Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Regedit keeps closing

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Regedit keeps closing

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 20-12-2004, 09:22 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Regedit keeps closing
I'm trying to do a complete delete and reinstall of Sygate Firewall but cant keep regedit open I have run Spybot and adaware but still cant keep it open presently am having to run without firewall :-(
This is the log from Hijackthis but cant find whats wrong

Logfile of HijackThis v1.99.0
Scan saved at 20:12:10, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINNT\system32\ipconfig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Help please !!!!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 20-12-2004, 10:28 PM
spud's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Aug 2004
Posts: 1,658
spud is just really nicespud is just really nicespud is just really nicespud is just really nicespud is just really nice
Re: Regedit keeps closing
hello kinlaird welcome to dal the online computer help forum i see that you have run both spybot and adaware were they both the most recent editions if not could you please update them and posta fresh hijack this log please then some body will have a lok at your log please be patient because rthey are very busy at the moment

thanks
hope this helps
__________________
DOWNLOADS

NCFC rule

OWENS HELP

Yeti sports

Microsoft Help

latest DirectX 9c here

hijacthis

have a laugh

If it dont fit...force it. If ya cant force it...get a bigger hammer. If it breaks...it probably needed replacing anyway.

APPROVED MICROSOFT BETA TESTER
There are 10 kinds of people in the world:
Those who understand binary & those who don't.


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 20-12-2004, 10:45 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
Thanks for the reply Spud I updated spybot and adaware before running them and all the win 2000 security updates are installed I an also running an uptodate antivir virus checker which is run and updated daily
System has also been running really slow just lately

Thanks for any help you can shed on this I have looked at previous replies but cant see the problem.

Logfile of HijackThis v1.99.0
Scan saved at 21:43:27, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Turnpike\Connect.exe
C:\PROGRA~1\Turnpike\Turnctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5764F518-D7DE-4EBC-8D52-5CAA3E1F0C8E}: NameServer = 158.152.1.43 158.152.1.58
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 20-12-2004, 10:56 PM
spud's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Aug 2004
Posts: 1,658
spud is just really nicespud is just really nicespud is just really nicespud is just really nicespud is just really nice
Re: Regedit keeps closing
a moderator called owen is the dogs on these i will leave this for him to have a look at
__________________
DOWNLOADS

NCFC rule

OWENS HELP

Yeti sports

Microsoft Help

latest DirectX 9c here

hijacthis

have a laugh

If it dont fit...force it. If ya cant force it...get a bigger hammer. If it breaks...it probably needed replacing anyway.

APPROVED MICROSOFT BETA TESTER
There are 10 kinds of people in the world:
Those who understand binary & those who don't.


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 20-12-2004, 11:56 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
Thanks I will keep plodding on trying to find it as well :-)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 21-12-2004, 12:20 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
WAYHEY
I have just run Xoftspy which found more spyware and I seem to have got regedit back for now :-) I have run Hijack again and this is the new log after Xoftspy and a reboot I will just go and edit the registry but it now seems clean.
If you can see anything "dodgy" please let me know

Thanks for your time all :-)

Logfile of HijackThis v1.99.0
Scan saved at 21:43:27, on 20/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\SVHOST.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\umxlu32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Turnpike\Connect.exe
C:\PROGRA~1\Turnpike\Turnctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5764F518-D7DE-4EBC-8D52-5CAA3E1F0C8E}: NameServer = 158.152.1.43 158.152.1.58
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 21-12-2004, 12:49 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
I spoke to early Its still happening but regedit opens for about 10 seconds now. I also notice that my CPU (P3 900) is permanently running at 100% although I have 768meg of RAM installed
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 21-12-2004, 03:49 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
I seem to have found a file called UMXLU32.exe which is using a lot of the memory and after turning it of in task manager the whole system quickens up again
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 21-12-2004, 08:33 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Regedit keeps closing
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\winserver.exe
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll (file missing)
O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
O4 - HKLM\..\Run: [live update monitor] umxlu32.exe
O4 - HKLM\..\RunServices: [WindowsRegistration] winupda.exe
O4 - HKLM\..\RunServices: [live update monitor] umxlu32.exe
O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Delete the following files and folders. Search for files that don't have a specific location:
C:\WINNT\system32\winserver.exe
C:\WINNT\system32\umxlu32.exe
C:\WINNT\system32\SVHOST.EXE (WARNING: svchost.exe is valid, whearas svhost is similar to confuse users)
winupda.exe

Reboot and post a fresh log
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 22-12-2004, 11:53 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 7
Kinlaird Is a beginner here at D-A-L
Re: Regedit keeps closing
Thanks for the reply Owen
I applied everything you said and it did seem to be working. After a later reboot I suddenly got the Win2K Bluescreen of death :-((((((((
Seems like there was a pretty vicious virus in there :-( Anyway I have kept the drive intact and reformatt another drive I will repost the "clean" log on here as soon as I get chance to extract it from the old drive :-) Thanks for trying. I really mus set up the raid controller ive always promised myself LOLOL
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Regedit closing... Akingage Spyware, Adware, Viruses and HijackThis Logs 1 10-04-2007 03:27 AM
Can't access my REGEDIT mrross Windows XP Help 1 03-09-2006 05:43 AM
Taskman, Regedit disappear ......... (RESOLVED) LOCALACCT Spyware, Adware, Viruses and HijackThis Logs 12 20-04-2006 03:49 PM
Regedit johnisfree1951 Windows XP Help 1 03-03-2006 11:26 PM
Hijack this log - cant get into regedit or task mgr. lurla Spyware, Adware, Viruses and HijackThis Logs 25 30-06-2005 07:41 PM


All times are GMT +1. The time now is 05:23 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav