can't run virus software. Task Manager is grey (no window)

Discussion in 'adware, spyware & hijack cleaning' started by monkeybike, May 2, 2004.

Thread Status:
Not open for further replies.
  1. monkeybike

    monkeybike Registered Member

    Joined:
    May 2, 2004
    Posts:
    1
    All,

    I have a issue with my PC. Basically when you boot up normally no virus scan software will run, you can't get to nai.com or any av manufacturers website. If you type virus into the google search engine. The browser window closes.
    If you try and run tools liek hijack this it won't let you. Stinger won't run.
    Spybot search and destroy will but finds nothing. If you boot into safe mode I managed to run nai's stinger tool. It found exploit-dcomrpc.gen. And it deleted it. So rebooted, it and it has not made a difference. Startup list shows this. Is there anything suspect in here. Any help would be great.

    I think I may of got something whilst downloading on Emule.


    StartupList report, 02/05/2004, 15:30:22
    StartupList version: 1.50
    Started from : C:\DOCUME~1\richard\LOCALS~1\Temp\Rar$EX00.343\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\Fast.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WatchGuard\CONTROLD.EXE
    C:\Program Files\WatchGuard\WEBBLOCKER.EXE
    C:\WINDOWS\WinVNC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IE Doctor\IEDoctor.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\Msrv32.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\System32\wininit32.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DfrgNTFS.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\richard\LOCALS~1\Temp\Rar$EX00.343\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    BackgroundSwitcher = C:\WINDOWS\System32\bgswitch.exe
    IE Doctor = C:\Program Files\IE Doctor\IEDoctor.exe /min
    system = C:\WINDOWS\system32\spool\drivers\w32x86\3\Windrop2\Windrop2\short.lnk
    WinVNC = "C:\WINDOWS\WinVNC.exe" -servicehelper
    ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    nForce Tray Options = sstray.exe /r
    TCASUTIEXE = TCAUDIAG.exe -off
    iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
    Msrv32 = Msrv32.exe
    SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    Windows Management = C:\WINDOWS\System32\lsacfg\winsvc.exe
    SysInit = wininit32.exe -services

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    Msrv32 = Msrv32.exe
    SysInit = wininit32.exe -services

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    Steam = C:\Program Files\Steam\Steam.exe -silent
    WebCamRT.exe =
    Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    SysInit = wininit32.exe -drivers

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry value not found*
    HKLM\..\Policies: *Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
    (no name) - C:\PROGRA~1\IEDOCT~1\adflr.dll - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

    --------------------------------------------------

    Enumerating Download Program Files:

    [mscomctl]
    CODEBASE = http://www.pestscan.com/scanner/mscomctl.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSD22F.OSD

    [msvcp71]
    CODEBASE = http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSDF3B.OSD

    [msvcr71]
    CODEBASE = http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSDF55.OSD

    [ppctlcab]
    CODEBASE = http://www.pestscan.com/scanner/ppctlcab.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSD3D8.OSD

    [UploaderCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\atl_uploader.dll
    CODEBASE = http://members28.clubphoto.com/_img/uploader/atl_uploader.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    [Token Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\NetAX.dll
    CODEBASE = https://netilla.lansition.com/webapp/psvpns/NetillaPackage.CAB

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}]
    CODEBASE = http://install.serviceurl.de/StarInstall.ocx

    [EPSImageControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll
    CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

    --------------------------------------------------
    End of report, 9,631 bytes
    Report generated in 0.140 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi monkeybike,

    You have used HJT to generate a StartUp List. Please go here HERE and follow the instructions in step 2 to post a HJT log.

    Regards,
    Kent
     
Thread Status:
Not open for further replies.