Regedit keeps closing
-
Regedit keeps closing
I'm trying to do a complete delete and reinstall of Sygate Firewall but cant keep regedit open I have run Spybot and adaware but still cant keep it open presently am having to run without firewall :-(
This is the log from Hijackthis but cant find whats wrong
Logfile of HijackThis v1.99.0
Scan saved at 20:12:10, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINNT\system32\ipconfig.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Help please !!!!!
-
hello kinlaird welcome to dal the online computer help forum i see that you have run both spybot and adaware were they both the most recent editions if not could you please update them and posta fresh hijack this log please then some body will have a lok at your log please be patient because rthey are very busy at the moment
thanks
hope this helps
-
Thanks for the reply Spud I updated spybot and adaware before running them and all the win 2000 security updates are installed I an also running an uptodate antivir virus checker which is run and updated daily
System has also been running really slow just lately
Thanks for any help you can shed on this I have looked at previous replies but cant see the problem.
Logfile of HijackThis v1.99.0
Scan saved at 21:43:27, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Turnpike\Connect.exe
C:\PROGRA~1\Turnpike\Turnctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5764F518-D7DE-4EBC-8D52-5CAA3E1F0C8E}: NameServer = 158.152.1.43 158.152.1.58
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
-
a moderator called owen is the dogs on these i will leave this for him to have a look at
-
Thanks I will keep plodding on trying to find it as well :-)
-
WAYHEY 
I have just run Xoftspy which found more spyware and I seem to have got regedit back for now :-) I have run Hijack again and this is the new log after Xoftspy and a reboot I will just go and edit the registry but it now seems clean.
If you can see anything "dodgy" please let me know
Thanks for your time all :-)
Logfile of HijackThis v1.99.0
Scan saved at 21:43:27, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Turnpike\Connect.exe
C:\PROGRA~1\Turnpike\Turnctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5764F518-D7DE-4EBC-8D52-5CAA3E1F0C8E}: NameServer = 158.152.1.43 158.152.1.58
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
-
I spoke to early Its still happening but regedit opens for about 10 seconds now. I also notice that my CPU (P3 900) is permanently running at 100% although I have 768meg of RAM installed
-
I seem to have found a file called UMXLU32.exe which is using a lot of the memory and after turning it of in task manager the whole system quickens up again
-
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Delete the following files and folders. Search for files that don't have a specific location:
C:\WINNT\system32\winserver.exe
C:\WINNT\system32\umxlu32.exe
C:\WINNT\system32\SVHOST.EXE (WARNING: svchost.exe is valid, whearas svhost is similar to confuse users)
winupda.exe
Reboot and post a fresh log
-
Thanks for the reply Owen
I applied everything you said and it did seem to be working. After a later reboot I suddenly got the Win2K Bluescreen of death :-((((((((
Seems like there was a pretty vicious virus in there :-( Anyway I have kept the drive intact and reformatt another drive I will repost the "clean" log on here as soon as I get chance to extract it from the old drive :-) Thanks for trying. I really mus set up the raid controller ive always promised myself LOLOL
