Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

can't use task manager!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

can't use task manager!

Unread postby marcusho » January 30th, 2010, 3:34 am

hello here is my log, i can't go onto task manager and I keep getting popup warning errors.
when i try to bring up task manager it says: "Application cannot be executed. The file is infected. Please open your antivirus software."
-there is also a dark green background showing up from time to time
-adaware is going nuts and periodically saying that it detects malicious software and does a scan in the background.. each time coming up with 5-6 "privacy objects" in the cookies... the most recent 5 that i just deleted were called: adyieldmanager, atdmt, serving-sys and 2o7
-i'm connected via a router to the internet (Airlink 101 wireless)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:58 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ucmerced.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kofesojek] Rundll32.exe "c:\windows\system32\zodetego.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Kperikicilu] rundll32.exe "C:\WINDOWS\orufipujililun.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: AXEL.DAV (User 'SYSTEM')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: AXEL.DAV (User 'Default user')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AXEL.DAV (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: ReSchedHPSU.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O20 - AppInit_DLLs: lujorosu.dll c:\windows\system32\zodetego.dll
O21 - SSODL: tekomozaf - {66ca4cac-8b6b-4b68-ab9d-1b126f26a0cd} - c:\windows\system32\zodetego.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {66ca4cac-8b6b-4b68-ab9d-1b126f26a0cd} - c:\windows\system32\zodetego.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Holly-Valance-Wallpaper-40.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Holly-Valance-Wallpaper-47.jpg
O24 - Desktop Component 10: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\deep_sea_adventure.jpg
O24 - Desktop Component 11: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\lone_crow.jpg
O24 - Desktop Component 12: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\Mercedes-Benz_SLR_McLaren,_Doors_Open.jpg
O24 - Desktop Component 13: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\lifeform_or_spacejunk.jpg
O24 - Desktop Component 14: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\2008-Nissan-Skyline-Coupe-VQ37VHR-Engine-1024x768.jpg
O24 - Desktop Component 15: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\dudu.jpg
O24 - Desktop Component 16: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\FineDragon1.jpg
O24 - Desktop Component 17: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Monica-Bellucci-42.JPG
O24 - Desktop Component 18: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Monica-Bellucci-66.JPG
O24 - Desktop Component 19: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\My_Sister.png
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\Enika.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\m00j.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\Friends_Are_Hard_To_Find.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\mx5\NA.jpg
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Kristin-Kreuk-3-1280.jpg
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\maggie_q.jpg
O24 - Desktop Component 8: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\josie-maran_side.jpg
O24 - Desktop Component 9: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\inside_out.jpg

--
End of file - 8414 bytes
marcusho
Active Member
 
Posts: 3
Joined: January 30th, 2010, 3:30 am
Advertisement
Register to Remove

Re: can't use task manager!

Unread postby marcusho » January 30th, 2010, 8:00 pm

Update:
I was able to delete some of the malware by cmd... for some reason it took a long time to delete the kasiyebo.dll files.. everytime i click 'fix checked' it gives an error with a big red circle and white X in the middle and says "Please help us improve HJT by reporting this error "An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O22 - SharedTaskScheduler:kupuhivus - {23c330d5-c16b-437f-8091-9e6eccb65dd9} - c:\windows\system32\kasiyebo.dll (file missing)) Error #53 - File not found

ive tried clicking "Fix checked" on HJT on these 2 files multiple times, but i can't seem to get rid of is them:
O20 - AppInit_DLLs: nunoloje.dll
and,
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS\SYSTEM32\odbcasvc.EXE (file missing)

the 2 files are currently on the ignore list.

but even with all the ones that i was able to delete, i am still getting the dark green background screen and also whenever i try to bring up task manager, it says "Task Manager has been disabled by your administrator"
-the most recent malicious objects detected on adaware are:
webtrends
adyieldmanager
2o7
zedo

---------------------------------------
here is an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:09 PM, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ucmerced.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: AXEL.DAV (User 'SYSTEM')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: AXEL.DAV (User 'Default user')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AXEL.DAV (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: ReSchedHPSU.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - AppInit_DLLs: nunoloje.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Holly-Valance-Wallpaper-40.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\maggie_q.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Holly-Valance-Wallpaper-47.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\Enika.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\m00j.jpg
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\Friends_Are_Hard_To_Find.jpg
O24 - Desktop Component 6: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\mx5\NA.jpg
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures\Backrounds\female\Kristin-Kreuk-3-1280.jpg

--
End of file - 5727 bytes
-----------------------------------------

also, here is the startup list:

StartupList report, 1/30/2010, 4:05:45 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16981)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
ReSchedHPSU.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Google Update = "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=nunoloje.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
GoogleUpdateTaskUserS-1-5-21-271406683-3762856668-1716384782-1009Core.job
GoogleUpdateTaskUserS-1-5-21-271406683-3762856668-1716384782-1009UA.job
grangffk.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 5,826 bytes
Report generated in 0.109 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
marcusho
Active Member
 
Posts: 3
Joined: January 30th, 2010, 3:30 am

Re: can't use task manager!

Unread postby NonSuch » January 31st, 2010, 1:24 am

We're sorry, but it is necessary to close your topic because you have replied to it prior to receiving a response from a helper.

Due to adding on to your topic with your second post it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait for assistance. Please do not run additional programs and/or post additional logs. Just your HijackThis log to start with is adequate. Your helper will ask for additional logs as needed. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There are others who have been waiting longer than you, so do not expect an immediate reply.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware