Author Topic: task manager repetedly locked out ?? (Read 8765 times)

freedom07 · « **on:** December 21, 2007, 03:12:29 PM »

I have read through several posts on the task manager being locked out by either viruses or other malware. I followed those procedures already posted. But when i have restarted my system it locks me out again. Also my explorer is rather slow as well. i do not know if they are related or if they are seperate issues. I would list all proceses as well but i can not figure out how to copy them to post here as well.

Have AVG free edition

Super antspyware

lavasoft free home edition

Spybot search and destroy

ccleaner

vundo fix

and the taskmanagerfix

running xp with sp2

AMD64 3000 1GIG Ram and nvidia 6600

Deerpark · « **Reply #1 on:** December 21, 2007, 03:40:01 PM »

Welcome to the Computer Hope Forums freedom07.

Have you gone through the steps here?
If not I think you should do that first of all. It will help our malware experts to better assist you.

freedom07 · « **Reply #2 on:** December 21, 2007, 05:15:58 PM »

thanks for making me re read that. i had skimmed it before. And i didnt think to save the log reports from before. Again my stupid mistake. $:-\$ using the ESET online scanner now. and will follow it up with the hijack.

Deerpark · « **Reply #3 on:** December 21, 2007, 05:24:07 PM »

No problem.

Just post the logs when you're done and someone will take a look at them as soon as possible.

freedom07 · « **Reply #4 on:** December 21, 2007, 06:33:57 PM »

I double checked the listed procedure and this is the super antispyware log. the second time i ran it it listed no problems.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2007 at 11:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3365
Trace Rules Database Version: 1364

Scan type : Quick Scan
Total Scan Time : 00:21:48

Memory items scanned : 424
Memory threats detected : 0
Registry items scanned : 717
Registry threats detected : 86
File items scanned : 14792
File threats detected : 0

Malware.VirusProtectPro
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}\1.0
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}\1.0\0
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}\1.0\0\win32
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}\1.0\FLAGS
   HKCR\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}\1.0\HELPDIR
   HKCR\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}
   HKCR\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}\ProxyStubClsid
   HKCR\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}\ProxyStubClsid32
   HKCR\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}\TypeLib
   HKCR\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}\TypeLib#Version
   HKCR\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}
   HKCR\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}\ProxyStubClsid
   HKCR\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}\ProxyStubClsid32
   HKCR\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}\TypeLib
   HKCR\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}\TypeLib#Version
   HKCR\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}
   HKCR\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}\ProxyStubClsid
   HKCR\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}\ProxyStubClsid32
   HKCR\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}\TypeLib
   HKCR\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}\TypeLib#Version
   HKCR\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}
   HKCR\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}\ProxyStubClsid
   HKCR\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}\ProxyStubClsid32
   HKCR\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}\TypeLib
   HKCR\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}\TypeLib#Version
   HKCR\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}
   HKCR\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}\ProxyStubClsid
   HKCR\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}\ProxyStubClsid32
   HKCR\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}\TypeLib
   HKCR\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}\TypeLib#Version
   HKCR\Interface\{720B32BB-73D5-4551-B743-986224487121}
   HKCR\Interface\{720B32BB-73D5-4551-B743-986224487121}\ProxyStubClsid
   HKCR\Interface\{720B32BB-73D5-4551-B743-986224487121}\ProxyStubClsid32
   HKCR\Interface\{720B32BB-73D5-4551-B743-986224487121}\TypeLib
   HKCR\Interface\{720B32BB-73D5-4551-B743-986224487121}\TypeLib#Version
   HKCR\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}
   HKCR\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}\ProxyStubClsid
   HKCR\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}\ProxyStubClsid32
   HKCR\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}\TypeLib
   HKCR\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}\TypeLib#Version
   HKCR\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}
   HKCR\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}\ProxyStubClsid
   HKCR\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}\ProxyStubClsid32
   HKCR\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}\TypeLib
   HKCR\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}\TypeLib#Version
   HKCR\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}
   HKCR\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}\ProxyStubClsid
   HKCR\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}\ProxyStubClsid32
   HKCR\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}\TypeLib
   HKCR\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}\TypeLib#Version
   HKCR\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}
   HKCR\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}\ProxyStubClsid
   HKCR\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}\ProxyStubClsid32
   HKCR\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}\TypeLib
   HKCR\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}\TypeLib#Version
   HKCR\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}
   HKCR\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}\ProxyStubClsid
   HKCR\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}\ProxyStubClsid32
   HKCR\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}\TypeLib
   HKCR\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}\TypeLib#Version
   HKCR\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}
   HKCR\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}\ProxyStubClsid
   HKCR\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}\ProxyStubClsid32
   HKCR\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}\TypeLib
   HKCR\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}\TypeLib#Version
   HKCR\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}
   HKCR\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}\ProxyStubClsid
   HKCR\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}\ProxyStubClsid32
   HKCR\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}\TypeLib
   HKCR\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}\TypeLib#Version
   HKCR\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}
   HKCR\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}\ProxyStubClsid
   HKCR\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}\ProxyStubClsid32
   HKCR\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}\TypeLib
   HKCR\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}\TypeLib#Version
   HKCR\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}
   HKCR\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}\ProxyStubClsid
   HKCR\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}\ProxyStubClsid32
   HKCR\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}\TypeLib
   HKCR\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}\TypeLib#Version
   HKCR\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}
   HKCR\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}\ProxyStubClsid
   HKCR\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}\ProxyStubClsid32
   HKCR\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}\TypeLib
   HKCR\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}\TypeLib#Version

i ran the ESET and it came back with no threats found as well.

When i went to update the java. i got a Plug-in fatal error
Several java Machines running in the same process caused an error

What is the next step that i need to take now ??

Broni · « **Reply #5 on:** December 21, 2007, 07:34:19 PM »

Did you uninstall older versions of Java?

When you go here:
http://javatester.org/version.html
what does it say about your Java?

We need your HijackThis log.

freedom07 · « **Reply #6 on:** December 21, 2007, 10:46:50 PM »

i just installed jave SE Development kit 6 update 3 and it told me i already had that so i re installed it.

and this is what the hijackthis log showed me after the java re install.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:05 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\lxdjcoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - D:\PROGRA~1\COMMON~1\System\D_4362.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AS00_Gear311T] D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjmon.exe] "D:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: update.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.augustarealtorsmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.augustarealtorsmls.com/aug/valid/osi_valid9j.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

freedom07 · « **Reply #7 on:** December 21, 2007, 10:49:19 PM »

Had tp cut the log. wouldnt let me post it all together. said it was over the 10000 character limit

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158350743234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdj_device - - D:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 10545 bytes

freedom07 · « **Reply #8 on:** December 21, 2007, 10:51:42 PM »

Oh i also got the pink box after i re installed the java 6. when i tried it before the re install i didnt get anything in the display box.

Broni · « **Reply #9 on:** December 22, 2007, 10:02:04 AM »

Firstly, I don't see any firewall running, unless you're using Windows firewall.
Secondly, you're still using older Java version: jre1.6.0_02. Uninstall all Java instances through Add/Remove. Download newest version (http://www.java.com/en/download/index.jsp), and install it.

Now...

Disable Spybot TeaTimer:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - D:\PROGRA~1\COMMON~1\System\D_4362.dll

- O4 - Global Startup: update.exe

- O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

- O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

4. Click on "Fix checked" button.

5. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

6. Restart in Normal Mode.

7. Turn System Restore on.

8. Restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

9. Run HijackThis again, and post back its log back here.

freedom07 · « **Reply #10 on:** December 22, 2007, 01:56:44 PM »

i uninstalled the java then re installed in again and verified it.

and then re ran hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:47 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\lxdjcoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AS00_Gear311T] D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdjmon.exe] "D:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.augustarealtorsmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.augustarealtorsmls.com/aug/valid/osi_valid9j.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158350743234

freedom07 · « **Reply #11 on:** December 22, 2007, 01:59:46 PM »

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdj_device - - D:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 10207 bytes

concering the fire wall i thought AVG free edition had a fire wall with it. and i tried to turn on the windows fire wall. but it wouldnt give me the option to switch it from being turned off.

again thany you for all of your assistance with my issues.

Broni · « **Reply #12 on:** December 22, 2007, 03:25:53 PM »

With your HJT log, we're almost done.
Run it again, and put checkmark next to:
- O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - (no file)
Click "Fix checked" button.
Restart computer. Post new HJT log.

No, AVG doesn't provide firewall.

Quote

i tried to turn on the windows fire wall. but it wouldnt give me the option to switch it from being turned off.

What happens? Does it say, it's OFF?

freedom07 · « **Reply #13 on:** December 22, 2007, 04:36:06 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:43 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\lxdjcoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AS00_Gear311T] D:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdjmon.exe] "D:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.augustarealtorsmls.com
O15 - Trusted Zone: www.getoffutt.com
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.augustarealtorsmls.com/aug/valid/osi_valid9j.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158350743234
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

freedom07 · « **Reply #14 on:** December 22, 2007, 04:39:59 PM »

D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdj_device - - D:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 10419 bytes

when i tried to turn on the fire wall. the on and off buttons where faded back like a shadow. . kind of like the thing where unless you click on I Agree to the terms of what ever. Then once you click yes you can activate it or move on. Hope that makes sense.

Computer Hope Forum

News:

Author Topic: task manager repetedly locked out ?? (Read 8765 times)

freedom07

task manager repetedly locked out ??

Deerpark

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

Deerpark

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

Broni

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

Broni

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

Broni

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??

freedom07

Re: task manager repetedly locked out ??