OneKrnGuy TS Rookie Topic Starter

    erm latitude d600 series i got avast its up and running
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    So is it working now?
    You're very brief

    So I still don't know all the above answers
    Providing as much info as possible will help me to get your computer running again.
    ie any error messages?
    Have you tried holding down Ctrl+Alt+Del to get to Task Manager?
     
  5. OneKrnGuy

    OneKrnGuy TS Rookie Topic Starter

    yes i have tried that and crt shift esc or w.e lawlx if u want i can do a i hijackerthis test thingy and post it no error messages
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    No because you will need to answer all the above first.
    As you are only answering my last questions on each post
    I don't believe that I can help you!
    How do you feel about that?
     
  7. OneKrnGuy

    OneKrnGuy TS Rookie Topic Starter

    really sad D:
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi,

    It appears you are infected with a few nasties. One of the being SDBot. One of them I am still trying to identify as I am not familiar with Deckard's Scanner.

    Update your Java Runtime Environment
    • This new release will overwrite previous installations and automatically update browsers to use this new release. The configuration files and program files folder used by Java Web Start have changed, but all your settings will remain intact after the upgrade, since Java Web Start will translate your settings to the new form.

      Java SE Runtime Environment 6 Update 4 First Customer Ship

      Simply enter your operating system and check agree to terms of service. Select ok
      Then click directly on the file to download
      This downloads the installer (hopefully to your desktop)
      Locate and double click the installer jre-6u4-windows-i586-p-iftw.exe (or whichever installer you chose)

    After your Java is up to date please run:

    Trend Micro Housecall Free Online Scanner

    • It`s one of the very few online scanners that will actually disinfect viruses etc.
    • First Open Internet Explorer
    • Go to Trend Micro's Housecall website which can be found HERE
    • Click on the link that says "Scan now. It's Free"
    • A new tab will open where you will have to tick a box to agree to the terms of service.
    • Click "Launch House Call"
    • Follow any additional on screen instructions to remove anything it finds

    After House call is complete can you please attempt to download and run Combofix

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    In your reply please include both a Combofix log and another Hijackthis log
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Just so others don't think I'm silly.

    Posts merged

    When I was replying, post 1 wasn't there.
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I figured. Didn't seem like your usual replies
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...