Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

task manager not working


  • This topic is locked This topic is locked
2 replies to this topic

#1 mbort79

mbort79

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 21 September 2009 - 03:32 PM

Hi smile.gif

I'm having problems with taskmanager not working after removal of malware/virus. The only way i can get it to work is to rename it. I have run Hijack this, and here are the results. I'm not sure what can be cleaned up to fix the issue?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:06 PM, on 9/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgfws8.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\crackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms33 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
O16 - DPF: {0C32F068-C8B2-446D-BC31-96101BD7983E} (MomWindowsTask.clsWindowsTask) - http://primosql/mfs/cab/momWindowsTask.CAB
O16 - DPF: {2D89E3D8-14B0-11D4-BA57-005004D1CBF8} (Momentis Product Specification AlphaSearch Control) - http://primosql/mfs/Cab/PAS.CAB
O16 - DPF: {32A5BD55-AE89-11D3-B9E9-005004D1CBF8} (Momentis Size Grid Control) - http://primosql/mfs/cab/SizeGrid3.CAB
O16 - DPF: {3A46F2C8-0128-11D2-88DA-00104B2C0CDB} (API.mAPIFileOpenDialog) - http://primosql/mfs/cab/API.CAB
O16 - DPF: {4310E217-92C1-11D3-B9CC-005004D1CBF8} (Momentis Vendor AlphaSearch Control) - http://primosql/mfs/cab/VAS4.CAB
O16 - DPF: {4598811D-F706-11D1-88CD-00104B2C0CDB} (RTBox.ctlRTBox) - http://primosql/mfs/cab/RTBoxOCX.CAB
O16 - DPF: {5BB5C6F3-ACCF-11D3-B9E7-005004D1CBF8} (Momentis PhoneMask Control) - http://primosql/mfs/cab/PhoneMask.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {66182635-4846-459E-9FC5-F9E6C0CBD00B} (MomPdf.clsMomPdf) - http://primosql/mfs/cab/MomPDF.CAB
O16 - DPF: {787FC27A-38B7-11D4-BA82-005004D1CBF8} (Momentis WaitForFile Object) - http://primosql/mfs/cab/AppTools.CAB
O16 - DPF: {7DCA8AB9-DF29-11D3-BA23-005004D1CBF8} (Momentis Core Table Grid Control) - http://primosql/mfs/cab/MGrid_MF.CAB
O16 - DPF: {83CEB7F5-9069-40DA-B116-883691236AA3} (MomPrintDoc.clsPrintDoc) - http://primosql/mfs/cab/momPrintDoc.CAB
O16 - DPF: {9354695F-9DD2-11D3-B9D8-005004D1CBF8} (Momentis DataList Control) - http://primosql/mfs/cab/DataList.CAB
O16 - DPF: {98AB63B8-2DF1-11D2-BAC4-00104B2CAB32} (Momentis ExecShell Class) - http://primosql/mfs/cab/ExecShell.CAB
O16 - DPF: {9CA6D613-A3AF-471B-B19F-12B49F3744A9} (Momentis ODBC DSN Object) - http://primosql/mfs/cab/MomentisOdbcDsn.CAB
O16 - DPF: {9D4459EA-8BD5-11D3-B9C3-005004D1CBF8} (Momentis SiteMenu Control) - http://primosql/mfs/cab/SiteMenu.CAB
O16 - DPF: {9DB63785-B09B-4780-800F-2B8710CA7FF3} (Momentis ComboBox Control 2.0) - http://primosql/mfs/cab/ComboBox2.CAB
O16 - DPF: {B96F966D-9170-11D3-B9CA-005004D1CBF8} (Momentis Customer AlphaSearch Control) - http://primosql/mfs/cab/CAS4.CAB
O16 - DPF: {BCA89838-311A-11D2-891E-00104B2C0CDB} (RTBox.clsRTBox) - http://primosql/mfs/cab/RTBox.CAB
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://primosql/mfs/cab/CrystalViewer.CAB
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D077A406-86EB-11D3-B9BE-005004D1CBF8} (Momentis DateMask Control) - http://primosql/mfs/CAB/DateMask.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E157197B-716E-478B-B4ED-C34355227ED4} (Momentis Grid Control 2.0) - http://primosql/mfs/cab/MomGrid2.CAB
O16 - DPF: {F493C4B3-24F0-11D4-BA6C-005004D1CBF8} (Momentis Style AlphaSearch Control 5.0) - http://primosql/mfs/cab/SAS5.CAB
O16 - DPF: {F94D81C6-540A-11D4-9FCF-00D0B71952C9} (pCMS.clsCMS) - http://primosql/mfs/cab/pCMS.CAB
O16 - DPF: {FE2BD3F7-92C0-11D3-B9CC-005004D1CBF8} (Momentis Ship-To AlphaSearch Control) - http://primosql/mfs/cab/HAS3.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = primo2k.com
O17 - HKLM\Software\..\Telephony: DomainName = primo2k.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = primo2k.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TQE - Sysinternals - www.sysinternals.com - D:\DOCUME~1\admaster\LOCALS~1\Temp\TQE.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10014 bytes


Any help would be greatly appreciated thumbup.gif

BC AdBot (Login to Remove)

 


#2 mbort79

mbort79
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 22 September 2009 - 10:07 AM

Hi

I resolved my own issue. I used http://hjt.networktechs.com/ to read the hijackthis logs, removed bad entries. I still had issue with task manager so I installed autoruns http://www.snapfiles.com/rhttp://hjt.netwo...s/autoruns.html which has a hijack button and low and behold there was task manager and other apps. This resolved my issues.

:(

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 22 September 2009 - 04:57 PM

Thank you for letting us know mbort79.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users