Device Manager, Task Manager, or any other mgmt tool not d..
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
No system tool is displaying (yes, I am the computer admin). Actually, I run
the program and it flashes for a second and then it goes away. This happens
with, Device manager, Task Manager, MSCONFIG, you name it. The icons in the
system tray do not appear even though they are all set to "always display".
Regedit does not even display. Which settings have I hosed?
I recently had to format my HD and reinstall my OS. Did I take the wrong CD
off the shelf? (I have three computers)
No system tool is displaying (yes, I am the computer admin). Actually, I run
the program and it flashes for a second and then it goes away. This happens
with, Device manager, Task Manager, MSCONFIG, you name it. The icons in the
system tray do not appear even though they are all set to "always display".
Regedit does not even display. Which settings have I hosed?
I recently had to format my HD and reinstall my OS. Did I take the wrong CD
off the shelf? (I have three computers)
More about : device manager task manager mgmt tool
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
[[When you open System Configuration Utility [MSCONFIG], Registry Editor or
Task Manager, they flash for a second and quit. This symptom is caused by
Viruses.]]
Task Manager, MSCONFIG, or REGEDIT disappear while opening
http://www.mvps.org/sramesh2k/ToolsQuit.htm
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> No system tool is displaying (yes, I am the computer admin).
> Actually, I run the program and it flashes for a second and then it
> goes away. This happens with, Device manager, Task Manager,
> MSCONFIG, you name it. The icons in the system tray do not appear
> even though they are all set to "always display". Regedit does not
> even display. Which settings have I hosed?
>
> I recently had to format my HD and reinstall my OS. Did I take the
> wrong CD off the shelf? (I have three computers)
[[When you open System Configuration Utility [MSCONFIG], Registry Editor or
Task Manager, they flash for a second and quit. This symptom is caused by
Viruses.]]
Task Manager, MSCONFIG, or REGEDIT disappear while opening
http://www.mvps.org/sramesh2k/ToolsQuit.htm
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> No system tool is displaying (yes, I am the computer admin).
> Actually, I run the program and it flashes for a second and then it
> goes away. This happens with, Device manager, Task Manager,
> MSCONFIG, you name it. The icons in the system tray do not appear
> even though they are all set to "always display". Regedit does not
> even display. Which settings have I hosed?
>
> I recently had to format my HD and reinstall my OS. Did I take the
> wrong CD off the shelf? (I have three computers)
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
Wes,
I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
between sweeps.
No viruses and no no adware found.
Any other hints?
Bryan
"Wesley Vogel" wrote:
> [[When you open System Configuration Utility [MSCONFIG], Registry Editor or
> Task Manager, they flash for a second and quit. This symptom is caused by
> Viruses.]]
>
> Task Manager, MSCONFIG, or REGEDIT disappear while opening
> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> > No system tool is displaying (yes, I am the computer admin).
> > Actually, I run the program and it flashes for a second and then it
> > goes away. This happens with, Device manager, Task Manager,
> > MSCONFIG, you name it. The icons in the system tray do not appear
> > even though they are all set to "always display". Regedit does not
> > even display. Which settings have I hosed?
> >
> > I recently had to format my HD and reinstall my OS. Did I take the
> > wrong CD off the shelf? (I have three computers)
>
Wes,
I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
between sweeps.
No viruses and no no adware found.
Any other hints?
Bryan
"Wesley Vogel" wrote:
> [[When you open System Configuration Utility [MSCONFIG], Registry Editor or
> Task Manager, they flash for a second and quit. This symptom is caused by
> Viruses.]]
>
> Task Manager, MSCONFIG, or REGEDIT disappear while opening
> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> > No system tool is displaying (yes, I am the computer admin).
> > Actually, I run the program and it flashes for a second and then it
> > goes away. This happens with, Device manager, Task Manager,
> > MSCONFIG, you name it. The icons in the system tray do not appear
> > even though they are all set to "always display". Regedit does not
> > even display. Which settings have I hosed?
> >
> > I recently had to format my HD and reinstall my OS. Did I take the
> > wrong CD off the shelf? (I have three computers)
>
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
Bryan,
With the type and severity of malware emerging these days, you need to use
all of these three software (atleast):
1. Ad-Aware
http://www.lavasoftusa.com
2. SpyBot S&D
http://www.safer-networking.org
3. CWShredder
http://www.intermute.com/spysubtract/cwshredder_downloa...
** Update 1 & 2 before running a scan **
Clean-up Windows Startup
http://windowsxp.mvps.org/startup.htm
Then, run a full system virus scan: (RAV is proving good)
http://windowsxp.mvps.org/scanners.htm
If nothing helps, download HijackThis from
http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
visit any of these forums below to post your HijackThis log. The experts
there will guide you how to remove the spyware from your system:
http://aumha.net
http://forums.spywareinfo.com
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Bryan" <Bryan@discussions.microsoft.com> wrote in message
news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
> Wes,
>
> I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
> between sweeps.
>
> No viruses and no no adware found.
>
> Any other hints?
>
> Bryan
>
> "Wesley Vogel" wrote:
>
>> [[When you open System Configuration Utility [MSCONFIG], Registry Editor
>> or
>> Task Manager, they flash for a second and quit. This symptom is caused by
>> Viruses.]]
>>
>> Task Manager, MSCONFIG, or REGEDIT disappear while opening
>> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>>
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
>> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
>> > No system tool is displaying (yes, I am the computer admin).
>> > Actually, I run the program and it flashes for a second and then it
>> > goes away. This happens with, Device manager, Task Manager,
>> > MSCONFIG, you name it. The icons in the system tray do not appear
>> > even though they are all set to "always display". Regedit does not
>> > even display. Which settings have I hosed?
>> >
>> > I recently had to format my HD and reinstall my OS. Did I take the
>> > wrong CD off the shelf? (I have three computers)
>>
Bryan,
With the type and severity of malware emerging these days, you need to use
all of these three software (atleast):
1. Ad-Aware
http://www.lavasoftusa.com
2. SpyBot S&D
http://www.safer-networking.org
3. CWShredder
http://www.intermute.com/spysubtract/cwshredder_downloa...
** Update 1 & 2 before running a scan **
Clean-up Windows Startup
http://windowsxp.mvps.org/startup.htm
Then, run a full system virus scan: (RAV is proving good)
http://windowsxp.mvps.org/scanners.htm
If nothing helps, download HijackThis from
http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
visit any of these forums below to post your HijackThis log. The experts
there will guide you how to remove the spyware from your system:
http://aumha.net
http://forums.spywareinfo.com
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Bryan" <Bryan@discussions.microsoft.com> wrote in message
news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
> Wes,
>
> I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
> between sweeps.
>
> No viruses and no no adware found.
>
> Any other hints?
>
> Bryan
>
> "Wesley Vogel" wrote:
>
>> [[When you open System Configuration Utility [MSCONFIG], Registry Editor
>> or
>> Task Manager, they flash for a second and quit. This symptom is caused by
>> Viruses.]]
>>
>> Task Manager, MSCONFIG, or REGEDIT disappear while opening
>> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>>
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
>> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
>> > No system tool is displaying (yes, I am the computer admin).
>> > Actually, I run the program and it flashes for a second and then it
>> > goes away. This happens with, Device manager, Task Manager,
>> > MSCONFIG, you name it. The icons in the system tray do not appear
>> > even though they are all set to "always display". Regedit does not
>> > even display. Which settings have I hosed?
>> >
>> > I recently had to format my HD and reinstall my OS. Did I take the
>> > wrong CD off the shelf? (I have three computers)
>>
Related ressources
- Windows task manager - Forum
- Task manager see only 8 of my 16 cores - Forum
- Explorer freezes in XP sp2. In task manager you can't end .. - Forum
- Ghost program in taskbar and task manager - Forum
- DOS window and Task Manager fail to stay open for use - Forum
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
Here is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:46:27 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hijack This\HijackThis.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany
- C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I used AntiVir Guard, WebRoot Spy Sweeper and Hijack This. Rebooting after
each sweep.
Please tell me if you see anything out of the ordinary.
Thank you,
Bryan
"Ramesh, MS-MVP" wrote:
> Bryan,
>
> With the type and severity of malware emerging these days, you need to use
> all of these three software (atleast):
>
> 1. Ad-Aware
> http://www.lavasoftusa.com
>
> 2. SpyBot S&D
> http://www.safer-networking.org
>
> 3. CWShredder
> http://www.intermute.com/spysubtract/cwshredder_downloa...
>
> ** Update 1 & 2 before running a scan **
>
> Clean-up Windows Startup
> http://windowsxp.mvps.org/startup.htm
>
> Then, run a full system virus scan: (RAV is proving good)
> http://windowsxp.mvps.org/scanners.htm
>
> If nothing helps, download HijackThis from
> http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
> visit any of these forums below to post your HijackThis log. The experts
> there will guide you how to remove the spyware from your system:
>
> http://aumha.net
> http://forums.spywareinfo.com
>
> --
> Ramesh, Microsoft MVP
> Windows XP Shell/User
> http://windowsxp.mvps.org
>
>
> "Bryan" <Bryan@discussions.microsoft.com> wrote in message
> news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
> > Wes,
> >
> > I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
> > between sweeps.
> >
> > No viruses and no no adware found.
> >
> > Any other hints?
> >
> > Bryan
> >
> > "Wesley Vogel" wrote:
> >
> >> [[When you open System Configuration Utility [MSCONFIG], Registry Editor
> >> or
> >> Task Manager, they flash for a second and quit. This symptom is caused by
> >> Viruses.]]
> >>
> >> Task Manager, MSCONFIG, or REGEDIT disappear while opening
> >> http://www.mvps.org/sramesh2k/ToolsQuit.htm
> >>
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
> >> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> >> > No system tool is displaying (yes, I am the computer admin).
> >> > Actually, I run the program and it flashes for a second and then it
> >> > goes away. This happens with, Device manager, Task Manager,
> >> > MSCONFIG, you name it. The icons in the system tray do not appear
> >> > even though they are all set to "always display". Regedit does not
> >> > even display. Which settings have I hosed?
> >> >
> >> > I recently had to format my HD and reinstall my OS. Did I take the
> >> > wrong CD off the shelf? (I have three computers)
> >>
>
>
Here is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:46:27 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hijack This\HijackThis.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany
- C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I used AntiVir Guard, WebRoot Spy Sweeper and Hijack This. Rebooting after
each sweep.
Please tell me if you see anything out of the ordinary.
Thank you,
Bryan
"Ramesh, MS-MVP" wrote:
> Bryan,
>
> With the type and severity of malware emerging these days, you need to use
> all of these three software (atleast):
>
> 1. Ad-Aware
> http://www.lavasoftusa.com
>
> 2. SpyBot S&D
> http://www.safer-networking.org
>
> 3. CWShredder
> http://www.intermute.com/spysubtract/cwshredder_downloa...
>
> ** Update 1 & 2 before running a scan **
>
> Clean-up Windows Startup
> http://windowsxp.mvps.org/startup.htm
>
> Then, run a full system virus scan: (RAV is proving good)
> http://windowsxp.mvps.org/scanners.htm
>
> If nothing helps, download HijackThis from
> http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
> visit any of these forums below to post your HijackThis log. The experts
> there will guide you how to remove the spyware from your system:
>
> http://aumha.net
> http://forums.spywareinfo.com
>
> --
> Ramesh, Microsoft MVP
> Windows XP Shell/User
> http://windowsxp.mvps.org
>
>
> "Bryan" <Bryan@discussions.microsoft.com> wrote in message
> news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
> > Wes,
> >
> > I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
> > between sweeps.
> >
> > No viruses and no no adware found.
> >
> > Any other hints?
> >
> > Bryan
> >
> > "Wesley Vogel" wrote:
> >
> >> [[When you open System Configuration Utility [MSCONFIG], Registry Editor
> >> or
> >> Task Manager, they flash for a second and quit. This symptom is caused by
> >> Viruses.]]
> >>
> >> Task Manager, MSCONFIG, or REGEDIT disappear while opening
> >> http://www.mvps.org/sramesh2k/ToolsQuit.htm
> >>
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
> >> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
> >> > No system tool is displaying (yes, I am the computer admin).
> >> > Actually, I run the program and it flashes for a second and then it
> >> > goes away. This happens with, Device manager, Task Manager,
> >> > MSCONFIG, you name it. The icons in the system tray do not appear
> >> > even though they are all set to "always display". Regedit does not
> >> > even display. Which settings have I hosed?
> >> >
> >> > I recently had to format my HD and reinstall my OS. Did I take the
> >> > wrong CD off the shelf? (I have three computers)
> >>
>
>
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
Bryan,
Visit any of these forums below to post your HijackThis log. The experts
there will guide you how to remove the spyware from your system:
http://aumha.net
http://forums.spywareinfo.com
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Bryan" <Bryan@discussions.microsoft.com> wrote in message
news:A4B791D3-153C-435A-8C63-5B653FA80DE5@microsoft.com...
> Here is my Hijackthis log:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:46:27 PM, on 2/20/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\AVPersonal\AVWUPSRV.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\snmp.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
> C:\Program Files\AVPersonal\AVGNT.EXE
> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> C:\Program Files\Hijack This\HijackThis.exe
>
> O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
> O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
> Works\WksSb.exe /AllUsers
> O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
> Files\Common
> Files\Microsoft Shared\Works Shared\WkUFind.exe
> O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
> Money\System\Activation.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe
> O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
> O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /0
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
> Validation Tool) -
> http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
> O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik
> GmbH -
> C:\Program Files\AVPersonal\AVGUARD.EXE
> O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,
> Germany
> - C:\Program Files\AVPersonal\AVWUPSRV.EXE
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
>
> I used AntiVir Guard, WebRoot Spy Sweeper and Hijack This. Rebooting
> after
> each sweep.
>
> Please tell me if you see anything out of the ordinary.
>
> Thank you,
> Bryan
>
> "Ramesh, MS-MVP" wrote:
>
>> Bryan,
>>
>> With the type and severity of malware emerging these days, you need to
>> use
>> all of these three software (atleast):
>>
>> 1. Ad-Aware
>> http://www.lavasoftusa.com
>>
>> 2. SpyBot S&D
>> http://www.safer-networking.org
>>
>> 3. CWShredder
>> http://www.intermute.com/spysubtract/cwshredder_downloa...
>>
>> ** Update 1 & 2 before running a scan **
>>
>> Clean-up Windows Startup
>> http://windowsxp.mvps.org/startup.htm
>>
>> Then, run a full system virus scan: (RAV is proving good)
>> http://windowsxp.mvps.org/scanners.htm
>>
>> If nothing helps, download HijackThis from
>> http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
>> visit any of these forums below to post your HijackThis log. The experts
>> there will guide you how to remove the spyware from your system:
>>
>> http://aumha.net
>> http://forums.spywareinfo.com
>>
>> --
>> Ramesh, Microsoft MVP
>> Windows XP Shell/User
>> http://windowsxp.mvps.org
>>
>>
>> "Bryan" <Bryan@discussions.microsoft.com> wrote in message
>> news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
>> > Wes,
>> >
>> > I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
>> > between sweeps.
>> >
>> > No viruses and no no adware found.
>> >
>> > Any other hints?
>> >
>> > Bryan
>> >
>> > "Wesley Vogel" wrote:
>> >
>> >> [[When you open System Configuration Utility [MSCONFIG], Registry
>> >> Editor
>> >> or
>> >> Task Manager, they flash for a second and quit. This symptom is caused
>> >> by
>> >> Viruses.]]
>> >>
>> >> Task Manager, MSCONFIG, or REGEDIT disappear while opening
>> >> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>> >>
>> >>
>> >> --
>> >> Hope this helps. Let us know.
>> >>
>> >> Wes
>> >> MS-MVP Windows Shell/User
>> >>
>> >> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
>> >> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
>> >> > No system tool is displaying (yes, I am the computer admin).
>> >> > Actually, I run the program and it flashes for a second and then it
>> >> > goes away. This happens with, Device manager, Task Manager,
>> >> > MSCONFIG, you name it. The icons in the system tray do not appear
>> >> > even though they are all set to "always display". Regedit does not
>> >> > even display. Which settings have I hosed?
>> >> >
>> >> > I recently had to format my HD and reinstall my OS. Did I take the
>> >> > wrong CD off the shelf? (I have three computers)
>> >>
>>
>>
Bryan,
Visit any of these forums below to post your HijackThis log. The experts
there will guide you how to remove the spyware from your system:
http://aumha.net
http://forums.spywareinfo.com
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Bryan" <Bryan@discussions.microsoft.com> wrote in message
news:A4B791D3-153C-435A-8C63-5B653FA80DE5@microsoft.com...
> Here is my Hijackthis log:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:46:27 PM, on 2/20/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\AVPersonal\AVWUPSRV.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\snmp.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
> C:\Program Files\AVPersonal\AVGNT.EXE
> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> C:\Program Files\Hijack This\HijackThis.exe
>
> O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
> O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
> Works\WksSb.exe /AllUsers
> O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
> Files\Common
> Files\Microsoft Shared\Works Shared\WkUFind.exe
> O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
> Money\System\Activation.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe
> O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
> O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /0
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
> Validation Tool) -
> http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
> O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik
> GmbH -
> C:\Program Files\AVPersonal\AVGUARD.EXE
> O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,
> Germany
> - C:\Program Files\AVPersonal\AVWUPSRV.EXE
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
>
> I used AntiVir Guard, WebRoot Spy Sweeper and Hijack This. Rebooting
> after
> each sweep.
>
> Please tell me if you see anything out of the ordinary.
>
> Thank you,
> Bryan
>
> "Ramesh, MS-MVP" wrote:
>
>> Bryan,
>>
>> With the type and severity of malware emerging these days, you need to
>> use
>> all of these three software (atleast):
>>
>> 1. Ad-Aware
>> http://www.lavasoftusa.com
>>
>> 2. SpyBot S&D
>> http://www.safer-networking.org
>>
>> 3. CWShredder
>> http://www.intermute.com/spysubtract/cwshredder_downloa...
>>
>> ** Update 1 & 2 before running a scan **
>>
>> Clean-up Windows Startup
>> http://windowsxp.mvps.org/startup.htm
>>
>> Then, run a full system virus scan: (RAV is proving good)
>> http://windowsxp.mvps.org/scanners.htm
>>
>> If nothing helps, download HijackThis from
>> http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
>> visit any of these forums below to post your HijackThis log. The experts
>> there will guide you how to remove the spyware from your system:
>>
>> http://aumha.net
>> http://forums.spywareinfo.com
>>
>> --
>> Ramesh, Microsoft MVP
>> Windows XP Shell/User
>> http://windowsxp.mvps.org
>>
>>
>> "Bryan" <Bryan@discussions.microsoft.com> wrote in message
>> news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
>> > Wes,
>> >
>> > I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
>> > between sweeps.
>> >
>> > No viruses and no no adware found.
>> >
>> > Any other hints?
>> >
>> > Bryan
>> >
>> > "Wesley Vogel" wrote:
>> >
>> >> [[When you open System Configuration Utility [MSCONFIG], Registry
>> >> Editor
>> >> or
>> >> Task Manager, they flash for a second and quit. This symptom is caused
>> >> by
>> >> Viruses.]]
>> >>
>> >> Task Manager, MSCONFIG, or REGEDIT disappear while opening
>> >> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>> >>
>> >>
>> >> --
>> >> Hope this helps. Let us know.
>> >>
>> >> Wes
>> >> MS-MVP Windows Shell/User
>> >>
>> >> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
>> >> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
>> >> > No system tool is displaying (yes, I am the computer admin).
>> >> > Actually, I run the program and it flashes for a second and then it
>> >> > goes away. This happens with, Device manager, Task Manager,
>> >> > MSCONFIG, you name it. The icons in the system tray do not appear
>> >> > even though they are all set to "always display". Regedit does not
>> >> > even display. Which settings have I hosed?
>> >> >
>> >> > I recently had to format my HD and reinstall my OS. Did I take the
>> >> > wrong CD off the shelf? (I have three computers)
>> >>
>>
>>
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)
Bryan, I had the same problem just the other day. It turned out to be
some nasty spyware masquerading as Microsoft instant messenger.
The rogue process was MSNGMSNGR32.EXE. From the looks of your Hijack
This log, it looks like you might have the same problem.
I had to download some third party tools that the little bug wasn't
monitoring (and killing) to see the process and kill it. Probably any
appropriate tool will work, I found a process list tool and a process
kill tool for free at:
http://www.sysinternals.com/ntw2k/freeware/pstools.shtm....
Only after I killed the process, could I remove it from the startup
locations in the registry. Otherwise the process just put itself back
into one of the startup locations in the registry.
I had to kill the process, remove any referencing registry entries, and
delete the file.
Hope this helps,
Bill
Bryan, I had the same problem just the other day. It turned out to be
some nasty spyware masquerading as Microsoft instant messenger.
The rogue process was MSNGMSNGR32.EXE. From the looks of your Hijack
This log, it looks like you might have the same problem.
I had to download some third party tools that the little bug wasn't
monitoring (and killing) to see the process and kill it. Probably any
appropriate tool will work, I found a process list tool and a process
kill tool for free at:
http://www.sysinternals.com/ntw2k/freeware/pstools.shtm....
Only after I killed the process, could I remove it from the startup
locations in the registry. Otherwise the process just put itself back
into one of the startup locations in the registry.
I had to kill the process, remove any referencing registry entries, and
delete the file.
Hope this helps,
Bill
Related ressources:
- ForumWhat belongs in task manager ?
- ForumTask Manager takes up 100% CPU
- ForumProblem with Task manager
- ForumWindows task manager
- ForumI have a dual core cpu but can't see it in task manager !
- ForumTask Manager Hell!!!!!
- ForumI can't access task manager
- ForumWindows Task Manager does not work
- ForumTask Manager not working
- Forumwindows task manager not self-consistent in cpu usage
- ForumWindows Task Manager
- Forumcatch-22 task manager
- ForumTask Manager
- ForumWhy so many 'Processes' in task manager ???
- ForumHELP!!! Please with Windows XP
- More resources
Read discussions in other Windows XP categories
!
