Startup error message: taskmanager.exe missing

Hey all,

After several hours yesterday of teeth-gnashing frustration trying to get Norton Antivirus 2005 to work on my system, I decided to take a break and google around and see what experiences others had had with it. To my delight, the reviews were largely negative and described much the same problems I was encountering. I took Norton back and got PC-cillin Internet Security 2005, which was recommended by Cnet. It worked great, although it did take me awhile to get everything updated and running.

However, I still have one lingering issue: whenever I boot up I get an error message stating that "taskmanager.exe" (NOT taskmgr.exe) is missing. Interestingly, when I Ctrl-Alt-Del, the Task Manager window comes up without a problem. After I had installed PC-cillin I got error messages stating that there were trojans in taskmanager.exe. When I did my scans I instructed PC-cillin to quarantine infected files, and if they could not be fixed then they should be deleted. Since Task Manager works fine, this message seems to me to be possibly another malicious code of some kind.

I googled for this error message but couldn't find anything. Thoughts?

Many thanks in advance!

 

Hi

Not familiar with what virus or malware taskmanager.exe is associated with but what sounds lke has happened is your antivirus has removed the infected file taskmanager.exe, but there are still leftover references to the file in the system.

First thing i would do is this:

Go to the Start button
Select Run
Type regedit and click ok
Go to this key by clicking on the folders mentioned (the + symbol to open up subfolders as you go)

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

Remove any entries that mention taskmanager.exe

If it doesnt stop the message, it must have put references in other system files as well, like win.ini, sys.ini, autoexec.bat etc.

Let me know if teh first suggestion doesnt work.

 

Hi,

taskmanager.exe is a worm!

Information here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.elitper.a@mm.html
And, here:
http://castlecops.com/s7063-TASKMANAGER_exe.html

I got lots of hits.
http://www.google.com/search?biw=1007&hl=en&q=taskmanager.exe

HTH,
ski123

 

Hi Dez,

Thanks for responding to my post! Sorry it was in the wrong place, but I'll get the hang of things quickly! I've done a little Registry editing to remove other malware, but I couldn't find anything under the address you mentioned.

Even though I don't have Norton anymore, I checked the page that was provided by the other poster and also followed the instructions on Symantec's webpage for removal of the many entries this malware is supposed to introduce but couldn't find anything.

It seems I need to either replace the file or delete the references to it. Any suggestions would be deeply appreciated!

David Simmons

 

Also look in the Startup group in your Start menu for any programs called taskmanager being launched from there.

Now it is possible that this program (taskmanager.exe) is referred to by another program that is launched during startup. This happens as some programs come with embedded adware or virus files. Free programs you get from the internet are most likely to cause it.

If you dont have anything called taskmanager in your Startup group above, please write me a list of the following...what you do have running in Startup, and go to the registry key i suggest in my first post (./.././RUN) and write down what you have running there. Alternatively you can POST a log here using HijackThis. Ask how to do this if needed.

Finally small chance it is referred to in the autoexec.bat file, found in c:\. If you can find a autoexec file in c:\ Right click on it and choose Edit....then look for any references to taskmanager.exe and remove where applicable

You may have other files called Autoexec. something, like Autoexec.abc. These are not the ones you want to edit. Autoexec.bat often will show up as plain old Autoexec as.bat is a known file extension in Windows. Known extensions are usually hidden (like you word docs often are only showing the doc name and not .doc when viewed in a list.

 

Hey Dez,

I looked at this Registry address again:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

but found nothing mentioning "taskmanager.exe" I don't know how to copy what is displayed here. Suggestions?

I have HijackThis v1.99.1. The logfile follows below. I no longer use Internet Explorer 'cause it bites. Are there some entries I can delete here to stop getting the error message that "Internet Explorer has encountered a problem and needs to shut down "?

I've also been getting an error message during shutdown (that flashes on the screen to quickly I can barely read it). I believe it says it's having trouble shutting down "sgtray" or something similar. Related issue?

Many thanks for your help so far!

Logfile of HijackThis v1.99.1
Scan saved at 1:11:06 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\gmsne4hy\gmsne4hy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\gmsne4hy\74171412.exe
C:\Program Files\gmsne4hy\gmsne4hy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Playpen\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe taskmanger.exe
O2 - BHO: (no name) - {00000000-0000-49A0-9AFF-813852886FD7} - C:\Program Files\gmsne4hy\gmsne4hy.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gmsne4hy] C:\Program Files\gmsne4hy\gmsne4hy.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A6BDC62E-27F0-451D-9BBA-AEA43DC16F29} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A6BDC62E-27F0-451D-9BBA-AEA43DC16F29} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119655517218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEEE53D-C0A6-46B3-BDAE-0BE4013A7476}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

"taskmanger.exe" NOT "taskmanager.exe "

Hey Dez,

You know what?

I'M AN GIGANTIC IDIOT. When my wife turned on the computer this afternoon, she read aloud the error message. I thought she made a mistake, but in fact the file that windows cannot find is called: "taskmanger.exe ", not "taskmanager.exe "!

Anyway, I hope that my HijackThis log file reveals something of use.

Dave S.

 

Startup error message: taskmanger.exe missing

Hey all,

Due to an error on my part, I typed the wrong file name in my original post. Instead of "taskmanager.exe ", my wife brought to my attention that the actual file name was "taskmanger.exe" Whenever I start up WinXP w/SP2, I get this error message. I suspect it's a malware remnant, as I purchased, installed, updated and am now thoroughly enjoying PC-cillin Internet Security 2005. It found a BUNCH of stuff that my old (2001 yet updated) copy of Norton wasn't catching.

My system is running very well now, and this error message has become a mere annoyance. However, I don't like loose ends, especially the software kind. I googled for the file name, but couldn't find anything illuminating. My HijackThis logfile is below. I can see the entry for "taskmanger.exe" but still don't know if it's a necessary file, or if it's not, how to delete/disable it.

Dave S.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:40 AM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\gmsne4hy\gmsne4hy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\gmsne4hy\74171412.exe
C:\Program Files\gmsne4hy\gmsne4hy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Playpen\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe taskmanger.exe
O2 - BHO: (no name) - {00000000-0000-40A8-AE87-4448EB0D03C2} - C:\Program Files\gmsne4hy\gmsne4hy.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gmsne4hy] C:\Program Files\gmsne4hy\gmsne4hy.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A6BDC62E-27F0-451D-9BBA-AEA43DC16F29} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A6BDC62E-27F0-451D-9BBA-AEA43DC16F29} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119655517218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACEEE53D-C0A6-46B3-BDAE-0BE4013A7476}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

Only things i am curious about in your log, are the following entry


O2 - BHO: (no name) - {00000000-0000-49A0-9AFF-813852886FD7} - C:\Program Files\gmsne4hy\gmsne4hy.dll


and the following resulting running processes:


C:\Program Files\gmsne4hy\74171412.exe
C:\Program Files\gmsne4hy\gmsne4hy.exe


So far i have found nothing on either executable (74171412.exe & gmsne4hy.exe), which i thought strange as nearly every known program's executable name will get a google result. Not these 2.

Searching for Taskmanger also yields little relevant info.

Sorry, apart from finding out what the above is and perhaps removing it, i am not sure. Remove any plugin programs you have installed, like music downloaders, reminders, game hosting programs, anything non essential. You can always re-install them later when you find the culprit.

You could also try going into windows in safe mode, and removing the folder C:\Program Files\gmsne4hy. Then see if:

a) You get new error messages perhaps revealing more info on what programs uses these processes
b) The error will disappear and nothing else happens
c) The error will disappear but a program on your computer will not function.


Another thing to try is removing the above references form the registry. The line C:\Program Files\gmsne4hy\gmsne4hy.dll should be under the key i mentioned in my first post. (HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run)

Do note though i am not sure what the above processes are, or what they are linked to, i simply find them to be the odd ones out in the list, the only ones i am not familiar with, and i fix PCs for a living.

Hope this helps somehow.

 

To competely get rid of your infection, these steps must be done.
Open HJT, and click on 'Open the misc tools section', then click on 'Delete a file on reboot'. A File Open window will appear, copy/paste the following into it.
C:\Program Files\gmsne4hy\gmsne4hy.exe

Click on Open, and you will be prompted to reboot, select No at this time and do the same for these.
C:\Program Files\gmsne4hy\74171412.exe
C:\Program Files\gmsne4hy\gmsne4hy.dll

Be sure to follow TonyT's removal advice, when done, reboot. Then delete this folder.
C:\Program Files\gmsne4hy

Delete all files and folders in these folders.
C:\Windows\Prefetch
C:\Windows\Temp
C:\Documents and Settings\username\Local Settings\Temp