1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Info on Task Manager

Discussion in 'Windows XP' started by Vickie G, Apr 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Vickie G

    Vickie G Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    2
    I have so many more 'things' listed under PROCESSES in my Task Manager than I did , can someone tell me which ones may be junk picked up from the internet. If so , how to get rid of them?
    I have Windows XP . I am thinking there is to much 'junk' running in the background I do not need.
    the more I learn about computers the stupider I feel...please be simple.:)

    this is what is running right now:
    IEXPLORE.EXE Vickie
    Msworks.exe Vickie
    Srng.exe Vickie
    Taskmgr.exe Vickie
    Ipmon32.exe Vickie
    IPClient.exe Vickie
    Jusched.exe Vickie
    Netmeter.exe Vickie
    Srng.exe Vickie
    ccApp.exe Vickie
    WkUFind.exe Vickie
    SOUNDMAN.EXE Vickie
    Pctspk.exe SYSTEM
    NAVAPSVC.EXE SYSTEM
    CCPXYSVC.EXE SYSTEM
    NISUM.EXE SYSTEM
    CCEVTMGR.EXE SYSTEM
    Spoolsv.exe SYSTEM
    Explorer.exe Vickie
    Svchost.exe SYSTEM
    Svchost.exe SYSTEM
    Lsass.exe SYSTEM
    Services.exe SYSTEM
    Winlogon.exe SYSTEM
    Csrss.exe SYSTEM
    Smss.exe SYSTEM
    GWREMIND.EXE Vickie
    Msmsgs.exe Vickie
    WkCalRem.exe Vickie
    System SYSTEM
    System Idle Process SYSTEM
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You have at least one malware product listed there. Please download Hijackthis.
    Create a folder on your hard drive and save it there.
    Unzip the file and extract it to the folder you have created.
    Scan your machine, then click on Save Log.

    Post a copy back here and someone will be happy to review it.

    Don't make any changes until instructed to do so.
     
  3. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    You can also go to Answers That Work and look up each item on the list to identify the ones you don't need to have running.
     
  4. Firah

    Firah

    Joined:
    Apr 22, 2003
    Messages:
    765
    Thanks, Miz! I was actually hunting for that site!
     
  5. Vickie G

    Vickie G Thread Starter

    Joined:
    Apr 13, 2004
    Messages:
    2
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Srng\Srng.exe
    C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\BellSouth\Connection Tool\IPClient.exe
    C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Srng\Srng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\BellSouth\Connection Tool\IPClient.exe
    C:\!Spykiller\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bellsouth.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {54EFC990-37C5-4942-814D-8ED1E91CD895} - C:\WINDOWS\System32\iprsop.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [eac_wren] C:\DOCUME~1\Vickie\LOCALS~1\Temp\EACDownload\oodlz game.exe -k
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\BellSouth\Connection Tool\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\BellSouth\Connection Tool\IPMon32.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [c18e736c1d57e395c20368a7eb9ecaa0] C:\Documents and Settings\Vickie\Desktop\Vickie's Folder\Kazaa download.exe
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Ebates (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
    O16 - DPF: {84431AB8-1869-11D4-885A-00104B215F34} (Linkzilla Control) - http://stats.adrevservice.com/linkzilla/Lzilla.ocx
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/test/ACNePlayer.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C24073C-0010-41EB-BA93-1C6E990DBA15}: NameServer = 205.152.37.23 205.152.132.23
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2C24073C-0010-41EB-BA93-1C6E990DBA15}: NameServer = 205.152.37.23 205.152.132.23
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download Spybot http://www.sherrylynn.us/privacypolicy.htm

    Make sure to follow the instructions for updates prior to running the scan.

    Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change and the program will come back and be ready to use.

    Sometimes the default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

    Scan, click on fix problems then reboot.

    Next:

    Download AdAware http://www.lavasoftusa.com/support/download/

    Before you scan with AdAware, check for updates of the reference file by clicking

    on "Check for updates now", connect.


    Click on Start, Use custom scanning options, Customize.

    Make sure the following settings are made and on -------"ON=GREEN"

    "Scan within archives"
    "Scan active processes"
    "Scan registry"
    "Deep scan registry"
    "Scan my IE Favorites for banned URL"
    "Scan my host-file"

    Click on Tweak,
    Select scanning engine and click on "Unload recognized processes during scanning"
    Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    Then click "proceed" to save your settings.

    Click on Next

    Run the scan and fix everything.
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Launch the application, and click the "I know what I'm doing" checkbox.

    Check all instances of nmtracer.dll (and nothing else) , and move them to the "Remove" pane.
    Then click Finish.

    Now start your computer in Safe Mode and delete:

    The C:\windows\system\nmtracer.dll --> file

    Restart in safe mode Click here to see how



    Reboot and post another HJT log.
     
  8. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219969

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice