Win XP Task Manager opens but instantly closes again

  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

If you have problems using the online scanner, just go through the following steps.

Copy or print the following instruction so you will have them handy.

Run Hijack This, scan and check the following items. (don't fix yet):

O4 - HKLM\..\Run: [A0481379] C:\WINDOWS\System32\jryzapur.exe
O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\vtygbvs.exe
O4 - HKLM\..\Run: [Windows Update] host32.exe
O4 - HKLM\..\Run: [Spool Server Daemon] SPOOLSVD32.EXE
O4 - HKLM\..\Run: [Microsoft Protection Subsystems] msm32.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Microsoft Windows Secure Server] rpcxWindows.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft Secure Server Config] rpcxConfig.exe
O4 - HKLM\..\Run: [Microsoft Config] msconf.exe
O4 - HKLM\..\Run: [Norton SpySweeper AutoUpdate] navsw.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winxpini.exe
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Win Updator Services] ctfnom.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKLM\..\RunServices: [Spool Server Daemon] SPOOLSVD32.EXE
O4 - HKLM\..\RunServices: [Microsoft Protection Subsystems] msm32.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure Server] rpcxWindows.exe
O4 - HKLM\..\RunServices: [Microsoft Secure Server Config] rpcxConfig.exe
O4 - HKLM\..\RunServices: [Microsoft Config] msconf.exe
O4 - HKLM\..\RunServices: [Norton SpySweeper AutoUpdate] navsw.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winxpini.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Win Updator Services] ctfnom.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunOnce: [Norton SpySweeper AutoUpdate] navsw.exe
O4 - HKLM\..\RunOnce: [Win Updator Services] ctfnom.exe

Close all browsers and windows except for Hijack This and click 'Fix Checked'.

Reboot into Safe Mode
http://www.jayloden.com/SafeMode.htm

Display hidden files and folders
Go to Start > Run
Enter: control folders
Go to the View tab.
Check "Show hidden files and folders"
Uncheck "Hide protected Operating System files"
Click OK

Delete the following files:
C:\WINDOWS\System32\jryzapur.exe
C:\WINDOWS\System32\vtygbvs.exe


Search for and delete the following files, most likely they will be in Windows\ or Windows\system32\:
wserv32.exe
host32.exe
SPOOLSVD32.EXE
msm32.exe
videosd32.exe
rpcxWindows.exe
rpcxConfig.exe
msconf.exe
navsw.exe
winxpini.exe
winnt.exe
ctfnom.exe
winmon.exe

*Be careful when deteting these files. many legitimate windows files have similar names. Double check and make sure each file you delete is on the list.

Clear Temporary Folders\Files and Internet Files
Go to start > run
Enter: cleanmgr

Make sure only the following are checked:
Temporary Internet files
Recycle Bin
Temporary Files

Click OK

Reboot Normally

Login for each user and repeat the steps for Clearing Temporary Folders\Files and Internet Files.

Flush System Restore
Right Click on "My Computer"
Select Properties
Go to the System Restore Tab
Check 'Turn off System Restore on all drives'.
Click Apply
Unckeck 'Turn off System Restore on all drives'
Click OK

Run Hijack This, scan, save and post the new log.
  • obaid740
  • Born
  • Born
  • obaid740
  • Posts: 1

Post 3+ Months Ago

this is my result, after running hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 01:17:06, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\WDelMgr20.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\Explorer.exe
G:\Softwares\Anti Attacking Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 172.16.0.1:8080
R3 - URLSearchHook: SrchHook Class -

{F4F10C1D-87C7-404A-B4B3-000000000000} -

D:\PROGRA~1\DAP\SBSearch.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} -

(no file)
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"

/WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo Messengger]

C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O8 - Extra context menu item: &Clean Traces - C:\Program

Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program

Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program

Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM -

C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM

- C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program

Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)

- http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://www.update.microsoft.com/windows ... rols/en/x8

6/client/wuweb_site.cab?1211743932625
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... ient.cab56

907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent

ActiveX Control) -

http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F}

- C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294}

- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml -

{807563E5-5146-11D5-A672-00B0D022E945} -

C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Update Service (gupdate1c996a8d08d7b58)

(gupdate1c996a8d08d7b58) - Unknown owner - C:\Program

Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) -

Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service

-config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file

missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) -

Unknown owner - C:\Program Files\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file

missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset -

C:\Program Files\Eset\nod32krn.exe
O23 - Service: WDelMgr20 - Unknown owner -

C:\WINDOWS\system32\drivers\WDelMgr20.exe

Post Information

  • Total Posts in this topic: 62 posts
  • Users browsing this forum: No registered users and 93 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.