1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: prob with task manager and rvhost.exe

Discussion in 'Windows XP' started by maxthor, Apr 2, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. maxthor

    maxthor Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    4
    hi there guys. i am having some problems with my task manager. i can't seem to open it. and everytime i try.. an error shows up saying that my task manager has been disabled by the administrator.. i wasn't doing anything when that happened. i was only copying some pictures from a digicam. then that error showed up. then when i restarted the computer another error showed up. it said that rvhost.exe cannot be found.

    im running windows xp pro sp2, AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ 2.60 GHz, 1.00 GB of RAM, Radeon X1550 Series.

    thank you in advance for your help. and hope to hear from you guys soon. Godbless.
     
  2. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Howdy,

    You could post your HijackThis log and see if anything shows up


    Download HijackThis to your desktop
    • Double click on HJTSetup.exe on your Desktop
    • Click Run and Install
    • It will install to Program files by default
    • it will launch Hijack This
    • Click on "scan system and save a logfile" usually in notepad
    • Copy and Paste the logfile in your next post
    • Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
     
  3. maxthor

    maxthor Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    4
    "here is my Hijackthis log file."

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:13:15 AM, on 4/3/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\GetRight\GetRight.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\jargon.vbs"
    O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck
    O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\\DataMngr\DataMngrUI.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.2.16\ilikesidebar.exe /checkforupdate
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open With GetRight Browser - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\\DataMngr\datamngr.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BroadCam Video Streaming Server (BroadCamService) - NCH Software - C:\Program Files\NCH Software\BroadCam\broadcam.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10993 bytes
     
  4. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Did you Removed a Virus or an infection recently?
     
  5. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    maxthor

    Click on Report in your post and request your thread be moved to the Security section some suspicious entries in your log
     
  6. maxthor

    maxthor Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    4
    yes i remember deleting something.. it happened when i inserted my aunts video camera via usb.. i wanted to copy videos from our family reunion last week.. when i inserted the videocam via usb my antivirus alerted me that there are some problems with the G: drive (videocam drive) my friend told me to click delete and then ok on the antivirus.. the problem continued for like 8 times so i deleted it 8 times too.. after that it stopped.. but when i tried to open my task manager i noticed that a message came up that said that my task manager has been disabled by the administrator. there is no one else that uses this computer so i don't know what happened. hope you can help me. thank you!

    >megabite- i did what you told me to do. i sent a request for my thread to be moved to the security section. can you please tell me waht are those suspicious entries in my log? and could they have caused the problems with my computer?
     
  7. antech

    antech Banned

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Heres a Simple Solution for your problem.
    Remember to set a system restore point before making any changes.
    The situation's pretty simple. If you right click on the clock in the Windows taskbar, the Task Manager item is grayed out:
    [​IMG]
    Or, if you try to run taskmgr.exe manually, you get this message:
    [​IMG]
    So, how did this happen?
    As we'll see in a moment, there are settings you can access as an administrator that would allow you to disable and enable Task Manager in this way.
    You didn't do that, you say?
    Then a virus probably did.
    Disabling Task Manager is one way viruses try to make it harder for you to deal with their infections. Before proceeding any further, you should run a complete and up-to-date anti-virus scan of your machine. It's possible, perhaps even likely, that you've been infected.
    Once you come back virus-free, you can proceed with the fix.
    •​
    If you have Windows XP Pro, there's a nifty user interface to directly edit the setting you want to repair. Click Start, then click Run and type in gpedit.msc:
    [​IMG]
    And press OK. This runs the Group Policy Editor.
    Once in the Group Policy Editor, expand in turn:
    • User Configuration
    • Administrative Templates
    • System
    • Ctrl+Alt+Del Options
    You should see something much like this:
    [​IMG]
    Double click on Remove Task Manager to change its setting:
    [​IMG]
    It should be enough to click on Not Configured and then OK and Task Manager is available once again.
    •​
    If you don't have Windows XP Pro, then you'll need to edit the registry manually.
    Click Start, then click Run, type in regedit, and click on OK.
    Expand these registry keys in turn:
    • HKEY_CURRENT_USER
    • Software
    • Microsoft
    • Windows
    • CurrentVersion
    • Policies
    • System
    You should see something similar to this:
    [​IMG]
    Right Click on the DisableTaskMgr item:
    [​IMG]
    Click on Delete, confirm that you want to delete, and Task Manager should be available once again.

    Also Download SuperAntiSpyware and MalwareBytes and perform a "FULL SCAN" and see if anything comes out.
    •​
     
  8. maxthor

    maxthor Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    4
    i have already scanned my system. i did the complete system scan. then i also did the complete system scan with my superantispyware pro. i didn't get anythng from the antivirus.. in the SAS i only got some adwares... like 12 adwares.. i will try these procedures.. thank you for your help. i will in form you if i solve the problem.

    my follow-up - the gpedit.msc work fine for me. i was able to restore the task manager. i thank you so much for your help. Godbless you guys always.
     
  9. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Do a scan with Malwarebytes....go here and click on Blue free link....download to your desktop....run and update and Scan

    http://www.malwarebytes.org/
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914219

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice