Free PC Support
PC Help Forums from the Experts at Technical-Assistance.co.uk
 
Google
 
Search The Web Search This Site
 RSS FeedRSS Feed   FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Win task Manager
Goto page 1, 2, 3, 4, 5  Next
 
Reply to topic    Free PC Support Forum Home -> Helproom
Author Message
avextraxjp



Joined: 22 Jun 2006
Posts: 331

PostPosted: Fri Aug 17, 2007 11:17 pm    Post subject: Win task Manager Reply with quote

I had tried to end a unresponding Microsoft Word Program by ending a process in the windows Task Manager. The next time the PC starts, it seems to have stopped automatically loading "Search" resulting in a blank space in the start menu when the "search button is usually found. I had also noticed that the Image Name: Macromedia.10.exe, Spoolsv.exe and Flash.10.exe that have not appeared previously in the Windows Task Manager now load itself everytime Windows XP starts.
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Sat Aug 18, 2007 8:25 am    Post subject: Reply with quote

Those files are viruses. You should run a full virus and spyware scan on your system to remove them. I would recommend disconnecting the PC from the internet until this is done.
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
avextraxjp



Joined: 22 Jun 2006
Posts: 331

PostPosted: Sat Aug 18, 2007 9:00 am    Post subject: Reply with quote

Macromedia.10.exe, Spoolsv.exe and Flash.10.exe

All 3 of them?
What do I do about the missing search button in the start menu?
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Sat Aug 18, 2007 11:01 am    Post subject: Reply with quote

Yes, all three are virus files. You will need to scan the system though to ensure all elements of any viruses are removed, in particular anything that may be running.

Once the system is clean, we can look at the Search button. You may find this returns once the PC is clean.
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
avextraxjp



Joined: 22 Jun 2006
Posts: 331

PostPosted: Mon Aug 20, 2007 7:33 am    Post subject: Reply with quote

completed virus check and deleted all infected files. The "search button is still missing and whenever I double click on the Icon of a USB flash drive in "My Computer", a "open With" dialog box appears with a list of programs.

The "options" and other buttons under the "Tools" menu are also missing in My Com puter and other Windows

regedit is disabled

Is ctfmon.exe some sort of virus or spyware, ZoneAlarm detect it as "monitoring activities"




StartupList report, 8/20/2007, 3:08:57 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\User\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlowView\Slowview.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,C:\WINDOWS\system\svchost.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
VTTimer = VTTimer.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Phime2002a = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 3,780 bytes
Report generated in 0.062 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only














uninstall_list


Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AVG Free Edition
Free DVD Ripper Version 2.25
HijackThis 1.99.1
IrfanView (remove only)
K-Lite Mega Codec Pack 1.59
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Mozilla Firefox (1.0)
MSN
Nero 6 Ultra Edition
NJStar Communicator
PowerDVD
Realtek AC'97 Audio
SlowView
SUPERAntiSpyware Free Edition
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Winamp (remove only)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
ZoneAlarm





Logfile of HijackThis v1.99.1
Scan saved at 3:12:36 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlowView\Slowview.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Wed Aug 22, 2007 5:20 pm    Post subject: Reply with quote

ctfmon.exe is not a virus, this is part of Microsoft Office.

There was a similar issue at the following link, see if the details in there help and let us know:
http://forum.technical-assistance.co.uk/task-manager-and-regedit-help-vt222.html
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
avextraxjp



Joined: 22 Jun 2006
Posts: 331

PostPosted: Fri Aug 24, 2007 12:18 am    Post subject: Reply with quote

Not working. "The command promt has been disabled by your administrator"
Back to top
View user's profile Send private message
markblu



Joined: 24 Aug 2007
Posts: 16

PostPosted: Fri Aug 24, 2007 12:23 pm    Post subject: Reply with quote

it seems you still have viruses.
disable NOTEPAD.EXE, Explorer.EXE,

anything that looks out of the ordinary

also, use google to look up the exe names of ones you don't know

did you use msconfig?

you'd probably be best doing a complete reinstall. just back up your data!
Back to top
View user's profile Send private message
markblu



Joined: 24 Aug 2007
Posts: 16

PostPosted: Fri Aug 24, 2007 12:29 pm    Post subject: Reply with quote

sorry another thing is you are trying to disable these viruses which infect files you actively open, and stop you from running for example regedit and taskman and maybe even msconfig

you can just get rid of all the viruses and run a scan without loading windows would be easier this would help you boot into it just read about it its the greatest

http://www.ultimatebootcd.com/download.html
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Fri Aug 24, 2007 4:12 pm    Post subject: Reply with quote

Did you try using regedit from Safe Mode? Pieman reported that worked for him.
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
avextraxjp



Joined: 22 Jun 2006
Posts: 331

PostPosted: Sat Aug 25, 2007 2:57 am    Post subject: Reply with quote

I don't think I know How to start WIN XP in safe mode. In help, The following instructions are given:
To start the computer in safe mode

You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

Click Start, click Shut Down, and then, in the drop-down list, click Shut down.

In the Shut Down Windows dialog box, click Restart, and then click OK.

When you see the message Please select the operating system to start, press F8.

Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.




In start, I find no "shut Down" button but a "Turn Off Computer button". There is also no "Please select the operating system to start" message during restarting.

I'm using AVG free, Why are there still viruses when I have scanned with up-to-date virus definitons?
Back to top
View user's profile Send private message
markblu



Joined: 24 Aug 2007
Posts: 16

PostPosted: Sat Aug 25, 2007 3:04 am    Post subject: Reply with quote

turn your computer off completely then turn it on and as soon as you press power start pressing F8 of your keyboard every 1 second. do not press too fast or you get keyboard error. if does not work try pressing F8 sooner or try pressing faster.

hope this helps
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Free PC Support Forum Home -> Helproom All times are GMT
Goto page 1, 2, 3, 4, 5  Next
Page 1 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 



Powered by phpBB © 2001, 2005 phpBB Group

2005 - 2017 All Rights Reserved www.technical-assistance.co.uk
Terms and Conditions