Task Manager

Computing.Net > Forums > Windows XP > Task Manager

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Task Manager

Name: Robsmith
Date: January 2, 2004 at 10:55:00 Pacific
OS: WinXp Pro
CPU/Ram: XP2.5 / 512k DDR

Comment:

hi, Ive rescently noticed that i cant access my Task Manager, i use Ctrl+Alt+Delete, and the window pops up.. then within a couple of seconds it disappears again! it leaves the task manager icon in the tool bar, but that disappears as well, when i move my mouse across it.. :/ any ideas would be great thanks
-----------------
Rob

Sponsored Link

Ads by Google

Response Number 1

Name: Deputy DooDah
Date: January 2, 2004 at 11:06:57 Pacific

Reply:

Try right-clicking on a blank area of your task bar and selecting "Task Manager".
Does that work?

Response Number 2

Name: Robsmith
Date: January 2, 2004 at 11:11:04 Pacific

Reply:

nope :(

Response Number 3

Name: goatjc
Date: January 2, 2004 at 11:19:45 Pacific

Reply:

Go to c:\windows\system32 and copy the file taskmgr.exe to your desktop. Rename it to like something other than taskmgr.exe, for instance, testmgr.exe. Most likely, you have a version of the blaster virus, nachi or something of the sort that is not wanting you to shut down the virus. The new file should let you get into task manager and shut down the virus that is causing the problem.
You also might look into the folder c:\windows\system32\wins and erase anything that is in there (should be files such as dllhost.exe and svchost.exe) these are viruses and need to be deleted.
Next, start --> run --> msconfig --> startup tab --> deselect anything you dont want starting up, including the viruses you may have. If you cannot get into msconfig, you can reboot into safe mode by pressing f8 at startup. Then you should be able to run msconfig and configure your startup programs.
Then I would get an updated virus scan and scan for viruses and get rid of them.

Response Number 4

Name: Robsmith
Date: January 2, 2004 at 11:37:07 Pacific

Reply:

firstly Ive got into Task Manager via a copy like you suggested.. it seems ive had alot of things running which i didnt know about and have no idea what they are... ive disabled a few things in my startup.. just about to restart to see if it has worked.

Response Number 5

Name: goatjc
Date: January 2, 2004 at 11:40:26 Pacific

Reply:

I would just disable everything on startup to be for sure.

mac task manager calculate time difference perl time difference	shell get value Qnx 4.25 dos task manager
See More

Response Number 6

Name: Robsmith
Date: January 2, 2004 at 11:45:19 Pacific

Reply:

rightttt... now it wont let me access msconfig. i was just about to disable everything. :(

Response Number 7

Name: Dr. Nick
Date: January 2, 2004 at 12:05:53 Pacific

Reply:

Are you logged onto the computer as an administrator? What permissions do you have?
As far as accessing Task Manager, the quickest, easiest way is the shortcut CTRL+SHIFT+ESC. I use it all the time.
As far as all the things running, get a copy of Hijack This. Run it and paste log file back in the forum. That will give us an idea of what's running on your computer.
It's not always a good idea to disable everything in the startup folder as a permanent solution. Many times different software and hardware requires files to run at startup to ensure they operate correctly. It's better to determine the problem and fix it from there.
Post back you Hijack This log.

Response Number 8

Name: Robsmith
Date: January 2, 2004 at 12:09:34 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 20:09:34, on 02/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winsock2.2.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\mIRC2\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=129192
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=129192
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=129192
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cpl.netfire.com/
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.2.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.297349537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D30FE8-D3C4-44BF-A3AA-283DE1CCC815}: NameServer = 158.43.240.4 158.43.240.3

Response Number 9

Name: Robsmith
Date: January 2, 2004 at 12:11:37 Pacific

Reply:

Hope thats ok, i used the program you suggested

Response Number 10

Name: Dr. Nick
Date: January 2, 2004 at 12:31:31 Pacific

Reply:

Hmmm, it doesn't seem like anything's running that shouldn't be.
Have you gotten into msconfig yet? It looks like you have due to this line:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
What exact problems are you still having?

Response Number 11

Name: blender
Date: January 2, 2004 at 12:51:09 Pacific

Reply:

Looks like cool web search hijack and I am unable to find any info on that winsock2.2.exe....
Anyway try running cwshredder while offline:
download here: (near bottom of page)
http://www.spywareinfo.com/~merijn/cwschronicles.html
You can also have hijack fix these entries:

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CAB
Reboot when done and repost fresh log...mabye by then someone will know what that winsock2.2 is.

Response Number 12

Name: Robsmith
Date: January 3, 2004 at 04:08:44 Pacific

Reply:

Righto - Ive ran the cwshredder while being offline. still getting that winsock2.2 :/ just about to post my log. thanks for all this help btw, really appreciated :)
-------------
Rob

Response Number 13

Name: Robsmith
Date: January 3, 2004 at 04:09:54 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 12:09:29, on 03/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mIRC2\mirc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cpl.netfire.com/
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.2.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.297349537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D30FE8-D3C4-44BF-A3AA-283DE1CCC815}: NameServer = 158.43.240.4 158.43.240.3

Response Number 14

Name: ts_editor
Date: January 4, 2004 at 11:17:09 Pacific

Reply:

I have just gotten rid of this trojen.
This seems to be okay thus far.
Run the alternative taskmanager (as shown above) and quit the process 'Winsock2.2.exe'.
Go to c:\WINDOWS\system32\ and delete the files 'Winsock2.2.exe' and 'Winsock2.2.dll'
Go START\Run\regedit
Delete the script:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winsockdriver
Open the script:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
and delete the value data 'Winsock2.2.exe'.
Reboot.

TS Ed

Response Number 15

Name: Robsmith
Date: January 4, 2004 at 13:15:28 Pacific

Reply:

Cheers for that... I followed your instructions and its gone now. so what exactly was that anyway? I'll post another log just so you know everthing is peachy.
Thanks
Rob

Response Number 16

Name: Robsmith
Date: January 4, 2004 at 13:17:23 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 21:17:10, on 04/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\mIRC2\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cpl.netfire.com/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.297349537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D30FE8-D3C4-44BF-A3AA-283DE1CCC815}: NameServer = 158.43.240.4 158.43.240.3

Response Number 17

Name: blender
Date: January 4, 2004 at 14:19:00 Pacific

Reply:

Rob Smith
You look ok now.
ts_editor
What trojan was that?...that winsock2.2 or can u give me the link to info you found?
Thanks!

Response Number 18

Name: ts_editor
Date: January 5, 2004 at 10:26:18 Pacific

Reply:

Those were just the steps I used to remove the trojen.
I think this is the same virus profile:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.dr.html
Rob>> be sure to install and run latest AV updates.

TS Ed

Response Number 19

Name: Chris Nagra
Date: January 6, 2004 at 22:29:01 Pacific

Reply:

Hi. I had the same problem as Rob Smith. I followed all the steps you provided. I deleted the winsock.dll file, but it keeps coming back in my system32 folder.
Can you tell me how to get rid of it..Thank you
Chris Nagra

Response Number 20

Name: blender
Date: January 7, 2004 at 06:30:25 Pacific

Reply:

Chris
That winsock.dll is valid...unless your virus (if you have one) wrecked it.
The origional poster above had the files:
winsock2.2.dll
winsock2.2.exe
Is your virus scanner saying that file is infected?
I am running xp pro
Properties of that file on my machine..(it's clean)
File Version: 3.10.0.103
Description: Windows Socket 16-bit dll
Copyright: Copyright Microsoft Corp. 1981-1996
Company: Microsoft Corporation
Internal name: WINSOCK
Language: English (United States)
Origional File Name: WINSOCK.DLL
Product name: Microsoft Windows(TM) Operating System
Product Version: 3.10
WOW Version: 4.0

Response Number 21

Name: Chris Nagra
Date: January 7, 2004 at 06:49:33 Pacific

Reply:

Yes I also had those files winsock2.2.exe and winsock2.2.dll.
My virus scanner was saying that my winsock2.2.exe was infected, but ts_editor said to delted both files..I deleted winsock2.2.exe with no problem, but when I delte winsock2.2.dll it keeps on coming back.

Response Number 22

Name: Chris Nagra
Date: January 7, 2004 at 17:51:26 Pacific

Reply:

Know whenever I restart my computer or turn it on again it says"windows could not file file winsock2.2.exe..
HOw do I get rid of that??
THanks
Chris

Response Number 23

Name: blender
Date: January 7, 2004 at 19:50:35 Pacific

Reply:

Chris
Windows is telling you that because there is still reference to that file in the registry telling windows to start that program, since the file is missing..(you deleted it) windows will give that error.
Click start
Click run
Type regedit
Hit enter (registry editor opens)
Click the + beside each key on left to expand.
HKEY_LOCAL_MACHINE
software
micrsoft
windows
current version
run
Right click the run key
Click export
Export to desktop
Call it backup
It will show file type as .reg
OK
Why you just did that is if you delete the wrong key in the next step....you have a back up. To use it if you need it..
Right click the backup.reg file on desktop and select merge...that will replace what you deleted.
Now you have the run key highlighted on left
On the right look for winsock2.2 entry
Right click that...click delete
At the prompt click yes
DONT delete anything else in there
Close all those + signs you expanded earlier
Click the + beside these keys to expand
HKEY_CURRENT_USER
software
microsoft
windows
current version
run once
Hilight run once
On the right side delete the reference to winsock2.2.exe (right click..delete)
Click yes to the prompt "are you sure?"
Close regedit
Reboot
Post back how it went...or if unsure.
Good luck

Response Number 24

Name: Chris Nagra
Date: January 8, 2004 at 16:07:03 Pacific

Reply:

It didn't go to well. The first thing went fine-the part were u export the run.reg thing and delte the winsock2.2.exe entry, but when you told me to do this
Click the + beside these keys to expand
HKEY_CURRENT_USER
software
microsoft
windows
current version
run once
Hilight run once
On the right side delete the reference to winsock2.2.exe (right click..delete)
Click yes to the prompt "are you sure?"
I Noticed that there was no reference to winsock.exe to delete.
Post back
Thanks

Response Number 25

Name: blender
Date: January 8, 2004 at 18:23:55 Pacific

Reply:

Hi
That should be fine..the reference may not always show up there...if it wasnt there...great! As long as you got the one in the HKEY_LOCAL_MACHINE\\\run.
After a reboot the entry should dissapear from the run once section but sometimes it doesn't.
The error quit when you rebooted after removing the entry from the run section?

Response Number 26

Name: Chris Nagra
Date: January 8, 2004 at 20:47:42 Pacific

Reply:

Hi
After I rebooted my computer the entry did disappear because there was never a entry..
But, the error did NOT quit after removing the entry from the run section..it kepps saying
windows cannot find 'winsock2.2.exe.' Make sure you typed in the name correctly, and then try again
Post Back
THanks
Chris Nagra

Response Number 27

Name: blender
Date: January 9, 2004 at 08:47:38 Pacific

Reply:

Ok
I think the easiest way to find this is for you to download hijackthis from here:
HijackThis!
Unzip the file to a seperate folder, run hijackthis.exe, hit scan, the scan button changes to save log button....save the log to folder you downloaded hijackthis to, copy/paste entire contents of log in reply.
Most of what you see is safe or even essential so don't fix anything yet.
If that link above does not work for you...try this direct download link:
HijackThis.exe

Response Number 28

Name: Chris Nagra
Date: January 9, 2004 at 18:06:02 Pacific

Reply:

Ok here it is...
Logfile of HijackThis v1.97.7
Scan saved at 6:03:16 PM, on 1/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: Reboot.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 29

Name: blender
Date: January 10, 2004 at 05:07:25 Pacific

Reply:

Sorry it took so long...just got off work...I work graveyard shift.
I see why you are still getting the error now...these entries didn't show up in another log.
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
Have only hijackthis running and check the following to fix:
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe (gator/claria spyware)
O4 - Global Startup: Search.vbs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
Reboot and delete the following:
C:\program files\common files\GMT\GMT.exe <- this file and the GMT folder

Response Number 30

Name: blender
Date: January 10, 2004 at 05:17:22 Pacific

Reply:

Chris
I would also seriously consider updating your windows.

Response Number 31

Name: Chris Nagra
Date: January 10, 2004 at 15:05:44 Pacific

Reply:

Do i check this to fix to??
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe

Response Number 32

Name: blender
Date: January 10, 2004 at 17:08:12 Pacific

Reply:

Chris
Yes!...sorry if I didn't make it clear.
That is the source of your error on boot-up.

Response Number 33

Name: Chris Nagra
Date: January 10, 2004 at 21:01:07 Pacific

Reply:

Thanks..Now there is no error but ill post another log just so you can check if everythins alright

Response Number 34

Name: Chris Nagra
Date: January 10, 2004 at 21:03:18 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 9:02:02 PM, on 1/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\olehelp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\My Documents\My Received Files\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexb.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexb.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 35

Name: blender
Date: January 11, 2004 at 05:02:51 Pacific

Reply:

Chris
Now you have been hijacked by cool web search....
have hijack fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexb.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexb.htm
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
Reboot and delete the olehelp.exe from:
c:\windows\system32\olehelp.exe
Then download and run CWShredder...click fix not just scan...it should clean up whatever does not show up in the hijack log.
CWShredder
If you have problems with the above link try the one below...sometimes the hijacker will not allow you to connect to the site. The below link is a direct download.
Direct download cwshredder.exe
Reboot, run the tool again...sometimes takes a couple swipes to remove the hijacker.
If there are any "nasty" links in your IE favorites you will be able to delete them after cleaning up. (this hijacker/trojan puts porn links in your IE favorites list)
Reboot again.
Post fresh log when done.
There is a few things you need to do to prevent some of this stuff from happening...
Visit windows update, download and install SP1 and all the critical updates.
Spywareblaster is a free good program that will install a "killbit" in your registry to prevent over 1000 "bad product" downloads. Spywareblaster also needs regular updating..Once downloaded and installed; check for and download all the updates, click select all, click protect against checked items.
Another small free program that will watch your Internet Explorer for changes to home and search pages and alert you of the change, allow you to keep the change or have the program "fix it". It is called SpywareGuard...it does not take up any resorces and is worth the download. Updates are not as regular but check anyway.
Spywareblaster
SpywareGuard

Response Number 36

Name: Chris Nagra
Date: January 11, 2004 at 16:26:47 Pacific

Reply:

Ok thanks..I did everything you said..I will post a fresh log.
Logfile of HijackThis v1.97.7
Scan saved at 4:25:50 PM, on 1/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Reboot.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 37

Name: blender
Date: January 11, 2004 at 17:51:53 Pacific

Reply:

Chris
Looks much better now!
I still advise you update windows...alot of these exploits/worms etc. are fixed with the service packs and other critical updates.

Response Number 38

Name: Chris Nagra
Date: January 11, 2004 at 22:49:16 Pacific

Reply:

I got all the critical windows updates but I was getting the service pack....but an error came...it said that my product key I used to install windows is invalid....??

Response Number 39

Name: Chris Nagra
Date: January 13, 2004 at 21:31:01 Pacific

Reply:

But I guess I can live without that....
Anyway
Thanks for all the help...I'll let oyu know if therey is any other problems
Chris

Response Number 40

Name: Chris Nagra
Date: January 14, 2004 at 17:25:18 Pacific

Reply:

Hi I also have this other problem...I keep on gettin a windows explorer error.
How do I get rid of it??

Response Number 41

Name: Real Doctor
Date: January 21, 2004 at 16:17:07 Pacific

Reply:

DAMN ts_editor!!!
THANK YOU a whole lot for that one. I've been fighting this problem for days. Reading your post I realized that I was almost home and free, the only part I kept missing was this one:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
Editing that value saved me from all errors!
Thx!
/Carpe Diem

Response Number 42

Name: Chris Nagra
Date: January 22, 2004 at 15:12:38 Pacific

Reply:

Ya i've been fighting it for weeks...but then i found this site and most of my problems were gone...

Response Number 43

Name: El_Heinzo
Date: January 30, 2004 at 13:36:40 Pacific

Reply:

You guys rock!
I have been searching the web for weeks for a solution for this problem, and the only page with a real, solid solution was this one! Due to your help, I was finally able to get my Task Manager back to work (and msconfig, too...a problem I hadn't even recognized before it was posted here).
However, I would appreciate it very much if you could also take a look at my log, just to be sure I really finished everything off.
Thank you in advance!
StartupList report, 30.01.2004, 22:32:27
StartupList version: 1.52
Started from : C:\Dokumente und Einstellungen\elheinzo\Desktop\HijackThis.exe
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\El_Heinzo\tools\AntiVir\AVGUARD.exe
C:\El_Heinzo\tools\AntiVir\AVWUPSRV.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\El_Heinzo\tools\Kerio\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\El_Heinzo\tools\AntiVir\AVGNT.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Dokumente und Einstellungen\elheinzo\Desktop\HijackThis.exe
---------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
---------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Apoint = C:\Programme\Apoint2K\Apoint.exe
00THotkey = C:\WINDOWS\System32\00THotkey.exe
AVGCtrl = C:\El_Heinzo\tools\AntiVir\AVGNT.exe /min
---------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI file not found*
SCRNSAVE.EXE=*INI file not found*
drivers=*INI file not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
---------------------

Enumerating Browser Helper Objects:
(no name) - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
---------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
---------------------
End of report, 3.182 bytes
Report generated in 0,071 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

As I already said, this is the log AFTER I attempted to get rid of my problems.

Response Number 44

Name: prubin1
Date: February 3, 2004 at 05:52:52 Pacific

Reply:

I need help with winsock2.2.exe Thanks
Logfile of HijackThis v1.97.7
Scan saved at 8:48:57 AM, on 2/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\system32\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mediafour\XPlay\XPTRYICN.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Date Manager\DateManager.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\windows\system32\msasp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rubin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.sonystyleconnect.com/vaio
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
F0 - system.ini: Shell=explorer.exe winsock2.2.exe
F2 - REG:system.ini: Shell=explorer.exe winsock2.2.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.searchalot.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.searchalot.com/search.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.searchalot.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37998.849537037
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.4.0.1071/bin/imvid.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Response Number 45

Name: Chris Nagra
Date: February 3, 2004 at 16:13:22 Pacific

Reply:

where has blender been lately??

Sponsored Link

Ads by Google

Trying to install Epson S...

XP shared printer

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: Task Manager

Task manager quit working properly

Summary

www.computing.net/answers/windows-xp/task-manager-quit-working-properly/99381.html

Task manager/regedit problems

Summary

www.computing.net/answers/windows-xp/task-managerregedit-problems/81589.html

XP error message with Task Manager

Summary

www.computing.net/answers/windows-xp/xp-error-message-with-task-manager/44859.html

From the Geek Dictionary
Phenom - The high end line of processors produced by AMD. The Athlon II line of pro...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
porn opens internet

Machine name not resolving to IP for service

Ethernet Drivers

internet connection

VB Script and MS Access query

All Awaiting Reply

Tom's News
AT&T Places Last in Consumer Reports Study

Man Officially Married Virtual GF, Plans Future

Royal Navy to Use PSPs as Training Tools

Using Google-Wave to Track A Man-Hunt

Leak Says Google Phone is a "Certainty"

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE