Cannot Access Task Manager

  • Boose
  • Born
  • Born
  • Boose
  • Posts: 2

Post 3+ Months Ago

I have run spybot, Adaware se, and Windows Defender and removed everything they turned up and restarted but I still can't use the Task manager.


Logfile of HijackThis v1.99.1
Scan saved at 9:45:52 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\DOCUME~1\Holbrook\MYDOCU~1\STEM32~1\logonui.exe
C:\WINDOWS\system32\RACLE~1\WWEXEC~1.EXE
C:\WINDOWS\system32\qwintqez.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Holbrook\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {FEE14FA8-A819-D5B1-3EA6-825D4CB24EB7} - C:\WINDOWS\system32\rcy.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FEE14FA8-A819-D5B1-3EA6-825D4CB24EB7} - C:\WINDOWS\system32\rcy.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwintqez.exe GID003
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Torc] "C:\DOCUME~1\Holbrook\MYDOCU~1\STEM32~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Coggtgi] C:\WINDOWS\system32\RACLE~1\WWEXEC~1.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwintqez.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0496953828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0509445562
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Albert_chu
  • Graduate
  • Graduate
  • Albert_chu
  • Posts: 103

Post 3+ Months Ago

you mean..u press ctrl+alt+delete..and nothing comes up? try degragging the computer or setting a system restore to the date when it was working.
  • UniquelyYoursPC
  • Web Master
  • Web Master
  • User avatar
  • Posts: 2997
  • Loc: Canada "A"

Post 3+ Months Ago

post your log here http://hijackthis.de/index.php#anl
it should tell you whats good bad oh otherwise
  • tomrulez
  • Expert
  • Expert
  • User avatar
  • Posts: 571
  • Loc: England!!

Post 3+ Months Ago

I diddnt know about that Cowkiller, it doesnt seem to be too good at analysing it tho :S
  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

Its a reasonable analyzer all things considered but it can't beat the human brain along with Google for unsure entries. I tend to go through the logs by hand then run it through that as its easy to miss things at times and that site can be pretty useful for the DPF entries with the User Ratings.

Anyway heres the instructions.

If you are able to reboot into Safe Mode(Instructions for how to do so are here: http://tinyurl.com/pfca)
Run Hijack This again and check the following items to fix:
Quote:
R3 - URLSearchHook: (no name) - {FEE14FA8-A819-D5B1-3EA6-825D4CB24EB7} - C:\WINDOWS\system32\rcy.dll
O2 - BHO: (no name) - {FEE14FA8-A819-D5B1-3EA6-825D4CB24EB7} - C:\WINDOWS\system32\rcy.dll
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_2.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwintqez.exe GID003
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Torc] "C:\DOCUME~1\Holbrook\MYDOCU~1\STEM32~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Coggtgi] C:\WINDOWS\system32\RACLE~1\WWEXEC~1.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwintqez.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\ProgramFiles\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll

Click Fix Selected and if it asks you agree to make a backup.

After you have done the Hijack This removal instructions Reboot into Safe Mode With Command Prompt and do the following:
rmdir /S "C:\Program Files\outlook"
del /F C:\dfndrb_2.exe
del /F C:\kybrdb_2.exe
del /F "C:\WINDOWS\system32\qwintqez.exe"
del /F "C:\DOCUME~1\Holbrook\MYDOCU~1\STEM32~1\logonui.exe"
del /F "C:\WINDOWS\system32\RACLE~1\WWEXEC~1.EXE"
regsvr32 /u "C:\WINDOWS\system32\winspool.dll"
del /F "C:\WINDOWS\system32\winspool.dll"
rmdir /S "C:\ProgramFiles\ToolBar888"
regsvr32 /u "C:\WINDOWS\system32\rcy.dll"
del /F "C:\WINDOWS\system32\rcy.dll"
exit

Once safe mode completes loading after the 'exit' open up a search window and find "winlog.exe" and delete.

Reboot normally and post another Hijack This log so we can check its been cleaned fully.

Mmm iff possible I wouldn't mind finding out what that logonui.exe file actually is. Could you try uploading it to http://www.virustotal.com They will scan it with several antivirus products and return the results within a few minutes.
  • Boose
  • Born
  • Born
  • Boose
  • Posts: 2

Post 3+ Months Ago

Alkatr0z thank you That solved the problem. I forgot to check and see what that logonui.exe file was before I deleted it sorry. When I was doing the command prompt in safe mode I only was able to find 3 or 4 things out of the things you wanted me to get rid of.

Logfile of HijackThis v1.99.1
Scan saved at 9:20:29 AM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Holbrook\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FEE14FA8-A819-D5B1-3EA6-825D4CB24EB7} - C:\WINDOWS\system32\rcy.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0496953828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0509445562
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

Thats alright, I'll come across it again sometime most likely :)
Normally I mention it before I mention the deletion steps but this time forgot about it until I got to the very end of the post
  • monster317
  • Born
  • Born
  • monster317
  • Posts: 3

Post 3+ Months Ago

Hi,

I cannot open my task manager & system registry.
Is there anyone here who could help me these problems.
Thanks in advance!

By the way, here's my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:14 AM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 9537 bytes
  • Mr OBrien
  • Graduate
  • Graduate
  • User avatar
  • Posts: 182
  • Loc: down a creek without a paddle

Post 3+ Months Ago

run hijackthis and fix

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)

also press winkey+r and put in the blank "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f" without quotes just to make sure you have access to the registry


a fix for your task manager

1. press winkey+r
2. Type REGEDIT
3. Click OK The Registry Editor will now open
4. Browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\system
5. In the right pane, look for the value: DisableTaskMgr
6. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

post your results good luck
  • monster317
  • Born
  • Born
  • monster317
  • Posts: 3

Post 3+ Months Ago

Hi Mr OBrien,

My task manager & system registry were restored.
But the two other problems were not yet resolved, namely these two errors when running hijackthis:

O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe (file missing)
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)

I cheked these two, and clicked FIX CHECKED, but when I re-run this with hijackthis, it still appeared as (file missing).

Anyway, thank you very much for helping me with the task manager and system registry problem.

cheers!
  • Mr OBrien
  • Graduate
  • Graduate
  • User avatar
  • Posts: 182
  • Loc: down a creek without a paddle

Post 3+ Months Ago

1. press CTRL+ALT+DEL
2. goto processes
3. find aspimgr.exe
4. kill aspimgr.exe

delete registry values
1. press winkey+r
2. in the text box enter REGEDIT
3. click ok
4. browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr
5. delete it
6. browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\sft
7. delete it

make sure you can see hidden files/folders
1. double-click any folder
2. goto tools
3. goto folder options
4. goto view tab
5. in the advanced settings list find the option show hidden files and folders
6. select it
7. then remove a checkmark next to the line hide protected operating system files

delete the program
1. goto my computer
2. goto c drive
3. browse to C:\WINDOWS\ws386.ini
4. delete it
5. browse to C:\WINDOWS\System32\aspimgr.exe
6. delete it
7. browse to C:\Documents and Settings\[Current User]\Local Settings\Temp\_check32.bat

you are now rid of aspimgr.exe for good
  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

Instead of the registry part I'd try using HJT to remove them again. If you do it in safe mode as well there will be less chance of them running, but still check Task Manager as outlined in Mr OBrien's post.
  • monster317
  • Born
  • Born
  • monster317
  • Posts: 3

Post 3+ Months Ago

Hi Mr OBrien,

Thanks for the help again. I think im done with the aspimgr.exe prob.
But running HJT again, this error message still appeared:

O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe (file missing)

By the way, thank you also Alkatr0z for the suggestion.
  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

Try following the instructions on how to use SDFix here:http://www.bleepingcomputer.com/forums/topic131299.html and post back the log file it creates.
The malware that causes that entry can be fixed by SDFix so it should remove the entry

Post Information

  • Total Posts in this topic: 14 posts
  • Users browsing this forum: No registered users and 107 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.