Windows XP Task Manager starts and instantly teminates

  • knapkin
  • Born
  • Born
  • knapkin
  • Posts: 4

Post 3+ Months Ago

i cant find anything in add/remove to do with my web, my bar or anthing
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Ok, no problem. Just hang tight and we'll get you fixed up. Do you have xp pro or home edition?
  • knapkin
  • Born
  • Born
  • knapkin
  • Posts: 4

Post 3+ Months Ago

windows xp media edition, its professional with some new microsoft media stuff (pretty nice)
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Okay, first download pskill: http://www.sysinternals.com/ntw2k/freeware/pskill.shtml

Extract the contents of the zip archive (pskill.exe) to c:\windows\system32\

Next, copy the following into notepad and save it as "fix.cmd" with the quotes.

Code: [ Select ]
@echo off

pskill active.exe >"%userprofile\desktop\log.txt"
pskill 2W.exe >>"%userprofile\desktop\log.txt"

attrib -r -s -h C:\active.exe >>"%userprofile\desktop\log.txt" >>"%userprofile\desktop\log.txt"
attrib -r -s -h "C:\documents and settings\robert knapp\local settings\temp\2W.exe" >>"%userprofile\desktop\log.txt"
attrib -r -s -h C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"

regsvr32 /u /s C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"

del C:\active.exe >>"%userprofile\desktop\log.txt" >>"%userprofile\desktop\log.txt"
del "C:\documents and settings\robert knapp\local settings\temp\2W.exe" >>"%userprofile\desktop\log.txt"
del C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"
  1. @echo off
  2. pskill active.exe >"%userprofile\desktop\log.txt"
  3. pskill 2W.exe >>"%userprofile\desktop\log.txt"
  4. attrib -r -s -h C:\active.exe >>"%userprofile\desktop\log.txt" >>"%userprofile\desktop\log.txt"
  5. attrib -r -s -h "C:\documents and settings\robert knapp\local settings\temp\2W.exe" >>"%userprofile\desktop\log.txt"
  6. attrib -r -s -h C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"
  7. regsvr32 /u /s C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"
  8. del C:\active.exe >>"%userprofile\desktop\log.txt" >>"%userprofile\desktop\log.txt"
  9. del "C:\documents and settings\robert knapp\local settings\temp\2W.exe" >>"%userprofile\desktop\log.txt"
  10. del C:\WINDOWS\System32\kngncuji.dll >>"%userprofile\desktop\log.txt"


Next copy the following into anothe text file, "fix.txt"; this is what you will need to fix with hijack this:
Code: [ Select ]
O2 - BHO: (no name) - {19FF602A-C36C-5CCF-D652-64557CAC2737} - C:\WINDOWS\System32\kngncuji.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
O4 - HKLM\..\Run: [2W] C:\documents and settings\robert knapp\local settings\temp\2W.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
  1. O2 - BHO: (no name) - {19FF602A-C36C-5CCF-D652-64557CAC2737} - C:\WINDOWS\System32\kngncuji.dll
  2. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
  3. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  4. O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
  5. O4 - HKLM\..\Run: [2W] C:\documents and settings\robert knapp\local settings\temp\2W.exe
  6. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  7. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  8. O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
  9. O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab


Okay. Once you have copied everything and saved it, reboot into safe mode. Double click the file, "fix.cmd".

Next, run hijack this, scan and place a check beside the items listed in fix.txt. Click 'Fixed checked'.

Reboot, run hijack this, scan and save the log. There should be a text file on your desktop called log.txt. Post that and your new hijack this log. Hopefull, the problem will be taken care of by this time.
  • under3p
  • Born
  • Born
  • under3p
  • Posts: 1

Post 3+ Months Ago

Having the same problem with the task manager, etc.

here's my hijack this log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\pctspk.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Archivos de programa\TELMEX\Prodigy Infinitum\app\TangoService.exe
C:\WINDOWS\System32\taskmqr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\ARCHIV~1\TELMEX\PRODIG~1\app\TangoManager.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tftp.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ponchin\Configuración local\Archivos temporales de Internet\Content.IE5\6JU1IJ69\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.prodigy.com.mx/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Archivos de programa\iMesh Light\iMeshBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TangoManager] C:\ARCHIV~1\TELMEX\PRODIG~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Media Player] taskmqr.exe
O4 - HKLM\..\Run: [MSConfig] C:\EmergencyUtils\Copy_of_MSConfig.exe /auto
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] taskmqr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] flunkw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Media Player] taskmqr.exe
O4 - HKCU\..\RunServices: [Windows Media Player] taskmqr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{050067AD-6B3D-4DBE-B9BA-9910EC2C0B26}: NameServer = 200.33.146.217 200.33.146.209
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Hello under3p, just hang tight and I will be with you in a moment. Welcome to Ozzu. :)
  • knapkin
  • Born
  • Born
  • knapkin
  • Posts: 4

Post 3+ Months Ago

Logfile of HijackThis v1.98.2
Scan saved at 12:19:52 AM, on 9/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Winad Client\Winad.exe
C:\WINDOWS\System32\EXPLORERZ.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Winad Client\WinClt.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tyler Knapp\Desktop\Shtuff\aim.exe
C:\Documents and Settings\Tyler Knapp\Desktop\Shtuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Tyler Knapp\Desktop\Shtuff\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EE24AEC-7493-4A12-ADF8-9563F69241FB}: NameServer = 205.188.146.146
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

under3p, first download this file: http://www.sysinternals.com/files/pskill.zip
Extract pskill.exe to C:\windows\system32\

Next, copy the following command into notepad and save as, "fix.cmd". Include the quotes when saving,
Code: [ Select ]
@echo off

pskill taskmqr.exe >%userprofile\desktop\log.txt"
pskill winupdate.exe >>%userprofile\desktop\log.txt"

attrib -r -s -h C:\WINDOWS\System32\taskmqr.exe >>%userprofile\desktop\log.txt"

del C:\WINDOWS\System32\taskmqr.exe >>%userprofile\desktop\log.txt"
  1. @echo off
  2. pskill taskmqr.exe >%userprofile\desktop\log.txt"
  3. pskill winupdate.exe >>%userprofile\desktop\log.txt"
  4. attrib -r -s -h C:\WINDOWS\System32\taskmqr.exe >>%userprofile\desktop\log.txt"
  5. del C:\WINDOWS\System32\taskmqr.exe >>%userprofile\desktop\log.txt"


Next, copy the following items into notepad and save as "fix.txt". These will be the items you will fix with Hijack This:
Code: [ Select ]
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [Windows Media Player] taskmqr.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] taskmqr.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] flunkw.exe
O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKCU\..\Run: [Windows Media Player] taskmqr.exe
O4 - HKCU\..\RunServices: [Windows Media Player] taskmqr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  1. O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
  2. O4 - HKLM\..\Run: [Windows Media Player] taskmqr.exe
  3. O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
  4. O4 - HKLM\..\RunServices: [Windows Media Player] taskmqr.exe
  5. O4 - HKLM\..\RunServices: [Microsoft Update Machine] flunkw.exe
  6. O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
  7. O4 - HKCU\..\Run: [Windows Media Player] taskmqr.exe
  8. O4 - HKCU\..\RunServices: [Windows Media Player] taskmqr.exe
  9. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  10. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Once you have copied the above to the appropriate files, reboot into safe mode. Once in safe mode, double click "fix.cmd".

Next, run hijack this, scan, and place a check next to the items listed in fix.txt and click 'Fixed checked'.

Reboot, Run Hijack This, Scan, save the log. There should be a file called 'log.txt' on your desktop, Post that and your new Hijack This log here. Hopefully the problem will be fixed by this time. Good luck.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Knapkin, are you still having problems? also, post the contents of "log.txt" that's on your desktop.
  • welly
  • Newbie
  • Newbie
  • welly
  • Posts: 6

Post 3+ Months Ago

Just wanted to say thank you for your time and solving the problem so quickly. My friend's laptop is now running as good as new and even if he doesn't know what Task Manager, regedit and msconfig are at least I know that they are running okay!

Once again, thank you

welly
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

No problem. Glad things are working again. :)
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Anyone wanting to post their Hijack This log, please make a new topic with the title: Hijack This Log - Description of the problem.

This thread is becoming untenable.

Also, before posting your Hijack This Log, please use either Spybot S&D or Adaware.

See this thread for further resources: http://www.ozzu.com/mswindows-forum/highjackthis-and-spyware-removal-resources-and-tips-t31034.html

Post Information

  • Total Posts in this topic: 132 posts
  • Users browsing this forum: No registered users and 79 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.