malfuntioning task managaer

Computing.Net > Forums > Windows XP > malfuntioning task managaer

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

malfuntioning task managaer

Name: atari86
Date: August 8, 2003 at 22:32:31 Pacific
OS: WINXP professional
CPU/Ram: 2Ghz/386mbRDRAM

Comment:

need sum help..
Everytime i try to open the task manager, it pops up only for a split second then it disappears. I could repeat this several times, the same thing occurs... please help!

Sponsored Link

Ads by Google

Response Number 1

Name: Hooner
Date: August 9, 2003 at 00:23:38 Pacific

Reply:

Posted by "Sarah" in another forum:
I had the exact same problem. I found it was caused by a variant of the Klez worm which causes Task Manager to disappear so you can't tell that the virus is active as a system process. Go to McAffee or Sophos and there's a program called Stinger which will rid you of the virus and repair all the files. You may not be able to use existing Anti-Virus software you have installed as the worm will stop this in exactly the same way it stoped task manager.
Hope it helps............

Response Number 2

Name: Tom41
Date: August 9, 2003 at 01:16:53 Pacific

Reply:

This is also caused by W32.Spybot.worm. Let's see, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!

Response Number 3

Name: muimui
Date: August 9, 2003 at 22:47:29 Pacific

Reply:

I have the same problem as well.
I have used the 'Hijack This!' scan and here's what I got.
Please let me know what I should do next.
Thanks!
Logfile of HijackThis v1.96.0
Scan saved at 1:30:58 AM, on 8/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe%

Response Number 4

Name: muimui
Date: August 9, 2003 at 22:47:38 Pacific

Reply:

I have the same problem as well.
I have used the 'Hijack This!' scan and here's what I got.
Please let me know what I should do next.
Thanks!
Logfile of HijackThis v1.96.0
Scan saved at 1:30:58 AM, on 8/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SVSHOST.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ICQ\Icq.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elaine Mak\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.coolwwwsearch.com/z/c/x1.cgi?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ameritech.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.coolwwwsearch.com/z/a/x1.cgi?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.coolwwwsearch.com/z/a/x1.cgi?656387 (obfuscated)
O1 - Hosts: 1123694712 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Winsock2 driver] SVSHOST.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: svhost.exe
O4 - Global Startup: webdav.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O15 - Trusted Zone: *.coolwwwsearch.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19907e613c509697df23/netzip/RdxIE6.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69AD5DE4-A33E-46BA-B96C-BB04127CAA26}: NameServer = 67.36.13.26 66.73.20.40
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp

Response Number 5

Name: Tom41
Date: August 9, 2003 at 23:36:53 Pacific

Reply:

muimui
1 -- ensure "show hidden files" is checked in Folder options > View
2 -- have a copy of HijackThis.exe in its own folder on the desktop. Also copy these instructions to a Notepad file on the desktop, you will probablly need them in Safe Mode.
3 -- reboot to Safe Mode: press f8 on startup and select Safe Mode from the boot menu.
4 -- from start, run, enter: explorer and navigate to:
C:\WINDOWS\System32 and delete the file:
SVSHOST.EXE
5 -- Run HijackThis and check and "fix" the following entry:
O4 - HKLM\..\Run: [Winsock2 driver] SVSHOST.exe
Reboot to Windows.
Then download and run CWShredder to remove the CoolWeb parasite. After running it reboot and run HT again and post a fresh log.
CWShredder

aweber.com/z/c internet explorer freezes up til you end process in task managaer task manager won't open	cannot access task manager how to get to task manager without ctrl alt delete reactivate task manager
See More

Response Number 6

Name: muimui
Date: August 10, 2003 at 01:34:38 Pacific

Reply:

I went through all the steps you provided.
Here's the log again.
Please let me know what I should do next.
Thanks!
Logfile of HijackThis v1.96.0
Scan saved at 4:31:23 AM, on 8/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SVSHOST.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Elaine Mak\Desktop\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ameritech.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: svhost.exe
O4 - Global Startup: webdav.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19907e613c509697df23/netzip/RdxIE6.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69AD5DE4-A33E-46BA-B96C-BB04127CAA26}: NameServer = 67.36.13.26 66.73.20.40

Response Number 7

Name: Tom41
Date: August 10, 2003 at 01:54:17 Pacific

Reply:

Hi muimui, Follow the above instructions for booting into safe mode and running HT.
Have HT fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.coolwwwsearch.com/z/b/x1.cgi?656387 (obfuscated)
O4 - Global Startup: svhost.exe
O4 - Global Startup: webdav.exe
Delete:
svhost.exe
webdav.exe
SVSHOST.EXE
Reboot to Windows, Run HT again and post a fresh log.

Response Number 8

Name: muimui
Date: August 10, 2003 at 12:32:10 Pacific

Reply:

I followed the steps you provided and when I was in the safe mode, and ran the HT, I can fix the first two but not the other two (global startup). HT pop up the message that these two .exe were being used and asked me to go to task manager to end them before fixed them. Then I went to task manager and tried to terminate the svchost, the system would start count down and then shut down...the pop out message is the RPC was terminatedly unexpectedly.
I don't know what's wrong with them.
I did try to run HT again after reboot to windows and here's the log I got.
And my computer also got a problem but I don't know is it related to this is everytime I open the computer before getting dial up my dsl network, there's a pop up box said that You/Your program has requested information from ryan19188.net (something like that), they just keep popping up until I get online...is it related to my problems I have now?
Please let me know what I should do next.
Thanks!
Logfile of HijackThis v1.96.0
Scan saved at 3:20:01 PM, on 8/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\SVSHOST.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Elaine Mak\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ameritech.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Winsock2 driver] SVSHOST.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: svhost.exe
O4 - Global Startup: webdav.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19907e613c509697df23/netzip/RdxIE6.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69AD5DE4-A33E-46BA-B96C-BB04127CAA26}: NameServer = 67.36.13.26 66.73.20.40

Response Number 9

Name: Tom41
Date: August 10, 2003 at 15:29:37 Pacific

Reply:

Hi muimui, Are you positive you are booting into safe mode? Do you see the words safe mode in all 4 corners of the screen?
None of these entries will be running while you are in safe mode, you will not be prompted to end task on them.
Restart the machine, as it is booting watch the screen, once it detects the drives, start tapping the F8 key. Continue tapping F8 until a boot menu appears. Use the arrow keys to highlight Safe Mode and hit enter.
Delete the following files:
***Notice the spelling***
SVSHOST.EXE
svhost.exe
webdav.exe
Run HijackThis and fix the following:
O4 - HKLM\..\Run: [Winsock2 driver] SVSHOST.exe
O4 - Global Startup: svhost.exe
O4 - Global Startup: webdav.exe
Reboot.

Response Number 10

Name: muimui
Date: August 10, 2003 at 17:48:58 Pacific

Reply:

Finally it seems work and I am able to open the task manager. I have one more question about the sbchost.exe. When the task manager is opened, under the processes tab, there're sbchost.exe with user name like system, local service and network service. Are those necessary to be there or what should I do with those?
Thanks for your help. I appreciate that.

Response Number 11

Name: Tom41
Date: August 11, 2003 at 01:31:47 Pacific

Reply:

Hi muimui, Don't do anything with the svchost.exe entries. They are valid WindowsXP Services.

Response Number 12

Name: atari
Date: August 13, 2003 at 11:21:35 Pacific

Reply:

woh one of my post up had so many replies...
thx for the help guys.. but i didnt even think deleting svchost.exe is a good idea knowing its a vital service..
i went to www.trendmicro.com and found the virus... so im fine now thx!

Sponsored Link

Ads by Google

System keeps crashing

how to connect winxp and ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: malfuntioning task managaer

Disk Cleanup

Summary

www.computing.net/answers/windows-xp/disk-cleanup/87397.html

CPU Usage...

Summary

www.computing.net/answers/windows-xp/cpu-usage/63925.html

High CPU Usage

Summary

www.computing.net/answers/windows-xp/high-cpu-usage-/171559.html

From the Geek Dictionary
Death knight - n. an executioner. Usually rides a Harley and has been called a fag by a ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
printer not working

computer gaming

Batch files: FOR loop counting

Mouse wont drag anymore on internet

windows system32 config system missing or cor

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

News Corp Rivals Threaten to De-list from Google

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE