Windows Task Manager

[k1llerm1ke]

I am having similar issues to those that have been posted about the ctrl alt delete not being able to open my task manager. even when i use Run with the taskmgr command it still will not open. This problem occurred just moments after my dumb *** opened a file off of limewire that i should have not been messing with. The error box that appears after using the run command is that "another application is currently using this" so it must be a virus or spyware causing the problem. When i run adaware it allows me to delete all but like two or three files. which i'm guessing are the ones that are causing the problems. When I enter my MsConfig to disable startup programs there are none in there that could be considered malicious.
I also tried using the Hijackthis program and found nothing in the error report that looked similar to anything posted so far. Also, I get random pop-ups and stupid programs that will just pop up. In my Firefox as well, advertisement pages will open non-stop. I'm not sure if this is related, but my limewire keeps wanting to open itself up even after i close it immediately. Hopefully someone else is having the same problem or knows a solution to this. I would appreciate it!!!

 

[kangaruffian]

boot in safe mode then try remove those files

 

[Peddant]

Hello k1llerm1ke. Welcome to Techspot.

Your computer has a whole heap of spyware.

Go HERE and follow the instructions exactly.Then post an HJT log in the Security and the web forum.

 

[Tedster]

this forum is for distributed computing only. (BOINC and similar projects) Please post in the correct forum.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Follow the instructions as supplied by Peddant.

Then, post a fresh HJT log into this thread, only after you`ve followed the instructions exactly.

I have moved this thread to our security and the web forum.

Regards Howard :wave: :wave:

 

[k1llerm1ke]

Sorry for posting in the wrong forum. Wasn't really sure about where to post that. I'm currently doing all the steps provided in that link and it is taking some time. The first virus scanner is taking about three hours. I do appreciate your help because my comp. is definitley taking a beating right now. I will get back when I have finished all the steps.

 

[k1llerm1ke]

I finished scanning my computer with the ewido anti-malware program and after doing that my windows task manager worked fine. I'm not sure if i should still do the long third step because everything is going fine now but i'll take any recommendations on whether or not to do that. i want to post my log but it says the file is too large. I'm not sure how to make a .txt file smaller. Much thanks for the info as well.

 

[Vigilante]

Post your log in two pieces if you must.

And it would be good to run ALL the cleaning steps, as they all compliment each other, and catch what the others don't. Because there are subtle differences between "viruses", "spyware", "adware", "hijacks", "malware", and every other "ware", each scanner finds things the others don't.
But the core tools being virus scan, 3 adware scans (AA, SB, Ewido), and posting your HJT log.

good luck

 

[howard_hopkinso]

Since you are having trouble attaching your HJT log. Copy and paste it into this thread.

Regards Howard

 

[k1llerm1ke]

"How to remove Begin2Search / CoolWebSearch and other Nasties" Still getting popups

Went through all the steps and my firefox still continues to open with popups. The majority of them being for a service called "STOPzilla".
In my system32 folder, there is a file named Defender and it will not let me delete it.
Also I am getting an error message every time I restart windows that says "An exception occurred while trying to run ""C:\\WINDOWS\system32\mjc42.dll",DllGetVersion"

Not sure what this means but it did not start until I went through all those steps.
Please help because I have done so much in the past few days and I am so close to getting my comp. to run smooth again.
Could not get my log to be an attachment because it says that the file type is not supported. In the upload menu, it is listed as a .log file. But the file is a .txt file.

"Hijackthis Log."



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\taskmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l4r00e9meh.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

 

[k1llerm1ke]

I started a new thread by accident. I'll get used to this soon I promise. But the new thread is the up-to-date one w/ my log in it as well. Thank you very much.

 

[Peddant]

You only have half a log there.Try again.

mjc42.dll can be downloaded HERE

O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\l4r00e9meh.dll is evil.

Howard will get you sorted when you`ve posted the full log.

 

[Vigilante]

Yes your log doesn't look complete, but you could try this:

Remove these entries:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

These aren't bad files, but since the file is missing, might as well remove them.
Next, click the "Config..." button. Then click the "Misc Tools" button. Next click "Delete a file on reboot" And browse to the l4r00e9meh.dll file and select it and click ok. It will ask to reboot, go ahead and do it.
Upon reboot, run HJT again and see if you can delete the Notify key. Once it is gone, scan AGAIN with HJT to make SURE it is gone.
If the entry comes back, or comes back with a different file name, then more advanced techniques are needed.

In a nutshell, you are deleting that DLL so the Notify entry can be removed. But while the DLL is running, that entry can NOT be removed, because the malware will simply put it back again

Good luck

 

[howard_hopkinso]

That is not a complete HJT log.

Your system is infected with the look2me infection.

Go HERE and follow the instructions.

Then see HERE for instructions on how to post your HJT log.

Regards Howard

 

[howard_hopkinso]

BTW. I have merged your new thread into this one.

It will save any confusion.

Regards Howard

 

[k1llerm1ke]

I fixed all the (missing file) and (no file) problems but they still show up in the log but not when I run the scan for HijackThis. I'm sure it just saves it all in the log but just letting you know to make sure.

The winlogin file will not let me delete it. The name also changes everytime I reboot like you stated. It appears I'm not going to have it easy. I FINALLY figured out how to post the log correctly and hopefully it is the entire log this time. Should I also post my ewido log or any other one as well to help?

When I run the Look2Me-Destroyer, it says it will close, then restart automatically in 1 minute but nothing ever happens.

Also, I fixed the missing .dll message that pops up everytime windows starts so thank you for the help there.

 

[k1llerm1ke]

I'm going to post me ewido log anyways cuz i just scanned and it found like 300 more infections.

 

[howard_hopkinso]

That`s still not a full HJT log.

You need to run the Look2me destroyer again. You need to be patient as sometimes it can take a while for the tool to do it`s stuff.

Then run HJT and click scan, then click save log. Browse to where you want to save the log and click in the box where it says hijackThis logfile and type .txt and click the save button.

Then attach it here.

Regards Howard

 

[howard_hopkinso]

I`ve just looked at your Ewido log. It`s got rid of mostly tracking cookies, but it does say it`s cleaned a look2me infection as well.

I still recommend you try to run the Look2me destroyer again.

Then post a fresh HJT log.

Regards Howard

 

[Vigilante]

If I might interject about the bad DLL...

When I usually do in this case is:

1) Write down the name of the DLL CURRENTLY in HJT, do NOT attempt to remove it.

2) Restart and go into Recovery Console.

4) Delete the noted DLL from R.C.

5) Restart back to Safe Mode and remove the entries in HJT.
---------

Sometimes a program like HJT or killbox can delete a file on reboot, but a winlogon entry is one of the first things to load upon startup, so often cannot be deleted with those programs.
In certain cases, all you can do is find another way to delete the file when it's not in use, then remove its startup entry.

HOWEVER, it is in vain if you are still infected with something else, that will just reinsert it again, or if it changes names before you can delete it. But it's a start.

Honestly, take a look at the log you posted, and take a look at what HJT is REALLY showing you, are they the same?
And 2nd, no need to post Ewido log, I don't think, it's safe pretty much to remove whatever it finds. But not with HJT, because it finds the good with the bad. Ewido, AA, SB, only find bad stuff, remove it all.

 

[k1llerm1ke]

The Look2Me-Destroyer still will not open. I've tried it several times and waited for up to an hour and nothing ever happens. I checked my Task Manager, and there is no process in it pertaining to it. I'll keep trying though.

Also, I run HijackThis and scan. Then save my log exactly as instructed. That is the file I've attached before and I don't know why it isn't a complete log. I've read over the "how to post it" several times looking for anything that I"m missing but I'm still not sure y it isn't complete. Attached is the log saved after the scan exactly as it is given to me. The other is a full report that I found in the Misc. menu. Hopefully one of them is the correct log.

ps. you rule Howard and sorry if I'm frustrating.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts

O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ktrul7991.dll

Click on the fix checked button.

Close HJT.

Run the look2me destroyer again.

Reboot into normal mode.

You also need to install an antivirus programme and a firewall.

AVG free and Zonealarm free are both very good.

You can get them HERE and HERE.

Install Zonealarm first, followed by AVG, then reboot your computer and run the AVG updates.

Post a fresh HJT log.

Regards Howard

 

[Vigilante]

haha, the log is even smaller then before. Something tells me that really IS his whole HJT log.
I've seen systems get that small after a scan, but the bad DLL is still there, it may be difficult to remove.

Don't give up!

 

[howard_hopkinso]

That is his full HJT log Vig lol.

Mine is even shorter than that(see attachment).

You are right about that bad .dll file. It`s part of the look2me infection.

We`ll get rid of it one way or another though.

Regards Howard

 

[Vigilante]

That is your log Howard? Wow, mine is huge

But you are still on SP1