Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 68
  1. #11
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    I remember from my windows 98 days that there was a something config that would pull up a box like task manager, and on one of the tabs, there was startup processes
    You can just go to your system information in 98 then > tools > System Configuration.

    This has been removed from 2000 and later though so you just run msconfig from the run prompt and select the startup tab.

    Typing "taskmagr" does work from the run prompt in XP home.

    or right click on the task bar and the third option from the bottom is task manager
    or, open a command prompt and type taskmgr
    or, browse to C:/Windows/System32/taskman
    or, Create a notepad document, then type taskmgr.exe then save it as ????.bat. Double click it and taskmanager should open.
    or, type C:\windows\system32\taskmgr.exe in to the address bar of Internet Explorer.
    or, try CTL SFT ESC instead of CTL ALT DEL.

    or, if it has been disabled for some reason, copy the following in to the run prompt:

    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

    This adds a key to the registry that enables task manager (if you are allowed to change the registry that is)

    If you have been restricted from editing the registry, try pasting the following in to the run prompt:
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

    Again, it may or may not work depending on how locked down the box is and the method used to disable access to the registry.

    Or if you have absolutly no rights to do pretty much anything, try the following:

    Right-click the Start button and choose Open. Double-click Programs, then double-click Startup. Choose Start, Search, For Files or Folder, type taskmgr.exe in the top box, enter your start-up drive in the 'Look in' box (for most people it will be c:\), and click Search Now. When you see the Task Manager program file listed in the Search Results window, right-drag it to your open Startup folder. When you release the mouse button, choose Create Shortcut(s) Here. Now right-click the new shortcut and choose Properties. Select the Shortcut tab and choose Minimized from the Run drop-down list. Click OK. To keep Task Manager out of your way when you don't need it, double-click the shortcut to launch it, and in the menu bar at the top of the Task Manager window, choose Options, Hide When Minimized.

    Task Manager will now start invisibly, but you'll be able to open its window anytime by double-clicking the CPU-usage icon in the system tray.

    Or, if that does not work open the schedule a task wizard from the system tools folder > add a scheduled task > if taskmgr in not in the list browse to the taskmgr in the Windows/system32 folder or if access to the Windows folder has been disabled just type the path in > then select "start when pc boots up"! - this should by-pass any restrictions (providing scheduled tasks has not been disabled)

    If you cant open it after trying all of the above..........fond a big hammer and take your frustration out on the box!!!
    Drugs have taught an entire generation of kids the metric system.


  2. #12
    Join Date
    Apr 2003
    From your first post, it sounds like the system may have a dialer infection, or a hijacker. In any case, it will take you hours to get a prompt that you can work with. It is just best to bounce the sucker (power off and on, do not throw out window) and take it into SAFE MODE! (as our buddy nihil suggested, and you will need local admin access for this). Make sure one of the first things you do is turn off System Restore. Then, proceed with the normal system cleaning operations (Hijackthis, spyware scans, AV scans, etc).

    Once you are all cleaned up, don't forget to turn System Restore back on.

  3. #13
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Well my geekable frocktoids, I am halfway through my problem now, and so far I would love to give Dalek some love, for his little startup program, brilliant, but I have been told that too much love can me dangerous, and Nokia for just being Nokia, and generally being a phone that works. Since microsoft stole all the OS help files and stuck them in the oh so helpfull Help center, the generally curious, but not curious enough to really be that bothered, just can't get to learn anything these days.

    Update though, I have finally found a way to get into safe mode, as that was my problem I couldn't get to it. Done all so called scans, just doing more windows updates, and a couple of online Virusl scans, and I shall be posting a hijack this log in the morning I guess.

    Over and out

    Frurk Snoidal
    Sarcasm is a way of life

  4. #14
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Button Moon
    Oh, kinda skipped a few posts back there, thought you where still wondering how to open the task manager up!

    O well!
    Drugs have taught an entire generation of kids the metric system.


  5. #15
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Ok, we're getting somewhere, this pc is now useable, there was about 20 things on start up, 5 of them were different internet connections all conflicting with each other.

    I have 2 things left now, and they are "ntoskrnl.exe" is corrupt, I found this, but wanted to know if it is easy, or is it likely to take me 2 steps back.

    And a hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:33:08, on 22/03/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.netscape.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/game...ts/y/ot0_x.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138189999820
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    This laptop is purely used fo the internet, messenger and itunes, and not much else. We are on BTinternet as our service provider. b

    Thanks guys, you have got me out of some doo doo

    Doo Doo FrooDoo
    Sarcasm is a way of life

  6. #16
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Shawnee country
    Your Toshiba laptop sounds like a real booger. The HJT log looks pretty clean. You could delete this one, but it's not problematic at this point:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html

    You having issues with MSN Messenger?

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Personally, I'd run an online AV check (I prefer Panda's scan) just to make sure. HJT doesn't deal with the new 'rogues' out there, like vcodec and spyaxe, as well, so it's not as definitive as it once was.

    Ugh, ntoskrnl.exe error? Sounds like Windows is corrupted. What kind of problems are you still having? Specific error messages?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #17
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com

    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com

    O14 - 'Reset Web Settings' hijack
    What it looks like:

    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com

    What to do:
    If the URL is not the provider of your computer or your ISP, have HijackThis fix it.
    HJT Tutorial

    I would allow HJT to fix these.....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #18
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Yup, it's a booger for sure, but then it is the ideal computer to learn on, cos if it can't be fixed it can go in the bin. I was considering doing a OS reinstall, as I have XP, though I don't have any of the drivers for this laptopl and don't know where to get them. Is there a way to grab them off the laptop, put them on a disc and then put them back on after the install?

    As for the ntoskrnl.exe On the boot up it always goes to the Windows advanced options menu where you choose to boot up normally or go to safe mode. Pick Start windows normally - windows xp home edition - Then this message:

    Windows could not start because the following file is missing or corrupt:
    <Windows root>\system32\ntoskrnl.exe.
    Please re-install a copy of the above file.

    As I say, I can get passed it, but if it is easy to do, I would like to, as I am being a proud father at the moment, and the people in the house are polishing my ego.

    Jp F;o)>
    Sarcasm is a way of life

  9. #19
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005

    Could very well be a result of this W32/BOLZANO.L

    This is a Windows 95/98 and NT virus that infects PE EXE files. It is a polymorphic, per-process resident and direct-action infector. The virus is encrypted in the host file and will be decrypted by a small decryptor consisting of random opcodes. The direct-action infection is fast: when an infected file is run, the virus goes through all the PE files in the various directories for infecting them.

    The decrypted virus body contains strings of Windows API functions and directories used by the virus:

    CreateFileMappingA, CreateThread, DeleteFileA, DosDateTimeToFileTime, FindClose, FindFirstFileA, FindNextFileA, GetCurrentDirectoryA, GetDriveTypeA, GetFileSize, GetLocalTime, GetTickCount, FileTimeToDosDateTime, MapViewOfFile, SetFileAttributesA, SetFileTime, UnmapViewOfFile, _llseek, _lopen, _lread, _lclose, _lwrite


    If the administrative privileges are present, W32/Bolzano.l modifies NTOSKRNL.EXE and NTLDR.EXE in order to preserve these rights in some future sessions. With this trick it would be then possible for the virus to infect any file on an NTFS volume even only with Guest rights. The AVERT however did not try to produce this behaviour.

    W32/Bolzano.l deletes the files in the Cookies sub-directory.

    The a, b, c, h and i variants of this virus are simple PE appending virus and are not crypted.

    The d variant does not replicate well and is nearly intended.

    W32/Bolzano.e, f, g and l patch multiple CALL's in the host's code to point at the virus body instead of modifying the PE executeable's entry point.

    The variants e, f, g and l are polymorphic viruses.

    Recommend a couple of online scans.....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  10. #20
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    This is legitimate....

    O18 Extra protocols and protocol hijackers
    Field Value
    Header Protocol
    CLSID {828030A1-22C1-4009-854F-8E305202313F}
    Name msnim
    Path/File msgrapp.dll (often incorrectly listed by HijackThis as missing)
    Status L
    Description MSN Messenger 7.5
    Viewed 4873 times since Jul 8 2005, 2200 Hours UTC-4.


    "L" - Legitimate
    "O" - Open to Debate
    "X" - Malware/Bad
    "?" - Unknown

    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.