Author Topic: task manager is disabled (Read 9531 times)

hidinu · « **on:** December 13, 2007, 09:25:57 PM »

Hi,

Yester day i have connected my USB to my pc.. from then some virus attacked my pc and the task manager has been disabled.

I am running on Win XP original with AVG and Windows defender as protective shields. But both of them couldn't find any malware.

I have tried no 131 and no 31 on the following: website http://www.kellys-korner-xp.com/xp_tweaks.htm

From then onwards my computer has also become dead slow, its taking atleast a minute to accept any type of command.

Could u pls rectify this

Broni · « **Reply #1 on:** December 13, 2007, 09:32:26 PM »

1. Run free online scan at: http://housecall.trendmicro.com/
Post HouseCall log.

2. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print this instructions out.

SUPERAntiSpyware should be run in Safe Mode.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

hidinu · « **Reply #2 on:** December 14, 2007, 04:56:47 AM »

1. Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:13:04 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Dinesh Kumar\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 5804 bytes
_______________________________________ ____________________________

hidinu · « **Reply #3 on:** December 14, 2007, 05:04:47 AM »

2. SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/14/2007 at 03:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3361
Trace Rules Database Version: 1360

Scan type : Complete Scan
Total Scan Time : 03:32:52

Memory items scanned : 328
Memory threats detected : 1
Registry items scanned : 5516
Registry threats detected : 16
File items scanned : 77661
File threats detected : 35

Trojan.Downloader-SSVI/YM
   C:\WINDOWS\SYSTEM32\SSVICHOSST.EXE
   C:\WINDOWS\SYSTEM32\SSVICHOSST.EXE
   [Yahoo Messengger] C:\WINDOWS\SYSTEM32\SSVICHOSST.EXE
   C:\WINDOWS\SSVICHOSST.EXE
   C:\WINDOWS\Prefetch\SSVICHOSST.EXE-0C870ED3.pf

Unclassified.Unknown Origin
   HKLM\Software\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}#AppID
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\Control
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\InprocServer32
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\MiscStatus
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\MiscStatus\1
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ProgID
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ToolboxBitmap32
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\TypeLib
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\Version
   HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\VersionIndependentProgID
   C:\WINDOWS\XMLJACODEC.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}

Adware.Tracking Cookie
   C:\Documents and Settings\Dinesh Kumar\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dinesh Kumar\Cookies\[email protected][2].txt

Adware.Vundo Variant
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\LHBVOGGE.DLL
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\OCXDCRSC.DLL
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\PMKLSRTL.DLL

Trojan.SmitFraud-Variant-A
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169667.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169668.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169669.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169671.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169735.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169736.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP192\A0169737.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP193\A0169755.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP193\A0169756.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP193\A0169757.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP193\A0169783.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169858.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169859.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169860.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169883.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169945.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169946.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169947.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169956.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169957.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169970.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169971.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169972.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP194\A0169974.EXE

Adware.Starware
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP198\A0171110.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{4DAE1140-BD5B-4DEC-A170-86932829A0DA}\RP198\A0171123.DLL
_______________________________________ ____________________________

I could n't get the Housecall log b,coz my system slowness..... as soon as i get it i'll post this...

Broni · « **Reply #4 on:** December 14, 2007, 05:27:55 PM »

Quote

I could n't get the Housecall log b,coz my system slowness

Don't worry about it now. I'll check your logs.

I can see, you ran BETA version of HijackThis. Next time, please, download it from the link, I provided.

Broni · « **Reply #5 on:** December 14, 2007, 05:36:50 PM »

A.
Print out these instructions as we will need to close every window that is open later in the fix.

Download VundoFix:
http://www.atribune.org/content/view/24/2/

* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

B.
1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Download SmitfraudFix.exe from here and save it to your desktop:

http://www.bleepingcomputer.com/files/smitfraudfix.php

3. Next, please reboot your computer into Safe Mode by doing the following:

a. Restart your computer

b. Start tapping F8 key

c. A menu will appear

d. Select the first option, to run Windows in Safe Mode.

4. Close all open Windows.

5. Now, double-click on the SmitFraudfix icon.

6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.

8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.

9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.

10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply.

C.
Run HijackThis again, save its log.

D.
Attach SmitFraudfix, and NEW HijackThis logs.

hidinu · « **Reply #6 on:** December 15, 2007, 09:01:48 PM »

SmitFraudFix v2.269

Scan done at 21:30:35.04, Sat 12/15/2007
Run from C:\Documents and Settings\Dinesh Kumar\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\Tasks\At?.job Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer=202.54.12.164,202.54.29.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer=202.54.12.164,202.54.29.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer=202.54.12.164,202.54.29.5

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

hidinu · « **Reply #7 on:** December 15, 2007, 09:02:53 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:36 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 5001 bytes

Broni · « **Reply #8 on:** December 15, 2007, 09:19:04 PM »

I can't see any firewall running. Do you use Windows firewall?

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe

- O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

- Is Asia Pacific Network Information Centre , your Internet Service provider?
If not, check also all three O17 entries

4. Click on "Fix It" button.

5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

6. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

7. Restart in Normal Mode.

8. Turn System Restore on.

9. Run HijackThis again, and post back its log back here.

hidinu · « **Reply #9 on:** December 15, 2007, 10:14:18 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:57 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4483 bytes

hidinu · « **Reply #10 on:** December 16, 2007, 12:08:10 AM »

Now the task manager is enabled.....
Should i hav 2 do anything more?

Broni · « **Reply #11 on:** December 16, 2007, 01:32:47 PM »

It looks good. Your HJT log is clean, however...
I can't see any firewall, nor antivirus running. Please, explain.

hidinu · « **Reply #12 on:** December 16, 2007, 09:37:11 PM »

i have AVG which is up-to-date.....
and firewall protection is on.....
i dont know why previous scans are not showing it?

Broni · « **Reply #13 on:** December 16, 2007, 10:14:02 PM »

If you're running Windows firewall, it won't show it. That's why, I asked. In any case, I'd switch from Windows firewall to some better firewall.
As for AVG, I can see AVG Anti-Spyware running, but NOT antivirus.

hidinu · « **Reply #14 on:** December 20, 2007, 05:46:07 AM »

I have installed Mc afee anti virus...

and took a fresh Hijack this............ sorry to post this without ur mention.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:01 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{1317FC6D-753C-4489-8002-B6A82E37BA35}: NameServer = 202.54.12.164,202.54.29.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6095 bytes

Broni · « **Reply #15 on:** December 20, 2007, 06:30:29 PM »

Your HJT log is clean.
As a last step, I'd like you to run CCleaner...

1. Download, and install CCleaner: http://www.ccleaner.com/

2. Read CCleaner instruction from here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

What is the situation with Task Manager?

hidinu · « **Reply #16 on:** December 20, 2007, 10:09:40 PM »

Task manager is enabled.....

I have run ccleaner also.......

System is working in complete condition....

Broni · « **Reply #17 on:** December 21, 2007, 05:09:41 PM »

Very nice

...Keep it that way

hidinu · « **Reply #18 on:** December 22, 2007, 12:42:19 AM »

I dont want to disturb you again ...... but i couldn't resist myself saying thank you to you....

Thank you so much for being ther..........

Broni · « **Reply #19 on:** December 22, 2007, 10:08:21 AM »

You're very welcome

Computer Hope Forum

News:

Author Topic: task manager is disabled (Read 9531 times)

hidinu

Broni

hidinu

hidinu

Broni

Broni

hidinu

hidinu

Broni

hidinu

hidinu

Broni

hidinu

Broni

hidinu

Broni

hidinu

Broni

hidinu

Broni