1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Shut down button missing (HJT log)

Discussion in 'Virus & Other Malware Removal' started by cthornton, Jul 17, 2006.

Thread Status:
Not open for further replies.
  1. cthornton

    cthornton Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    48
    My shutdown buttons are missing from my start up menu and my taskmanager! I am having to turn the computer off with the power button. I have run adaware, AVG and windows malicious tool remover and I am including my HJT log. Got any ideas?

    Logfile of HijackThis v1.99.1
    Scan saved at 4:42:38 PM, on 7/17/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
     
  2. cthornton

    cthornton Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    48
  3. cthornton

    cthornton Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    48
    I have updated with a new copy of my HJT log.......and added a copy of panda activescan. This computer has something going on. someone help please.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:21:03 AM, on 7/24/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe




    Incident Status Location
    Adware:adware/medload Not disinfected c:\winnt\downloaded program files\m67m.ocx
    Adware:adware/afaenhance Not disinfected c:\winnt\system\QBUninstaller.exe Adware:adware/bookedspace Not disinfected
    c:\winnt\system32\bs51-eginwl51-vb.exe
    Adware:adware/wintools Not disinfected c:\winnt\system32\EDow_AS2.exe
    Adware:adware/ezula Not disinfected c:\winnt\system32\ezPopStub.exe
    Adware:adware/delfinmedia Not disinfected c:\program files\common files\uninstall information\RemoveDisplayUtility.exe
    Adware:adware/iemenuextension Not disinfected c:\winnt\IEMenuExtension.exe
    Adware:adware/ieplugin Not disinfected c:\winnt\kwv2.dat
    Spyware:spyware/betterinet Not disinfected c:\winnt\thin-149-1-x-x.exe
    Spyware:spyware/media-motor Not disinfected c:\winnt\ubber60.ini
    Spyware:spyware/adclicker Not disinfected c:\winnt\usta32.ini
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Administrator\Application Data\Sskcwrd.dll
    Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Administrator\Application Data\tvmknwrd.dll
    Adware:adware/wupd Not disinfected c:\program files\AdStatus Service
    Adware:adware/fizzle Not disinfected c:\program files\FwBarTemp
    Adware:adware/imgiant Not disinfected c:\program files\joystick networks
    Adware:adware/sidesearch Not disinfected c:\program files\Lycos
    Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
    Adware:adware/scbar Not disinfected c:\program files\scbar
    Adware:adware/winad Not disinfected c:\program files\Winad Client
    Adware:adware/ist.yoursitebar Not disinfected c:\program files\YourSiteBar
    Adware:adware program Not disinfected c:\winnt\system32\cache32dsrf4535dfs
    Adware:adware/savenow Not disinfected c:\documents and settings\all users\application data\nsv
    Adware:adware/pacimedia Not disinfected Windows Registry
    Adware:adware/searchrelevancy Not disinfected Windows Registry
    Spyware:spyware/apropos Not disinfected Windows Registry
    Adware:adware/comedy-planet Not disinfected Windows Registry
    Adware:adware/topconvert Not disinfected Windows Registry
    Adware:adware/ist.istbar Not disinfected Windows Registry
    Adware:adware/cws Not disinfected Windows Registry
    Adware:adware/ncase Not disinfected Windows Registry
    Spyware:spyware/clearsearch Not disinfected Windows Registry
    Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrato[email protected][1].txt
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\180sainstallernu.exe
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Del1C.tmp
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Del232.tmp
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\i125.tmp
    Adware:Adware/DelFinMedia Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\motoin.exe
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\res1D.tmp
    Adware:Adware/nCase Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\res267.tmp
    Adware:Adware/nCase Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\resEA.tmp
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484055

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice