Jump to content


Photo

Task Mgr/RegEdit


  • Please log in to reply
4 replies to this topic

#1 MjrChicken

MjrChicken

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 02:36 PM

Hi, For several weeks now I have been unable to use either Task Manager or RegEdit. What happens is, if I run regedit, or ctrl-alt-del Task Manager neither one will stay up/running for more than 1 second. I've tried a couple of different virus checkers, spybot s&d, trojanhunter and adaware. None of them find/fix the problem. Any ideas?

Also, and I'm not sure if this started at the same time or not, but my folders no longer save their view settings.

Thanks,
Chicken

attached is my hijackthis! log

Attached Files


Edited by MjrChicken, 16 May 2004 - 02:38 PM.


#2 mr bones

mr bones

    Member

  • Emeritus
  • Pip
  • 66 posts

Posted 16 May 2004 - 02:52 PM

I never liked this feature of attaching files to download so I will post it then look over iit for you.

Logfile of HijackThis v1.97.7
Scan saved at 8:50:09 PM, on 5/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WIN98\System32\smss.exe

C:\WIN98\system32\csrss.exe
C:\WIN98\system32\winlogon.exe
C:\WIN98\system32\services.exe
C:\WIN98\system32\lsass.exe
C:\WIN98\system32\svchost.exe
C:\WIN98\System32\svchost.exe
C:\WIN98\System32\Ati2evxx.exe
C:\WIN98\System32\svchost.exe
C:\WIN98\System32\svchost.exe
C:\WIN98\system32\spoolsv.exe
C:\WIN98\System32\alg.exe
C:\WIN98\System32\CTsvcCDA.EXE
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WIN98\system32\pctspk.exe
C:\Program Files\PC-cillin 2002\Tmntsrv.exe
C:\WIN98\system32\Ati2evxx.exe
C:\WIN98\Explorer.EXE
C:\WIN98\System32\dllhost.exe
C:\WIN98\System32\msdtc.exe
C:\WIN98\SYSTEM\atiptaxx.exe
C:\WIN98\System32\CTHELPER.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WIN98\System32\qsync.exe
C:\WIN98\System32\augmsg.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ICQ\Icq.exe
C:\Program Files\TeamSpeak\TeamSpeak.exe
C:\Documents and Settings\MjrChicken\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/HTML%20Files/myfavs.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\System32\msdxm.ocx

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ATIPTA] C:\WIN98\SYSTEM\atiptaxx.exe

O4 - HKLM\..\Run: [UpdReg] C:\WIN98\Updreg.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Jet Detection] c:\program files\sbaudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Winsock driver] qsync.exe

O4 - HKLM\..\Run: [augmsg] augmsg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN98\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RDLL] RunDll16.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\RunOnce: [ATIPRB] C:\WIN98\SYSTEM32\rundll32.exe /g

O4 - HKCU\..\RunOnce: [Winsock driver] qsync.exe

O4 - HKCU\..\RunOnce: [augmsg] augmsg.exe

O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Trace (HKLM)

O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7693.6854282407

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../yse/ymmapi.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#3 mr bones

mr bones

    Member

  • Emeritus
  • Pip
  • 66 posts

Posted 16 May 2004 - 03:05 PM

O4 - HKLM\..\Run: [Winsock driver] qsync.exe
O4 - HKLM\..\Run: [augmsg] augmsg.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunOnce: [ATIPRB] C:\WIN98\SYSTEM32\rundll32.exe /g
O4 - HKCU\..\RunOnce: [Winsock driver] qsync.exe
O4 - HKCU\..\RunOnce: [augmsg] augmsg.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot

Ensure you have all folders and files visible. Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab. Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Run HJT again and tick the above items only. Next, close all other windows, make sure you have only those ticked I mentioned and only then should you click Fix Selected.
Reboot and delete these files or folders as stated;

qsync.exe
augmsg.exe
RunDll16.exe



Open the Start menu and select Programs>Accessories>System Tools>Disk Cleanup. The Disk Cleanup applet calculates the amount of space you can save by emptying the Recycle Bin, deleting temporary Internet files, Temp files and (for NTFS drives) compressing old files. Run this to clear up those Temp folders.

#4 MjrChicken

MjrChicken

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 03:33 PM

Thanks for the info, one problem though. qsync and augmsg cannot be removed by HJT. I followed your instructions and first they couldn't be deleted (the "in use" error msg) then I tried "fixing" them with HJT again, they came back and showed up in each succesive scan.

I'm thinking boot to safe mode command prompt, delete the files, then use HJT to delete the reg settings?

#5 MjrChicken

MjrChicken

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 04:30 PM

Yep, that did it. You Are Da'Man Mr Bones! ! ! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button