Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

crazy Task Manager probs

Started by Slosh , Apr 12 2005 04:24 AM

  • This topic is locked This topic is locked

#1
Slosh
Posted 12 April 2005 - 04:24 AM

Slosh

    New Member

  • Member
  • Pip
  • 1 posts
Hello,
This is a problem I have not been able to fix using any spyware or adware programs. I have run Ad-Aware SE and Spybot, as well as McAfee Virus scan. No luck. The problem I am having is that a program keeps appearing in my task manager (XP). It usually only uses about 160k of memory and 00 in CPU, but I don't like it there. When I "End Process", a new file takes its place, with what appears to be a random name. I can find the file(s) in Windows\System32\, but deleting them there produces the same results...replaced with another file. They are all .exe's and as I said the name appears random. For example, currently, I have a file named actios.exe in Task Manager. If I end process, it changes to epikucq.exe, then I end again and I get dihlqg.exe.....etc, etc.

Anyway, here is my Hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 6:14:48 AM, on 4/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\CTSVCCDA.EXE
g:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
G:\Program Files\M-Audio MobilePre\Install\MPInst.exe
G:\WINDOWS\System32\svchost.exe
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
G:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
G:\PROGRA~1\mcafee.com\agent\mcagent.exe
G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
g:\progra~1\mcafee.com\vso\mcvsescn.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\ATI Multimedia\main\ATIDtct.EXE
G:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
G:\Program Files\ATI Multimedia\main\ATISched.EXE
g:\progra~1\mcafee.com\vso\mcvsftsn.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia keyboard utility\1.3\KBDAP32A.EXE
G:\Program Files\MSN\MSNCoreFiles\msn.exe
g:\program files\mcafee.com\vso\mcmnhdlr.exe
g:\program files\mcafee.com\shared\mghtml.exe
D:\My Downloads\modules.exe
g:\windows\system32\actios.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - G:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - G:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - G:\WINDOWS\system32\nsj59.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - g:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [VSOCheckTask] "g:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "g:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] g:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] G:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [sfaniii] g:\windows\system32\actios.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] G:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] G:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Scheduler] G:\Program Files\ATI Multimedia\main\ATISched.EXE
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - G:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - G:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: License Management Service ESD - Unknown owner - G:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - g:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - G:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - g:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - Nemesis - G:\Program Files\M-Audio MobilePre\Install\MPInst.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - G:\WINDOWS\svcproc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - G:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

At one point, it also appeared that there was an additional connection under "Networking" in Task Manager, but I do not seem to have that problem right now. I do have a wireless router in house, and it may be that a neighbor has found access, but I can't be sure.

Thanks for any help...Brian (aka Slosh)
  • 0

Advertisements

#2
Guest_thatman_*
Posted 11 May 2005 - 06:17 PM

Guest_thatman_*
  • Guest
Hi Slosh

If you are still in need of help post a new HJT.log

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP