Task manager problems

[OneKrnGuy]

hey i just got home and tried to update something then it didnt respond so i tried opening task manager but it didnt load can some 1 help me here are logs o-o


Deckard's System Scanner v20071014.68
Run by Tony Do on 2008-02-14 21:05:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Tony Do.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:57 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\Tony Do\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TONYDO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4772 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 20:57:27 3635 --a------ C:\Start_.cmd
2008-02-14 20:57:26 0 d-------- C:\327882R2FWJFW
2008-02-14 20:35:19 0 dr-h----- C:\Documents and Settings\Tony Do\Recent
2008-02-14 20:34:03 0 d-------- C:\Program Files\Yahoo!
2008-02-14 20:33:53 0 d-------- C:\Program Files\CCleaner
2008-02-14 20:30:43 0 d-------- C:\Program Files\Lavasoft
2008-02-14 20:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 20:30:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 20:30:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 20:17:57 0 d-------- C:\Program Files\Trend Micro
2008-02-14 20:10:27 0 d-------- C:\Documents and Settings\Tony Do\.housecall6.6
2008-02-13 23:54:12 0 --a------ C:\WINDOWS\b.exe
2008-02-12 21:55:37 0 d-------- C:\Program Files\Steam
2008-02-08 01:42:07 0 d-------- C:\Program Files\JitBit
2008-02-04 04:46:24 0 d-------- C:\Documents and Settings\Tony Do\Application Data\gtk-2.0
2008-02-04 04:46:24 0 d-------- C:\Documents and Settings\Tony Do\.thumbnails
2008-02-04 04:44:48 0 d-------- C:\Documents and Settings\Tony Do\.gimp-2.4
2008-02-03 22:53:59 0 d-------- C:\Program Files\AC Tool
2008-02-03 12:56:42 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 16:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 16:37:44 0 d-------- C:\Program Files\NavNT
2008-01-24 12:22:55 0 d-------- C:\Program Files\Symantec
2008-01-22 21:34:03 0 d-------- C:\WINDOWS\system32\CBA
2008-01-22 21:34:02 0 d-------- C:\WINDOWS\system32\AMS_II
2008-01-22 21:33:58 368912 -----n--- C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-22 21:33:58 77824 -----n--- C:\WINDOWS\system32\ODBCTL32.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-01-22 21:33:57 251664 -----n--- C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-22 21:33:57 169984 -----n--- C:\WINDOWS\system32\MSLTUS35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-22 21:33:57 24336 -----n--- C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-22 21:33:57 37136 -----n--- C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-22 21:33:57 1039360 -----n--- C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-22 21:33:57 77824 -----n--- C:\WINDOWS\system32\LOC32VC0.DLL <Not Verified; Intel; Intel loc32vc0>
2008-01-22 21:29:43 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-14 20:30:01 0 d-------- C:\Program Files\Common Files
2008-02-14 19:31:12 0 d-------- C:\Program Files\LimeWire
2008-02-14 14:47:53 0 d-------- C:\Documents and Settings\Tony Do\Application Data\LimeWire
2008-02-13 23:34:19 0 d--h----- C:\Documents and Settings\Tony Do\Application Data\ijjigame
2008-02-13 00:35:58 0 d-------- C:\Program Files\Trillian
2008-02-04 04:04:42 0 d-------- C:\Program Files\Common Files\AOL


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- End of Deckard's System Scanner: finished at 2008-02-14 21:06:14 ------------

LimeWire version 4.14.10
Java version 1.5.0_12 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 31457080/33357824

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid xml.war
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:292)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:45)

STARTUP ERROR!




FILES IN CURRENT DIRECTORY:
C:\Program Files\limewire\lib
LAST MODIFIED: 1203046271955
SIZE: 0

C:\Program Files\limewire\LimeWire.exe
LAST MODIFIED: 1190038754281
SIZE: 147456

 

[kimsland]

First off try restarting, pressing F8 on startup, and select "Last known good configuration"

Other than that I'll need a lot more information
Windows version?
Computer make model?
Tried to update what?
Is Antivirus updated and running?

 

[OneKrnGuy]

erm latitude d600 series i got avast its up and running

 

[kimsland]

So is it working now?
You're very brief

So I still don't know all the above answers
Providing as much info as possible will help me to get your computer running again.
ie any error messages?
Have you tried holding down Ctrl+Alt+Del to get to Task Manager?

 

[OneKrnGuy]

yes i have tried that and crt shift esc or w.e lawlx if u want i can do a i hijackerthis test thingy and post it no error messages

 

[kimsland]

No because you will need to answer all the above first.
As you are only answering my last questions on each post
I don't believe that I can help you!
How do you feel about that?

 

[OneKrnGuy]

really sad D:

 

[Blind Dragon]

Hi,

It appears you are infected with a few nasties. One of the being SDBot. One of them I am still trying to identify as I am not familiar with Deckard's Scanner.

Update your Java Runtime Environment

• This new release will overwrite previous installations and automatically update browsers to use this new release. The configuration files and program files folder used by Java Web Start have changed, but all your settings will remain intact after the upgrade, since Java Web Start will translate your settings to the new form.
  
  Java SE Runtime Environment 6 Update 4 First Customer Ship
  
  Simply enter your operating system and check agree to terms of service. Select ok
  Then click directly on the file to download
  This downloads the installer (hopefully to your desktop)
  Locate and double click the installer jre-6u4-windows-i586-p-iftw.exe (or whichever installer you chose)

After your Java is up to date please run:

Trend Micro Housecall Free Online Scanner

• 
  It`s one of the very few online scanners that will actually disinfect viruses etc.
• First Open Internet Explorer
• Go to Trend Micro's Housecall website which can be found HERE
• Click on the link that says "Scan now. It's Free"
• A new tab will open where you will have to tick a box to agree to the terms of service.
• Click "Launch House Call"
• Follow any additional on screen instructions to remove anything it finds

After House call is complete can you please attempt to download and run Combofix

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

In your reply please include both a Combofix log and another Hijackthis log

 

[kimsland]

Just so others don't think I'm silly.

Posts merged

When I was replying, post 1 wasn't there.

 

[Blind Dragon]

I figured. Didn't seem like your usual replies