Over 1 million tech questions and answers.

Microsoft.com not opening and taskmanager and regedit disabled

Q: Microsoft.com not opening and taskmanager and regedit disabled

I am currently running windows xp on my laptop. Whenever I try to open any microsoft or microsoft related website then it says sever not found but all the other web sites are opening. I've already formatted my laptop but I still can't load any microsoft websites. I've tried stopping the DNS cilent and using antivirus and trojan remover but nothing changed and my registry eiditing and task manager is also disabled.
Please help!!!!!!

RELEVANCY SCORE 200
Preferred Solution: Microsoft.com not opening and taskmanager and regedit disabled

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Microsoft.com not opening and taskmanager and regedit disabled

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Read other 25 answers
RELEVANCY SCORE 90

Definitely infected, I am sure of that. As I don't remember disabling taskmanager or regedit myself. Another thing, I formated my system, and the problem persists. I have run out of ideas, I don't know what to do.


I do not have much experience with such matters, so I was hoping you guys could help me out.

Thanks in advance.

Read other answers
RELEVANCY SCORE 87.2

My taskmanager is greyed out when ctrl+alt+delete key is hit.
cmd and regedit when typed in run gives no result.

Then downloaded the latest updates ( symantec ) and ran a complete scan.

There was adware.lop and adware.maxsearch virus.
This was quanrantined partially.
Deleted the above file manually.

Resatrted the system and it is the same.

Ran unhook script to enter registry.

All the above procedure was as per given in symantec.

The problem still persists.



The following is the HIJACKTHIS LOG FILE ( This was scanned after doing the above procedures )

Logfile of HijackThis v1.97.7
Scan saved at 7:12:41 PM, on 9/17/2007
Platform: Unknown Windows (WinNT 5.02.3790 SP1)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Sybase\SQLANY~1\win32\dbsrv7.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Primavera\ExpeditionProfessional\jboss\bin\ExpService.exe
C:\WINDOWS\system32... Read more

A:cmd,taskmanager,regedit disabled

Followed HijackThis Five Step Process



The Panda log is as follows


Incident Status Location

Virus:W32/Sohanat.CY.worm Disinfected Operating system
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt ... Read more

Read other 6 answers
RELEVANCY SCORE 87.2

1.when i type regedit in run and press enter i get the message "registry editing has been disabled by administrator".i am the only user of the computer.
2.when i press control alt delete i get the message "taskmanager has been disabled by administrator".
3.when i go to safe mode i get a blue screen with the following stop error code.-0x0000007B(0XF78A654,0XC0000034,0X00000000,0X00000000)
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dell at 17:31:23.18 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8FAA3717-9266-4D22-A6DB-F347F56DDE7D} - No File
BHO: Google To... Read more

A:regedit and taskmanager disabled

please help me===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of th... Read more

Read other 81 answers
RELEVANCY SCORE 87.2

I know i have a malware but i don't know what to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:11 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application

Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common... Read more

A:Regedit, Cmd and TaskManager Disabled

Read other 7 answers
RELEVANCY SCORE 86

This was orignally posted on the XP forum, but I was directed to this forum instead.

I recently re-installed XP Pro SP3 (after a format) and now cannot get Task Manager or RegEdit to remain active.
Each time I log on and try to access them I get the usual message of "This has been disabled by your administrator" which is very annoying, especially since I log on as administrator!!!

Anyways, I've been searching the net and found that I can enable these by either making changes to the Group Policy, or if I run the following from the command prompt:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

This all works fine, but if I reboot my machine, then the registry settings are deleted/removed and the GroupPolicy is reset.

Hopefully I have included all the relevant files for your help

DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:16:29.31 on 15/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.87 [GMT 0:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\... Read more

A:TaskManager and RegEdit disabled after reboot

bump please

Read other 14 answers
RELEVANCY SCORE 86

Hi Guys

1st time poster.

I recently re-installed XP Pro SP3 (after a format) and now cannot get Task Manager or RegEdit to remain active.
Each time I log on and try to access them I get the usual message of "This has been disabled by your administrator" which is very annoying, especially since I log on as administrator!!!

Anyways, I've been searching the net and found that I can enable these by either making changes to the Group Policy, or if I run the following from the command prompt:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

This all works fine, but if I reboot my machine, then the registry settings are deleted/removed and the GroupPolicy is reset.

Is there anyway to make these changes permanently

A:TaskManager and RegEdit disabled after reboot

Hi ncooper1974, welcome to TSF !

If the changes don't stay you may have gotten a virus, what antivirus and firewall do you use ? Did you surf the web or download dubious files before the problem started ? Did you use a retail XP SP3 CD to install ?

Follow these instructions and create a new thread in the malware removal section :
http://www.techsupportforum.com/f50/...lp-305963.html

Read other 2 answers
RELEVANCY SCORE 86

Regedit and taskmanager disabled in my system windows XP because of virus i tried with so many softwares to remove but i failed., How can I re-enable these??
i tried HJTInstall.. this is the log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:02 PM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IPMsg\ipmsg.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\DOCUME~1\sureshk\LOCALS... Read more

A:Regedit and taskmanager disabled, How can I re-enable these??

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 86

Hi to all.
I have founded that when i copy something from my pc, i cannot paste it.
When i open notepad and when i just paste, a message is saying " Moz Worm is Back " is pasted on its own.

My task manager, regedit, cmd are also not working.
Strange thing is that when i insert my USB, they start working.
My usb was affected by a virus called _help.txt, creating txt files on every folder.

So Moz worm is a worm or virus or what i dont know.
I want a solution as i dont want to format my PC.
I have tried all renowned anti viruses, but its not detecting it.

Help me plss
HARLEY DAVIDSON

A:Regedit, Cmd and Taskmanager is Disabled by Moz Worm

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

If you cannot paste DDS.txt, just attach it along with the other files.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 86

Hey all,

A friends computer is having troubles in that Taskmanager has apparently been "disabled by the administrator", Regedit makes an error beep but does not open and Msconfig opens for a flicker of a second, and then disappears.

I have started up in Safe Mode (no Command Prompt or Networking), but the error persists.

Can someone help me out here?

Thanks,
LOT7V
 

A:Disabled Taskmanager, Regedit and Msconfig

It could be they are infected with a nasty

read this please and follow the instructions please
http://forums.techguy.org/malware-removal-hijackthis-logs/622404-please-read-here-first-before.html
 

Read other 1 answers
RELEVANCY SCORE 86

im a net cafe owner and i got a problem with some of my pc's
my task manager has been disabled, tried running regedit but cant access it. tried scanning my temp folder with AVG 8.0. it scanned some trojandownloader but it after 2 secs it stops scanning.

i already reformatted my other pc but it's still there. still cant open my taskmanager and regedit. heres the HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:06 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Mic... Read more

Read other answers
RELEVANCY SCORE 86

Hi there,
From yesterday I am having this issue. taskmanager and regedit get automatically disabled.
My AVG is going crazy throwing up infection detection.

Please help !!!

Prady

OS is Win Xp pro Sp3

A:Regedit and Taskmanager get disabled automatically

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will ... Read more

Read other 1 answers
RELEVANCY SCORE 86

Hello, I'm running on Windows XP Home, and I have goten a virus that managed to disable the use of Taskmanager and Regedit the only way I can use it is under Admistrator under safe mode I was wondering how I would let my original profile gain back control. I picked it up 4 days ago and have been reading so many already existing help fourms used a patch and a script that would fix it didn't lol. Well the maker or autor must of been good cause its been undetected by Norton (I even redownloaded it). If anyone could help it would be great.
 

A:Virus Disabled Regedit and taskmanager on XP

Hi turbulentre

Welcome to TSG!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 85.2

iv got a folder in my usb and accidently i double click it. afterwards my registry, taskmanager and folder options are disabled. when i execute regedit a dialoge apears "rigistry is disabled by administrator" .
folder version is 3.2.0.1 and its size is 262 kb. iv mcafee 8.0i which cannot detect it as virus. further more i v tried a lot of anti spyware but nothing happen. my computer is too much slow now.

i v piii 500 with windows 2000 professional. i am posting hijack this log below

Logfile of HijackThis v1.99.1
Scan saved at 1:12:39 PM, on 2/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Com... Read more

A:regedit, taskmanager and folder option disabled

Download the file UnHookExec.inf and save it to your Windows desktop.

Note: The tool has a .inf file extension.
Locate the download file, either on the Windows desktop or the floppy disk.

Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)
==========================================

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINNT\system32\RVHOST.exe

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...
==========================================

Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP only).
Create a new folder on C:\ called FileASSASSIN and extract (unzip) it to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
Open the folder and double-click on FileASSASSIN.exe.
Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
C:\WINNT\system32\RVHOST.exe
Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
Click delete and the removal process will begin.
If that did not work then, start the program again and t... Read more

Read other 2 answers
RELEVANCY SCORE 85.2

Dear Sir,
From Last three days I am trying to resolve issue with my operating system the problem is explained below
My TaskManager is Disabled I tried to access regedit but it says regedit is disabled by your administrator I tried to change settings in Gpedit for making me enable to access regedit but its of no use I tried to bring computer in safe mode but it is not accessing safe mode.
I tried to third party s/w reg manager to access my registry files but if i change key values it is working for a moment only and again some thing is changing the registery I dont know what is running behind.
please help me to resolve this issue during the period of last three day my system is facing problems with other s/w such as ms office etc are giving errors
I found when I use PC for three-Four hours the screen are displayed with data missing on it some times when i click start program it shows empty.
I found you site is expert and experienced in resolving such issues waiting for your reply.
regards
Sajid

DDS (Ver_09-07-30.01) - NTFSx86
Run by Apple at 23:57:40.67 on Fri 14/08/09
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.353.1033.18.989.433 [GMT 3:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchos... Read more

A:TaskManager,Regedit,and safe mode disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix from here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

--------------------------... Read more

Read other 2 answers
RELEVANCY SCORE 85.2

hi guys im a newbie here. i have been having this problem for a while and have searched google exhaustedly for solutions. i've tried numerous things google has produced such as running gpedit.msc and then ran this ---> REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f which seemed to work for 3-5 seconds then reverts again to the message "task manager has been disabled by your administrator. this ones a tough one for me probably a piece of cake for you guys . any help will greatly be appreciated. thanks.

A:regedit & taskmanager disabled by admin/cannot run Spybot

i also have a hijackthis logfile if necessary.

Read other 14 answers
RELEVANCY SCORE 84.4

I received a Dell Inspiron 4000 laptop from a friend who indicated it had "issues".
So I put the simple virus scan/remove program Stinger on my USB stick, plus Search&Destroy and a few other tools,
switched the USB stick to LOCKED and plugged it into the laptop.
I had already tried to run RegEdit and TaskManager and both reported "disabled by Administrator"
which is a sure sign of infection, as I was logged in with Administrator rights.
Stinger found an abundance of W32/Sality worms and one occurrence of W32/Autorun.worm.gen!job
I had to delete all infected files as Stinger could not clean them.
I tried to install AntiVirus and Anti-malware programs like AntiVir and S&D
but each process with a common anti-virus name is immediately killed,
apparently by the still present virus.
I tried using a script to enable RegEdit but the registry is immediately switched back to disable it.
I rather not re-install this machine from scratch as I do not have the original (Dell)
CDs at hand and I know that the License won't work with a generic XP install, so then
I would not be able to pass Genuine Windows certification.
Any idea how to tackle this further?
BTW, it is a Windows XP Home version.

A:TaskManager and RegEdit disabled, every AntiVirus process killed

Never mind, I read a similar problem in another thread after more searching around and I used the recommmended combination of ATF-Cleaner, MalwareBytes-AntiMalware with the downloaded update (on a clean machine) all written to a USB stick, *locked* te stick and plugged into the infected machine.Followed the instructions to run ATF-C, then MBAM installer, then update installer (All directly from the USB stick) and found 12 infections.PC seems to be clean now.Thanks for the help, even though it was addressed to someone else, it helped me too. BTW, this is the helpful thread:http://www.bleepingcomputer.com/forums/t/199073/anti-malware-programs-and-browser-forced-closings/

Read other 1 answers
RELEVANCY SCORE 83.6

I have followed the "5 Steps" and run about 6 different scanners including the recommended ones. Some of the scans always shutdown when they get to a certain file. When not in safe-mode my task manager is unaccesible as is regedit.exe. There are also many popups such as "mediapurchase" "travel04" "payunder" etc. Anyway ill post my log coz i dont understand any of it really. Thanx in advance ^_^

Logfile of HijackThis v1.99.1
Scan saved at 12:48:09 PM, on 28/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\outlook\outlook.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BulletProofSoft.com\BPSPopupShield\BPSShldAgent.exe
C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Documents and Settings\All Users\Start... Read more

A:Various constant popups, taskmanager disabled, regedit unavailable, unable to run AV

Hi and Welcome to TSF

Your SEVERLY infected...so we will do this in steps..


STEP 1
++++++++++++++++++++++++++++++++++++++++++

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/vis... Read more

Read other 2 answers
RELEVANCY SCORE 83.6

Taskmanager, Msconfg and Regedit all fail to open, plus I've been getting terrible performance.. please help me out, here's a HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:32 PM, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\netshield.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Int... Read more

A:Solved: Taskmanager, Msconfg, Regedit Disabled, Poor performance

Read other 6 answers
RELEVANCY SCORE 74.8

Hi There!
 
MWB found PUM.Hijack.TaskManager, PUM.Hijack.Regedit  and PUM.Disabled.SecurityCenter
on my computer. MWB quarantines it, but PUM keeps popping up every day. i tried using combo fix it solve the problem but after a minute it keeps coming back. i tried downloading anti viruses,hijackthis and ccleaner but all my download stops at 99%. and i tried to reformat but the virus keeps coming bakc please i need help.
 

A:i need help removing PUM.Hijack.TaskManager / PUM.Hijack.Regedit / PUM.Disabled

Hi There!
 
MWB found PUM.Hijack.TaskManager, PUM.Hijack.Regedit  and PUM.Disabled.SecurityCenter
on my computer. MWB quarantines it, but PUM keeps popping up every day. i tried using combo fix it solve the problem but after a minute it keeps coming back. i tried downloading anti viruses,hijackthis and ccleaner but all my download stops at 99%. and i tried to reformat but the virus keeps coming bakc please i need help.
 
Please close this topic. i fixed the problem myself.  i used Malicious Software Removal Tool. scan my system and fix. then after a reboot i used combo fix and after that i used malwarebytes.

Read other 2 answers
RELEVANCY SCORE 70.4

Hello there!Please help me with may problem. I've been suffring from an "attack" I don't know what it caused.I've some behavioral changes in may computer:1) My IE homepage is set to http://rnd009.googlepages.com/google.html.2) My TASK MANAGER, REGISTRY EDITOR and FOLDER OPTION IS DISABLED.3) I've found out when I transfer a file into a CLEAN/NEWLY FORMATTED Flash Drive it also send gphone.exe as I look it into the attributes of my Flash Drive.4) It also create a New Folder.exe as I transfer files. I've also notice that inside a specific folder it also created same folder. Example: I have Folder A when I transfer this Folder into my Flash Drive, it will create a folder inside my Folder A named after it.Thanks in advance guys. I also run dds for this and here is the result:DDS (Ver_09-02-01.01) - NTFSx86 Run by cssioson at 11:45:17.43 on 02-27-2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.642 [GMT 8:00]AV: avast! antivirus 4.8.1229 [VPS 090225-1] *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1&... Read more

A:IE: http://rnd009.googlepages.com/google.html, Disabled TaskManager, Disabled RegistryEditor, Disabled Folder Option, gphone.ex...

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 2 answers
RELEVANCY SCORE 66

Hello guys, this is my first post here. I have problem last few days. It could be some sort of malware or virus which cant be detected with AVG antivirus or Ad aware. This lap top hasnt been connected online for quite a while and problems started after used my USB flash disk. After that i couldnt open Task Manager(neighter with right click on task bar - text faded, nor with ctrl-alt-delete) or regedit. Also i cant boot into safe mode (when it starts, suddenly blue screen appears for a milisecond and computer restarts). I cant start AVG system scan, it reports that "application cannot run due to an error while verifying its electronic certificate". I can run AVG guard though. There was problem with C disk (i couldnt open it with double click and i had to use "explore" ). I resolved it by deleting "autorun.ini" file thru command prompt (it was hidden file and, another problem that occured, i cant edit folder options to make hidden files visible). There is also problem with language bar which is disabled and cannot be re-enabled cause its button is faded, though i dont care much about it.

I manage to enter to Task manager and regedit using trick with gpedit.msc. In "User configuration/Administrative templates/System/Ctrl+Alt+Del options/Remove task manager", default value is"not configured". I put disabled and i can use Task manager OR regedit again, but ONLY once! After i open and close ONE of those, i cant re-open it withou... Read more

A:Task Manager and regedit disabled, safe mode disabled, virus scan disabled... :s

It sounds very much like a virus. If you can get on the internet google regtools.vbs that script file should get your regedit working again but don't know for how long if it is a virus.

Read other 7 answers
RELEVANCY SCORE 63.2

Just started a little bit ago, running nod32 scan at the moment, trying to install ad-aware but I think its also blocking windows installer. I am running windows firewall on Windows 7 x64 ultimate. My chrome also refuses to open any websites, so I am forced to use IE. My control pannel opens no problems. Here is my hijackthis log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:23:16 p.m., on 22/06/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeC:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exeC:\Windows\SysWOW64\PnkBstrB.exeD:\Valve\Steam\steam.exeC:\Users\Alan\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files (x86)\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Skype�... Read more

A:Can't open cmd, taskmanager, regedit etc

Hello GresharkWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 1 answers
RELEVANCY SCORE 63.2

Hi, I think i may have an infection of some sort, and i could use some higher-up advice, I have ran AVG, Housecall, So on, but none of it seems to work Here is a HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:55 AM, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.969\BFU.exe
D:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker... Read more

Read other answers
RELEVANCY SCORE 63.2

I noticed a similar post to this earlier so I have followed the instructions to the point of creating the logfile below. HijackThis also crashed in Normal startup mode so I had to run in safe mode, I am sure this will effect the results. Anyway here is the log:-

Logfile of HijackThis v1.98.2
Scan saved at 16:57:11, on 01/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\user1\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\dwbsn.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [AayTgMA1U] C:\windows\temp\AayTgMA1U.exe
O4 - HKLM\..\Run: [Win32 USB2 D... Read more

A:Taskmanager and Regedit crashes...

Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.
Disabling System Restore in Windows XP Disable System Restore in Windows ME

IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".
Open HiJackThis. Click "Scan". Put a checkmark next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe

O4 - HKLM\..\Run: [Sygates Personal Firewall] sygs.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\dwbsn.exe
O4 - HKLM\..\Run: [WindowsRegKeys update] winsysi.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [AayTgMA1U] C:\windows\temp\AayTgMA1U.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Winmode] MCupdate.exe
O4 - HKLM\..\Run: [Microsoft Time Manager] dveldr.exe
O4 - HKLM\..\Run: [Windows Media Player] jefjlutgn.exe
O4 - HKLM\..\Run: [netservices] recall.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [System Services] connection.exe
O4 - HKLM\..\Run: [Microsoft Machine] winxp43.exe
O4 - HKLM\..\Run: [AayTgMA1U.exe] C:\windows\temp\AayTgMA1U.exe

O4 - HKLM\..\Run: [[Ephemeral 2.5] by Tre... Read more

Read other 1 answers
RELEVANCY SCORE 63.2

Hey guys, think I got infected again.

I can't open cmd, regedit or taskmanager. It says another program is using it. Did a search around google and decided to do a hijackthis log.

I'm running a Lenovo notebook with windows xp professional sp2.



Logfile of HijackThis v1.99.1
Scan saved at 5:41:49 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\Amzhar\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\sys... Read more

A:Can't open regedit, cmd or taskmanager.

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Note that this is but Round 1 of what could be several posts to clean your machine. See it all the way through till you get the "All Clear", please.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop. We'll use this shortly.
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKCU\..\Run: [Encd] "C:\PROGRA~1\COMMON~1\SMANTE~1\ntvdm.exe" -vt yazb
O4 - Global Startup: svchost.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When fin... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

I run Win2000 SP4.

Whenever I try to run regedit or taskmanager they open, and closes. I have also experienced problems with ZA, can't get it to run. I have no uninstalled this program.

I have done a virusscan using Norton Antivirus with latest updates.

Also downloaded Hijack this, log posted under.

Anyone know how to fix the problem?

Regards

Log:

Logfile of HijackThis v1.97.2
Scan saved at 21:55:31, on 18.09.2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TotalRecorder\TotRecSched.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\WINNT\sy... Read more

A:Taskmanager & Regedit closes

Read other 9 answers
RELEVANCY SCORE 63.2

Hi there, this morning I tried to run regedit, msconfig and the Windows Task Manager but I got the message that regedit was being used by another program, so I tried to run Taskmanager but nothing happened, I then thought I might have a virus Goabot or something similar, so I downloaded stinger but before this I ran my virus scanner NOD32 which came up blank, spybot and adaware se also came up blank. Stinger also came up blank.
Her is my Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:49:58, on 22/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\winupdates\serialno.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Smith\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page ... Read more

A:Unable to use Regedit or Taskmanager

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 4 answers
RELEVANCY SCORE 63.2

eurm here is my problem: i wna play a game but when im loading it and the game anti hack program is loading i get an error
and i get this error caus my taskmanager and regedit is locked
if i press alt cntr del i get a message taskmanager is locked by the administrator or something like that , caus im dutch and my pc is dutch to

here is my hijackthislog :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00, on 2008-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\pc\LOCALS~1\Temp\winvgiq.exe
C:\DOCUME~1\pc\LOCALS~1\Temp\winyyqgw.exe
C:\Program Files\Goodbye Spy\GoodbyeSpy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/... Read more

A:taskmanager and regedit problem :(

i hope some1 can help me fast , if you need more information , yust ask
 

Read other 1 answers
RELEVANCY SCORE 63.2

Hello. I had a bunch of spyware and removed with it with a combination of spydoctor, kaspersky, and malbytes but there still seems to be a little something left over somewhere and whenever I try to open task manager or regedit I get "task manager has been disabled by adminstrator". I am running Windows 7 Ultimate 64 bit. Here are my logs, thanks in advance!
DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Administrator at 17:39:39.16 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.2785 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNe... Read more

A:Cannot open taskmanager or regedit

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 29 answers
RELEVANCY SCORE 63.2

I downloaded something and It just took over my browser and desktop, it just kept coming up with AD's all over the place.

I found out that Ctrl+ALt+Del was not working, and I tried going to the registry and I got 'RegEdit is not a valid win32 Application'

After Running AD-Aware, SpyBot and CWShredder, I think I got rid of most of my problems, No more popups, and no more screen takeovers;
but

1. Regedit still brings the error, although I can get in thru Spybot
2. SpyBot is still detecting two items it can't remove and a third one that keeps coming back
3. HijackThis log looks clean to me (from my novice point of view)
4. BitDefender keeps detecting 'Trojan.Downloader' and 'Trojan.Dropper' and is failing to disinfect some files.

A:RegEdit and TaskManager not working

Please post your HJT log here for our review.

Read other 10 answers
RELEVANCY SCORE 63.2

im havin trouble my taskmanger and regedit wont open did everythin to delete spywares and w.e else..heres my logfile for HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:54:02 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Randy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.findthewebsiteyouneed.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Progra... Read more

A:taskmanager and regedit won't open

1. Please download Ewido Anti-MalwareInstall ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything wit... Read more

Read other 1 answers
RELEVANCY SCORE 63.2

Hello,
Some virus/spyware has removed my access to the taskmgr, cmd prompt and even regedit. The system is also running ridiculously slow lately.
Please tell me how to fix this.
I just don't want to gain access to the programs but I want to completely delete the 'thingy' that's doing this to my laptop.
Please somebody help asap!!

Thx in advance,
SM.

A:taskmanager, cmd, regedit unaccessible

Hi and welcome to TSF.

Please start here and follow the instructions.

http://www.techsupportforum.com/secu...sting-log.html

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

Read other 2 answers
RELEVANCY SCORE 63.2

I am new to this forum so please let me know if i'm not following proper etiquette here. I followed the thread for FORDGT, but as it went further, our lists didnt match so i'm posting here to see if i can get some help in this. i will post the hijackthis log here and add as attachment. Thank you in advance for any and all help.
the infection is- Downloader.Obfuskated and the file is: C:Windows\Temp\startdrv.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:59 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Shawn\Desktop\HiJackThis.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update... Read more

A:Solved: No taskmanager, regedit, etc.

Read other 8 answers
RELEVANCY SCORE 63.2

Hi, I'd know my way around a computer, but this problem is bugging me now..

Lets start, My family complained to me that they couldn't open task manager and norton AV. The error was that it was disabled by the admin, I am the admin so I check the settings. I change the GPO's but everytime I log on I have to force an update and taskmanager and regedit would work, I had to remove norton and install it again. I done a scan and konw problem where found. I knew that some thing was wrong in the registry as it would also be set to disable taskmanager and regedit. I can go in myself and edit them everytime but I don't want to....

Something is editing my reg. files at startup...

Here is my hijackthis log file can anyone help..

Logfile of HijackThis v1.99.1
Scan saved at 13:31:10, on 08/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.e... Read more

A:Taskmanager and regedit not working

Welcome to TSG
Click Here and download Killbox and save it to your desktop but don’t run it yet.

======================================================

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows INCLUDING THIS ONE and "fix checked"

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\initial.bat

Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
C:\WINDOWS\initial.bat

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confirmation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
=====================================================
Please download ATF Cleaner by Atribune
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected butt... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

Hi,

i am unable to open regedit, taskmanager, etc.
when i try to open regedit, it get the message
"Windows cannot find regedit"
but i can see the regedit file in SYSTEM32 folder. but its icon is different.

Also, i am unable to play audio files, i get the message
"Windows Media Player cannot play the file because there is a problem with your sound device. There may not be a sound device installed on your computer, it may be in use by another program, or it may not be functioning properly."

i am posting my HijackThis log.

Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:12 PM, on 1/4/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
E:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system... Read more

A:cant open regedit, taskmanager, etc

You appear tyo have both NOD32 and Kaspersky AVs on your system...Using more than one active AV is NEVER a good idea.. it only leads to problems..freezes..crashes etc...
Please choose one and uninstall the other.

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply .

Read other 1 answers
RELEVANCY SCORE 63.2

i've browsed through the forum and found that quite a few people had this problem. help would be greatly appreciated

i used hijackthis and this is the log i got:

Logfile of HijackThis v1.98.2
Scan saved at 10:37:42 AM, on 11/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\YahooMsgr.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\NETSTATT.EXE
C:\WINDOWS\adapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\dlexport.exe
C:\documents and settings\aerin\local settings\temp\n1xLXSL.exe
C:\documents and settings\aerin\local settings\temp\7wjC8eBe.exe
... Read more

A:taskmanager & regedit won't open

Read other 10 answers
RELEVANCY SCORE 62.8

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:07 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software... Read more

A:regedit.exe is disabled and found a virus ..removed it but still cant use regedit.exe

Hi, agarc556

Welcome.

Copy and paste the following commands one at a time in the Start-->Run dialog box and click OK.
Code:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegedit /t REG_DWORD /d 0 /f
Test and let me know the outcome.
 

Read other 1 answers
RELEVANCY SCORE 62.4

I was having a problem with a slow computer/internet connection, and while attempting to troubleshoot it, I realized that my task manager/regedit won't stay open. I ran spyware removal tools and an updated McAfee (also a defrag) but they didn't show any spyware or viruses other than some adware thing installed by daemon tools. Attached are my log files, perhaps someone can assist me in figuring out what the culprit is? Thanks in advance for any help you can offer.

(PS - I know there is a lot of software on this machine. This is a development machine. All was running fine until a few days ago.)

A:Taskmanager/regedit Won't Stay Open

Welcome to the BleepingComputer HijackThis Logs and Analysis forum toddhd You have at least one Backdoor Trojan on your pc.A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.******... Read more

Read other 1 answers
RELEVANCY SCORE 62.4

Hello and thanks in advance to anyone who helps me but to the problem i can't access my taskmanager or access regedit i used Norton in safe mode to removed so of the stuff and ran Norton in regular mode here is my hijackThis log and i also can't access my Norton antivirus now as well

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:59:07 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lsasss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlock... Read more

A:Solved: Can't Access Taskmanager or regedit

Read other 10 answers
RELEVANCY SCORE 62.4

hijack this closed before i renamed it also.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:59 AM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Documents and Settings\Radtke\Desktop\HiJackThis ew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardrunners.com/
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87... Read more

A:Taskmanager/regedit instantly closes

Hi.



Please download the OTMoveIt by OldTimer. Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\system32\winsystem.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winsystem.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winsystem.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\My_Server.exe

Reboot and post a new HJT log

Read other 1 answers
RELEVANCY SCORE 62.4

I'm using an windows xp sp2 as my OS...

what could be the problem with this?

I'll be waiting for your help.. thanks

A:Cant Open Cmd, Regedit, Msconfig, Taskmanager

Try the fix at Kelly's Korner.Lift Restrictions - TM, Regedit and CMD - #275 on the left.Right click on it and save the .vbs file to your desktop. Then, double click on the file icon (on your desktop) to run the script. You may need to reboot your computer for the changes to take affect.With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.This problem is most often caused by malware.

Read other 1 answers
RELEVANCY SCORE 62.4

ok well i think i have a virus becouse i cant open taskmanager or regedit and ive searched all over google and nothing they said helped so i thought ide try here well anyways what happens i when i press ctrl alt delete it says task manager has been disabled by your administrator and with regedit it says registry editing has been disabled by your administrator but i am the administrator there is only one account on this computer and its mine. im running windows xp and here is a hijack this log.... oh and ive even tried reinstalling windows xp a whole new windows different from the one i have it on and its still there??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:09 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Alc... Read more

Read other answers
RELEVANCY SCORE 62.4

Ran spybot (cabrotor error with every update tried) adaware, spyblaster, and registry mechanic. Ran windows update.
I can ran in safe mode once - (enough to get this log) now it won't do that again.

Please post any ideas

Logfile of HijackThis v1.99.0
Scan saved at 4:53:34 PM, on 12/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/re...c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~... Read more

A:Regedit, taskmanager, sfc will not run, computer is slow

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe) and run it. Click on the 'Delete on Reboot' button. Check 'End Explorer Shell While Killing File.' Copy and paste each of the following locations (one by one) into KillBox (check 'Unregister .dll Before Deleting' if it's not greyed out) and hit the X button for each one (when it asks you if you want to reboot, click NO):

C:\WINDOWS\system32\usb32.exe
C:\WINDOWS\system32\scvhosting.exe

Click on the Exit button (restart).

Try running your HJT in Normal Mode now. Give another in Safe Mode, if cannot get to Normal.

Read other 4 answers
RELEVANCY SCORE 62.4

Hello! I have a problem, when i press alt ctrl del the taskmanager appears for about 1 second and then closes again. The sign of the taskmanager is still on the right lower corner of the screen but when i touch it with the mouse it vanishes.
I tried to open regedit and msconfig but its just the same.
i looked the internet for help but although there are many very similar things (also taskmanager ms config regedit not working) the solutions given there do not work.
For instance i have made a copy of msconfig and renamed it, after that i could open it again. On one internet site they tell to go to Systemstart in msconfig and to delete one thing called UpdReg.
But i cant find a file named like this.
I am using windows XP. I hope someone here can help me, thank you!
 

A:Taskmanager MSConfig Regedit cannot be opened

Download and run this:
http://vil.nai.com/vil/stinger/

Re-boot....

Do this:
go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.
 

Read other 2 answers
RELEVANCY SCORE 62.4

Help. Sorry to post this again but I am having trouble with both taskmanager and regedit. Could someone please help. Thanks.

Logfile of HijackThis v1.96.0
Scan saved at 7:45:24 PM, on 8/13/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\System32\NPNFRKB.EXE
C:\WINDOWS\Config\Setup\Microsoft\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan\Local Settings\Temp\Temporar... Read more

A:[Resolved] regedit/taskmanager trouble

Read other 16 answers