Tech Support Forum - View Single Post - TASKMGRU.EXE, MSIMN32.EXE, BHOASS.DLL help!!!!!!!!!

deebo2005 · 04-15-2005, 08:26 PM

Ok I did everything you said and I even went through and deleted some other regitry values such as the clsid value for bhoass and some values in the Internet Explorer\Main\ in the Local Machine. They still came back after I rebooted. Here is the following information you requested:

MSIMN32.EXE - size: 30.5kb, size on disk: 32kb, Created: June 19, 2003 03:05:04, Modified June 19, 2003 03:05:04, Accessed: April 15, 2005 10:21:49.

TASKMGRU.EXE - size: 30.5kb, size on disk: 32kb, Created: June 19, 2003 03:05:04, Modified June 19, 2003 03:05:04, Accessed: April 15, 2005 10:21:49.

The Hijackthis analyized log is:

Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:12:21 PM, on 4/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\system32\TASKMGRU.EXE
C:\WINNT\system32\MSIMN32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\WINNT\system32\TASKMGRU.EXE
C:\WINNT\system32\MSIMN32.EXE
C:\Cannibus\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BHDP Class - {1A1488CB-8028-49ba-AD19-18D13CDC650F} - C:\WINNT\bhoass.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\System32\mstask.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [TASKMGRU] C:\WINNT\system32\TASKMGRU.EXE
O4 - HKCU\..\Run: [MSIMN32] C:\WINNT\system32\MSIMN32.EXE
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-dev.ubisoft.com/de.../GSManager.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/co...y/iesnoopy.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...6/dlhelper.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

End of KRC HijackThis Analyzer Log.
====================================================================

There has to be a file that regenerates all these files but I can't figure out what it is. Also I know that these files weren't created June 19, 2003.

04-15-2005, 08:26 PM	#3 (permalink)
deebo2005 Registered User Join Date: Apr 2005 Posts: 5 OS: Win2000	Ok I did everything you said and I even went through and deleted some other regitry values such as the clsid value for bhoass and some values in the Internet Explorer\Main\ in the Local Machine. They still came back after I rebooted. Here is the following information you requested: MSIMN32.EXE - size: 30.5kb, size on disk: 32kb, Created: June 19, 2003 03:05:04, Modified June 19, 2003 03:05:04, Accessed: April 15, 2005 10:21:49. TASKMGRU.EXE - size: 30.5kb, size on disk: 32kb, Created: June 19, 2003 03:05:04, Modified June 19, 2003 03:05:04, Accessed: April 15, 2005 10:21:49. The Hijackthis analyized log is: Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 10:12:21 PM, on 4/15/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\system32\TASKMGRU.EXE C:\WINNT\system32\MSIMN32.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Steam\Steam.exe C:\WINNT\system32\TASKMGRU.EXE C:\WINNT\system32\MSIMN32.EXE C:\Cannibus\Hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: BHDP Class - {1A1488CB-8028-49ba-AD19-18D13CDC650F} - C:\WINNT\bhoass.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\System32\mstask.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [TASKMGRU] C:\WINNT\system32\TASKMGRU.EXE O4 - HKCU\..\Run: [MSIMN32] C:\WINNT\system32\MSIMN32.EXE O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-dev.ubisoft.com/de.../GSManager.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/co...y/iesnoopy.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/import/emailimport.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhel...6/dlhelper.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe End of KRC HijackThis Analyzer Log. ==================================================================== There has to be a file that regenerates all these files but I can't figure out what it is. Also I know that these files weren't created June 19, 2003.