TechSpot

Task Manager, Regedit, MSConfig wont work

By mrprimo55
Nov 8, 2004
  1. I'm having a couple problems and I think they are all probably related but I dont know how to fix them. First, TaskManager doesnt work. When I press Ctrl+Alt+Delete, the windows comes up and then disappears as so as it comes up. My second problem is that when I try to run msconfig from the Run window, it pops up and disappears just like the TaskManager window. Lastly, when i try to run regedit from the Run window, nothing happens. I'm guessing that these problems are all related? Is something corrupted on my system? Im running XP Home SP1. My virus definitions are all update and I ran a virus scan with Norton Antivirus 2005 and Panda ActiveScan, but neither found anything. spybot and adaware scans both came up clean. I also ran a Symantec search for the w32.Klez worm and the W32.Yaha worm, both came up negative. Does anyone know what might be wrong? I ran HijackThis and I couldn't find anything that appeared out of the ordinary, but I figured I'd post the log below just in case I missed something. Any help would be greatly appreciated. Thanks.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:56:19 PM, on 11/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Documents and Settings\Ryan Scott\Desktop\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Kazaa Lite] KAZAALITE.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
     
  2. bbf

    bbf TS Rookie

    msconfig, task manager open/close

    I have a problem with msconfig, and task manager closing immediately after opening. original problem was Norton Antivirus as part of Systemworks, being disabled and email scanning turned off and i was unable to change. I am attaching the HijackThis log from the merijn.org website.
    Logfile of HijackThis v1.98.2
    Scan saved at 10:46:13 PM, on 11/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\QTIMER.EXE
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Brad\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50168
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usachoice.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50168
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50168
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8083
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Program Files\Toolbar\toolbar.dll
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
    O2 - BHO: (no name) - {18AC375C-E214-77C2-8052-64550DF12B1F} - (no file)
    O2 - BHO: SDWin32 Class - {22DFB4D1-4521-4193-8494-F6B022C72B0A} - C:\WINDOWS\System32\vferf.dll
    O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Program Files\Toolbar\toolbar.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
    O2 - BHO: FavoriteMan Class - {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - (no file)
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: (no name) - {55910916-8B4E-4C1E-9253-CCE296EA71EB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Quicktime Runtime] QTIMER.EXE
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [EZNXP] C:\PROGRA~1\EZN\EASYIN~1\eznorun.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKCU\..\RunOnce: [Quicktime Runtime] QTIMER.EXE
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Web Savings - file://C:\Program

    I couldn't post it all at once but will post the remainder on request.
    Thanks for any and all help. I also have the startup list from merijn.org and the results from running Panda but too many characters for one post.
     
  3. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Well, the Toolbar entries from Program Files absolutely scream spyware. Your Task Manager and msconfig being disabled point at some sort of a virus. Try a virus scan with less known and less vulnerable virus scanner like the online scan from www.trendmicro.com or F-Prot for Windows trial from www.f-prot.com.

    Also, run anti-spyware utilities that are actually capable of removing something - Ad-Aware and Spybot. Hijackthis is nice, but it is no real help to an average user.

    And lastly.. Don't use Internet Explorer or Outlook Express.
     
  4. StormBringer

    StormBringer TS Rookie Posts: 2,244

    Well, as Nodsu pointed out, you say that Norton was disabled, msconfig and Task Manager won't open... those are classic signs of a virus. Many newer virii will attempt to disable the AV software and your ability to look at and disable running processes. You can try booting to Safe Mode, run msconfig and see if it will open there(many times it will) then try disabling all startup items not required by Windows, also turn off system restore, then try to identify and remove the virus. After that, turn system restore back on if you use it and set the items you want in startup again.
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You seem to have done your homework already.
    The one item still sticking out is Kazaa. Get rid of that sh.t. (rhymes nicely)
    Then go here: http://www.webroot.com/services/spyaudit_03.htm
    It will D/L a spy-sweeaper program. Save it to disk, then double-click it to run. Let your firewall pass it. If they don't find anything, we will have to look deeper into it.
    Good luck
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  7. mrprimo55

    mrprimo55 TS Rookie Topic Starter Posts: 19

    I got rid of Kazaa, even though it wasnt bad because it was Kazaa-Lite. I ran the Spy Audit and it came up empty. Any ideas as to what's goin on?
     
  8. bbf

    bbf TS Rookie

    I did run Spybot and removed everything it found. Also, msconfig does work in safe mode. i will try the sites you all have suggested and post back my results. thanks.
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  10. mrprimo55

    mrprimo55 TS Rookie Topic Starter Posts: 19

    nope its not the sasser worm. any other ideas?
     
  11. Gunny

    Gunny TS Rookie Posts: 66

    It is obviously a virus/worm that has disabled these things to prevent you finding/stopping/removing it.

    You might try Googling everything in the HJT log that you don't know and see what you come up with.

    You have Spybot but do you have Ad-aware (free)? Other free utilities that you might want to get and become familiar with are RegCool and RegCleaner.

    Also, if you are running the Windows firewall or no firewall get a good firewall such as the free ZoneAlarm.
     
  12. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  13. Shiney

    Shiney TS Booster Posts: 157

    I had same problems on a machine the other day, the problem files i came up with where, ntsysman.exe, cool.exe, bling.exe.

    I cured it by.

    Starting up in safe mode, entering regedit and removing all suspicious files within the run directories. ps you can also run msconfig in safe mode.
    Stop system restore to clear virus backups.
    (Re-enable when done)
    Download latest stinger software from http://www.vil.nai.com/vil/stinger/
    Run this.
    At a command prompt type sfc /purgecache then sfc /scannow to check system files are ok.

    Hopefully this will solve your problem.
     
  14. bbf

    bbf TS Rookie

    Still having problems

    I have downloaded and run CWShredder, Adaware, and Spybot, removing all the suspicious files they found. I have had my system scanned at Panda and trendmicro.com, removing all the suspect files they found. I downloaded the free AVP from f-prot.com and ran it.
    I still can't get msconfig or task manager to stay open. regedit says "this application has failed to start because clb.dll was not found. Re-installing the application may fix this problem". Another quirk is that I cannot right click on the desktop without getting a message that explorer must shut down.
    This appears to be the same problem that mrprimo55 is having. The problem coincidently seemed to surface about the same time that SP2 was downloaded and installed. The original problem was that my Norton AV was disabled and email scanning turned off by something and I was not able to re-enable the AV program. Microsoft support suggested I uninstall Norton Systemworks(which is like pulling teeth since I have never been able to get it unintalled with the install/uninstall program in the control panel) and repair XP with the reinstallation CD. I have the Hijackthis log if anyone thinks that will help. I'm almost to the point of reformatting. Help!
     
  15. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    To get Norton out, you need to D/L a special uninstall program from Symantec's website.
    It will take you probably half a day or more to remove all traces of Norton, IF you manage at all.
    Take a backup of your important and personal files, then format your PC and install XP with SP1 and all the updates. Do NOT install SP2.

    You can still post your HJT-log here, before you take this step.
     
  16. bbf

    bbf TS Rookie

    I ran Hijackthis minutes ago, here is the log:
    Logfile of HijackThis v1.98.2
    Scan saved at 11:18:39 AM, on 11/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\FSI\F-Prot\fpavupdm.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Brad\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usachoice.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8083
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {18AC375C-E214-77C2-8052-64550DF12B1F} - (no file)
    O2 - BHO: SDWin32 Class - {22DFB4D1-4521-4193-8494-F6B022C72B0A} - C:\WINDOWS\System32\vferf.dll
    O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Quicktime Runtime] QTIMER.EXE
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [EZNXP] C:\PROGRA~1\EZN\EASYIN~1\eznorun.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/overball/install.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab

    Its certainly a lot better since removing a lot of the crap with Adaware and Spybot. I'm down to two problems now as Msconfig and Task Manager both stay open now (not sure which cleansing fixed which problem).
    Problem 1, while doing a repair installation of XP, I get a message that Files needed The file 'igfxpph.dll on Intel(R) Extreme Graphics Windows 2000/XP Installation Disk is needed. Type the path whre the file is located and click ok. The problem is the Windows XP Home Edition Reinstallation CD is in the CD-ROM. My display is now affected. Where can I find this file to download if its not on the XP Home Edition CD? and
    2) regedit still won't open because regedit.exe unable to locate componenet cpl.dll was not found, reinstalling the application may help. How do I do this? Thanks for all the help so far.
     
  17. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    bbf:

    Your PC is still inundated with spyware.
    You are running 2 anti-virus programs, Norton and F-Prot, at the same time, that is a No-No.
    Stop Quicktime from loading automatically at startup.
    If you are no longer using a dial-up modem, but are on cable or broadband, stop/uninstall BCMSMMSG.exe and anything to do with it. Then you might as well take the modem out, and remove it via Device Manager.
    Remove the "related.htm" from Microsoft IE. It is Alexis-spyware related. (I left it for HJT to remove).
    If you can, get rid of AOL and start using a normal ISP. It is an enormous pain though, to get rid of AOL, almost as bad, if not worse, as Norton/Symantec.
    Then install Firefox and stop using IE, unless it is for Windows Updates.

    Now boot into Safe Mode (press F8 a few times at PC-startup), and with NO other programs running, first run CWShredder again.
    Check C:\Program Files\MyWebSearch if there is still anything in it. If it is gone, fine.
    Otherwise leave it for the moment.

    Then run HJT and let it "fix" the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usachoice.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.usachoice.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8083
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: (no name) - {18AC375C-E214-77C2-8052-64550DF12B1F} - (no file)
    O2 - BHO: SDWin32 Class - {22DFB4D1-4521-4193-8494-F6B022C72B0A} - C:\WINDOWS\System32\vferf.dll
    O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - (no file)

    O4 - HKCU\..\Run: [EZNXP] C:\PROGRA~1\EZN\EASYIN~1\eznorun.exe
    O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab27571.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab30149.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab28177.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...all/install.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab30149.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/.../dwnldr_ext.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...wn.cab27571.cab

    After HJT, check C:\Program Files\MyWebSearch if there is still anything in it. If so, delete the whole thing.

    Report back when you are done, with a fresh HJT.
     
  18. bbf

    bbf TS Rookie

    I was able to download the driver for the video adapter from Intel so I only have one problem left, other than removing the the spyware you suggest. Is there anyway to fix regedit so I can finish the manual uninstall of Norton Systemworks? Dell tells me I have to do a complete install of XP which I don't want to do unless absolutly necessary. Norton is acually somewhere in limbo Half installed and/or half uninstalled, that's why i really need regedit to completet the uninstall. At this time too, I'm still on dial up but changing over to cable so I still need the usachoice stuff. Thanks.
     
  19. winejab

    winejab TS Rookie

    TAsk Manager

    I couldnt tell if you got your task manager issue figured out or not.
    If you didn't I've had the same problem for some time now and while in safe mode yesterday tried running my antivirus program, it wouldn't. I ran the free Panda antivirus program from the net. Anyway, it ran for two hours, found 1 virus and that was it. Task manager is back and working.
    Good luck.
    Jim
     
  20. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    click Start/Run and type in: sfc /scannow
    It will tell you which system-files are missing and/or need to be replaced.
    Write them down, and have a friend with XP email them to you (or burn on a CD).
    Easier would be to just borrow a regular XP Home or Pro CD (not the Dell one).
    That way you get regedit running again.
     
  21. StormBringer

    StormBringer TS Rookie Posts: 2,244

    actually, the system files should be able to be pulled off that Dell XP CD, the ONLY differnece in it and a retail one is that it doesn't come with a box or manual, and the COA(certificate of Authenticity) is on the machine. Contrary to popular belief, it doesn't even check for a "dell" BIOS. It also doesn't have any "extras" such as Dell Wallpaper or screensaver that may have been on the machine to begin with. The Windows CD is just a Wondows CD with Dell printed on the label.

    PS: Dell told you to reinstall XP because they do not support advanced functions of the OS such as regedit, they also don't support virus/spyware removal or any other such repairs. Dell will only support the proper functioning of your hardware and basic OS functions relating to it.

    Also, you should have gone to support.dell.com to get the video driver, not Intel, same for all your other drivers.
     
  22. bbf

    bbf TS Rookie

    Great, now msconfig works, task manager works, but this new function sfc / scannow doesn't. Just like the other two did before, it seems to open but then closes before I can see what it says??? I'm really starting to hate computers (more than I already did). Ideas?
     
  23. mrprimo55

    mrprimo55 TS Rookie Topic Starter Posts: 19

    i did all that and im still having the same problems. haha. everything works fine its just that i cant open task manager, msconfig, and regedit. theres no way it could be a virus. at least i dont think so. ive tried everything i can think of. any ideas?
     
  24. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Two threads merged about the same subject, this and "msconfig, task manager open/close
     
  25. Gunny

    Gunny TS Rookie Posts: 66

    bbf,

    You have to insert the Windows XP CD and exit its installation menu before you do sfc/scannow.

    When sfc/scannow runs it will take quite some time (45 mins on my laptop PC) and the progress bar will creep along very very slowly. You have to look at very closely to see any slight movement - otherwise you might think, wrongly, that it has stalled. When it finishes it will simply end - it won't give any kind of feedback or anything.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...