Re: Device Manager, Task Manager, or any other mgmt tool not displ

From: Ramesh, MS-MVP (ramesh_at_online.mvps.org)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 09:34:10 +0530

Bryan,
Visit any of these forums below to post your HijackThis log. The experts
there will guide you how to remove the spyware from your system:

http://aumha.net
http://forums.spywareinfo.com 

-- 
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Bryan" <Bryan@discussions.microsoft.com> wrote in message 
news:A4B791D3-153C-435A-8C63-5B653FA80DE5@microsoft.com...
> Here is my Hijackthis log:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:46:27 PM, on 2/20/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\AVPersonal\AVWUPSRV.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\snmp.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\wuauclt.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
> C:\Program Files\AVPersonal\AVGNT.EXE
> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> C:\Program Files\Hijack This\HijackThis.exe
>
> O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
> O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
> Works\WksSb.exe /AllUsers
> O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program 
> Files\Common
> Files\Microsoft Shared\Works Shared\WkUFind.exe
> O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
> Money\System\Activation.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
> -atboottime
> O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] 
> C:\PROGRA~1\SYMNET~1\SNDMon.exe
> O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
> O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /0
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine 
> Advantage
> Validation Tool) - 
> http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
> O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik 
> GmbH -
> C:\Program Files\AVPersonal\AVGUARD.EXE
> O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, 
> Germany
> - C:\Program Files\AVPersonal\AVWUPSRV.EXE
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
>
> I used AntiVir Guard, WebRoot Spy Sweeper and Hijack This.  Rebooting 
> after
> each sweep.
>
> Please tell me if you see anything out of the ordinary.
>
> Thank you,
> Bryan
>
> "Ramesh, MS-MVP" wrote:
>
>> Bryan,
>>
>> With the type and severity of malware emerging these days, you need to 
>> use
>> all of these three software (atleast):
>>
>> 1. Ad-Aware
>> http://www.lavasoftusa.com
>>
>> 2. SpyBot S&D
>> http://www.safer-networking.org
>>
>> 3. CWShredder
>> http://www.intermute.com/spysubtract/cwshredder_download.html
>>
>> ** Update 1 & 2 before running a scan **
>>
>> Clean-up Windows Startup
>> http://windowsxp.mvps.org/startup.htm
>>
>> Then, run a full system virus scan: (RAV is proving good)
>> http://windowsxp.mvps.org/scanners.htm
>>
>> If nothing helps, download HijackThis from
>> http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and
>> visit any of these forums below to post your HijackThis log. The experts
>> there will guide you how to remove the spyware from your system:
>>
>> http://aumha.net
>> http://forums.spywareinfo.com
>>
>> -- 
>> Ramesh, Microsoft MVP
>> Windows XP Shell/User
>> http://windowsxp.mvps.org
>>
>>
>> "Bryan" <Bryan@discussions.microsoft.com> wrote in message
>> news:6D3D4121-70BB-4518-AA9E-6DD7EC7B2EA5@microsoft.com...
>> > Wes,
>> >
>> > I scanned using Norton (updated viruses) and Spy Speeper, rebooting in
>> > between sweeps.
>> >
>> > No viruses and no no adware found.
>> >
>> > Any other hints?
>> >
>> > Bryan
>> >
>> > "Wesley Vogel" wrote:
>> >
>> >> [[When you open System Configuration Utility [MSCONFIG], Registry 
>> >> Editor
>> >> or
>> >> Task Manager, they flash for a second and quit. This symptom is caused 
>> >> by
>> >> Viruses.]]
>> >>
>> >> Task Manager, MSCONFIG, or REGEDIT disappear while opening
>> >> http://www.mvps.org/sramesh2k/ToolsQuit.htm
>> >>
>> >>
>> >> -- 
>> >> Hope this helps.  Let us know.
>> >>
>> >> Wes
>> >> MS-MVP Windows Shell/User
>> >>
>> >> In news:0064BBA9-8F56-4A27-B624-34CD0F2409AF@microsoft.com,
>> >> Bryan <Bryan@discussions.microsoft.com> hunted and pecked:
>> >> > No system tool is displaying (yes, I am the computer admin).
>> >> > Actually, I run the program and it flashes for a second and then it
>> >> > goes away.  This happens with, Device manager, Task Manager,
>> >> > MSCONFIG, you name it.  The icons in the system tray do not appear
>> >> > even though they are all set to "always display". Regedit does not
>> >> > even display.  Which settings have I hosed?
>> >> >
>> >> > I recently had to format my HD and reinstall my OS.  Did I take the
>> >> > wrong CD off the shelf? (I have three computers)
>> >>
>>
>>

Relevant Pages

  • Re: Trojan Horse Downloader Lookme. A Removal
    ... Post your HijackThis log to one of the previously suggested Forums. ... Mike Burgess http://www.mvps.org/winhelp2002/ ... Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file ...
    (microsoft.public.security.virus)
  • Re: Cant bring up Windows Task Manager
    ... The presence of "DisableTaskMgr" value under the key you stated, ... But this causes the error message "Task Manager has been disabled by your administrator" when you open Task Manager. ... download HijackThis from http://www.spywareinfo.com/~merijn/ Generate a log using HijackThis and visit any of these forums below to post your HijackThis log. ... Ramesh, Microsoft MVP ...
    (microsoft.public.windowsxp.general)
  • Re: IE Error on Only One Webpage
    ... Run a thorough check for hijackware, including posting your HijackThis log to an appropriate forum. ... HijackThis is the preferred tool to use. ... After an expert gives your HijackThis log a clean bill of health and the machine has the latest drivers and BIOS upgrades installed, install WinXP SP2 _with your anti-virus application disabled_. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: can not run windows update
    ... >>Following is my hijackthis log. ... >What forums did you post your HJT log? ... >You'll need to close all applications, start HijackThis, ... >Known spyware components: ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cannot open IE, cannot read OE email after installing Windows
    ... I have now loaded MSN Messenger V7 and it works fine. ... received any response on my HijackThis log but am working my way through it ... I am still nervous about attempting to install SP2... ...
    (microsoft.public.windows.inetexplorer.ie6.browser)