1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strange XP problem

Discussion in 'Windows XP' started by bobz80, Feb 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. bobz80

    bobz80 Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    6
    This is a rather strange problem, but I seem to be having problems with System programs. Whenever i press control+alt+delete, the window opens and automatically closes. When I do it again, the same thing happens. In the system tray, I can see an icon appearing every time I do this - but when i put the mouse over the icon, it disappears! I can't keep the window open at all, or open it once it disappears. Then i tried to run msconfig and the same thing happens - the window pops up and then it closes. I've run mcafee antivirus, pc bug doctor and Adaware se to search for viruses or spyware, and nothing comes up. I did quarantine two viruses i found last week - but i can't clean the files. Here is the information of the quarantined files:
    File Name: Original Location: Quar. Date: Status:
    -FireDaemon.exe C:\WINDOWS\security 2/4/2005 FireDaemon
    -msagent.exe C:\WINDOWS\security 2/4/2005 ServUDaemon

    It says under status that these are potentially unwanted programs. Im not sure if this is the reason im having problems, but its the only thing I could come up with. Please help.
    Sincerely,
    Robert Pinella
     
  2. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
  3. rebelmusic

    rebelmusic

    Joined:
    Feb 4, 2005
    Messages:
    255
    Has that problem before. I got rid of it by doing a Norton scan whilst in safe mode and then doing a full adaware scan. All was well when I booted back up
     
  4. bobz80

    bobz80 Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    6
    I put my computer into safe mode and ran Mcafee virus scan, as well as adaware SE. In safe mode, I was able to run MSconfig and control+alt+delete. The virus scan came up with the same two programs - FireDaemon.exe and msagent.exe. So I deleted them again, and re-booted. I even ran checkdisk to check my hard drive for errors. When I re-booted, the computer seemed to run better, and my connection to the internet has improved(Before I was getting kicked off for no reason). However, I still cannot press control+alt+delete nor run msconfig. The same thing is happening - the window opens and it automatically closes. Any other suggestions? Please help. Thank you.
    Robert Pinella
     
  5. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,889
    First Name:
    Rob
    Create a folder on your computer, anywhere you want, called Hijackthis. Into that folder download Hijackthis. Then extract it into that folder and run it. When you run it choose the 'Do a System Scan and Save a Log File'. Save the log and then copy and paste the contents of that log into your next post. Don't fix anything in the program yet.

    http://www.tomcoyote.org/hjt/
     
  6. bobz80

    bobz80 Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    6
    Logfile of HijackThis v1.99.0
    Scan saved at 9:18:41 PM, on 2/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\WINDOWS\GWHotKey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\windowsupdate.exe
    C:\WINDOWS\System32\wutemp.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\VpTraymgr2.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\csrss.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\WINDOWS\System32\winsbd32.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
    O1 - Hosts: 69.64.51.53 games.zone.com
    O1 - Hosts: 69.64.51.53 update.microsoft.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WinsRegKey updates] windowsupdate.exe
    O4 - HKLM\..\Run: [Windows Update Service] wutemp.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Microsoft SpA Service] winsbd32.exe
    O4 - HKLM\..\Run: [Winsock2 driver] VpTraymgr2.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Windows Driver Config] C:\WINDOWS\csrss.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\RunServices: [WinsRegKey updates] windowsupdate.exe
    O4 - HKLM\..\RunServices: [Windows Update Service] wutemp.exe
    O4 - HKLM\..\RunServices: [Microsoft SpA Service] winsbd32.exe
    O4 - HKCU\..\Run: [WinsRegKey updates] windowsupdate.exe
    O4 - HKCU\..\Run: [Microsoft SpA Service] winsbd32.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\RunOnce: [Winsock2 driver] VpTraymgr2.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1081EB8-0698-4647-8CA8-972B684D9D80}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: FireDaemon Service: msagent - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)
    O23 - Service: FireDaemon Service: netclient - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: FireDaemon Service: winsecure - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)
     
  7. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,889
    First Name:
    Rob
    Remove these in Hijackthis:
    O4 - HKLM\..\Run: [WinsRegKey updates] windowsupdate.exe
    O4 - HKLM\..\Run: [Windows Update Service] wutemp.exe
    O4 - HKLM\..\Run: [Microsoft SpA Service] winsbd32.exe
    O4 - HKLM\..\Run: [Winsock2 driver] VpTraymgr2.exe
    O4 - HKLM\..\Run: [Windows Driver Config] C:\WINDOWS\csrss.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\RunServices: [WinsRegKey updates] windowsupdate.exe
    O4 - HKLM\..\RunServices: [Windows Update Service] wutemp.exe
    O4 - HKLM\..\RunServices: [Microsoft SpA Service] winsbd32.exe
    O4 - HKCU\..\Run: [WinsRegKey updates] windowsupdate.exe
    O4 - HKCU\..\Run: [Microsoft SpA Service] winsbd32.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] VpTraymgr2.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O23 - Service: FireDaemon Service: msagent - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)
    O23 - Service: FireDaemon Service: netclient - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)
    O23 - Service: FireDaemon Service: winsecure - Unknown - C:\WINDOWS\security\FireDaemon.exe (file missing)

    Then go to housecall.trendmicro.com and do their free online scan. Post the names of the virus' found on your system.
     
  8. bobz80

    bobz80 Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    6
    I deleted those entries in hijackthis, and I went to housecall.trendmicro.com to run their free virus scan software. I detected the following virus:

    TROJ KILLPROC.H C:\WINDOWS\System32\msupdate.exe

    Should I delete this file? I haven't deleted it yet, because I don't know if this is a necessary system file. Please advise. Thank you for all your help.
    Robert Pinella
     
  9. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
  10. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,889
    First Name:
    Rob
    Its not a system file at all, delete it and run CWShredder.
     
  11. bobz80

    bobz80 Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    6
    I deleted that virus msupdate.exe, and ran hijackthis again. I had to delete two more items that appeared in the list again from the last time i ran a scan

    O4 - HKCU\..\RunOnce: [Winsock2 driver] VpTraymgr2.exe
    O4 - HKLM\..\Run: [Winsock2 driver] VpTraymgr2.exe

    But I am still having a problem with windows system programs - I still cannot use control+alt+delete, msconfig, and regedit - the windows open and then close automatically. Please let me know if you have any ideas as to what could be causing this or how to fix it. Thank you.
    Robert
     
  12. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,889
    First Name:
    Rob
    Maybe try running the free AVG Antivirus program: www.grisoft.com to see if it picks any more infections.

    Then post a new hijackthis log.
     
  13. tte2004

    tte2004

    Joined:
    Feb 9, 2005
    Messages:
    9
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\WINRAR32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Documents and Settings\Chance Kruse\My Documents\HijackThis19802.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1061
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE
    O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Ive gone into safe mode deleted everything I can, Ive run adware, spybot, avg, norton, NOTHING SEEMS TO WORK! I can't ctrl alt delete, I cant do regedit and its pissing me off. Please Help! Thanks!
     
  14. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,889
    First Name:
    Rob
    These are the problem files:
    O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
    O4 - HKCU\..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
    O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE

    You need to remove these entries and then find and delete all three filees and all copies of them. Note their location and delete them from there then do a search and delete any remaining copies.

    This program may help to delete the files: http://www.softwarepatch.com/software/moveonboot.html

    These can't be removed as well to improve system performance but they are not malicous files and you should not actually delete the files. Check and remove them in Hijackthis:
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327161

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice