Over 1 million tech questions and answers.

blocked task manager and regedit and show hidden files option

Q: blocked task manager and regedit and show hidden files option

Hi, my computer has infected by virus, the virus created the file CF17156.exe as appear in the log file of COMBOFIX,. The virus blocked the task manager and Register editor, secondly the option show hidden folder can not be save I need every time to choose it. Could you please help me with this problem. I deleted Beisn.exe which the originally file that infected me. Can any one help me to sort the problem?the following is the log of ComboFixComboFix 08-11-17.01 - 2008-11-21 0:15:25.18 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.640 [GMT 2:00]Running from: D:\ComboFix.exeCommand switches used :: c:\documents and settings\Maged\Desktop\CFScript * Created a new restore pointFILE ::c:\windows\system32\CF17156.exec:\windows\system32\drivers\nfmnhi.sys.((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))))).2008-11-20 17:42 . 2008-11-20 03:51 1,602,969 --a------ C:\SDFix.exe2008-11-20 15:49 . 2008-11-20 15:49 <DIR> d--hs---- c:\documents and settings\NetworkService2008-11-20 15:49 . 2008-11-20 15:49 <DIR> d--hs---- c:\documents and settings\LocalService2008-11-20 04:11 . 2008-11-20 04:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2008-11-18 18:44 . 2008-11-18 18:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2008-11-18 18:43 . 2008-11-19 18:02 <DIR> d-------- c:\program files\SUPERAntiSpyware2008-11-18 18:43 . 2008-11-19 18:02 <DIR> d-------- c:\documents and settings\Maged\Application Data\SUPERAntiSpyware.com2008-11-18 18:34 . 2008-11-18 18:34 73,728 --a------ c:\windows\system32\javacpl.cpl2008-11-18 18:13 . 2008-11-18 18:34 410,976 --a------ c:\windows\system32\deploytk.dll2008-11-18 17:51 . 2008-11-19 18:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy2008-11-18 17:51 . 2008-11-19 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-18 17:02 . 2008-11-18 17:02 <DIR> d-------- c:\program files\Trend Micro2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\windows\Recent2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\windows\Cookies2008-11-17 20:48 . 2008-11-17 20:48 4,024 --a------ c:\windows\system32\tmp.reg2008-11-17 20:47 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe2008-11-17 20:47 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe2008-11-17 20:47 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe2008-11-17 20:47 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe2008-11-17 20:47 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe2008-11-17 20:47 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe2008-11-17 20:47 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe2008-11-17 20:47 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe2008-11-17 20:47 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe2008-11-17 20:47 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe2008-11-17 11:42 . 2008-11-17 11:42 <DIR> d-------- c:\program files\AnVir Task Manager Pro2008-11-17 11:41 . 2008-11-17 11:41 <DIR> d-------- c:\program files\Common Files\Download Manager2008-11-12 19:49 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys2008-11-12 19:45 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll2008-10-30 18:36 . 2008-10-30 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2008-10-29 06:44 . 2008-10-30 18:20 <DIR> d-------- c:\program files\Recovery Toolbox for RAR2008-10-24 08:35 . 2008-10-15 18:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll2008-10-23 12:21 . 2008-10-23 12:22 <DIR> d-------- c:\documents and settings\Maged\.idlerc2008-10-23 10:50 . 2004-08-04 15:00 1,039,955 --a--c--- c:\windows\system32\dllcache\cmnresm.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-18 16:34 --------- d-----w c:\program files\Java2008-11-15 09:20 --------- d-----w c:\documents and settings\All Users\Application Data\pdf9952008-11-09 10:37 --------- d-----w c:\program files\Common Files\Adobe2008-10-28 17:57 --------- d-----w c:\program files\Free Download Manager2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-16 10:40 --------- d-----w c:\documents and settings\Maged\Application Data\gtk-2.02008-10-13 15:05 --------- d-----w c:\program files\Veritask Software2008-10-13 12:47 8,959 ----a-w c:\windows\system32\drivers\U3sHlpDr.sys2008-10-13 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\TST Biometrics2008-10-13 11:20 --------- d-----w c:\program files\ImageJ2008-10-12 19:08 --------- d-----w c:\program files\Gimp-2.02008-10-12 19:02 --------- d-----w c:\program files\Priore2008-10-10 09:22 --------- d-----w c:\documents and settings\Maged\Application Data\FinalBurner .ISO2008-10-10 09:20 --------- d-----w c:\documents and settings\Maged\Application Data\ImgBurn2008-10-10 09:14 --------- d-----w c:\program files\ImgBurn2008-10-10 09:14 --------- d-----w c:\documents and settings\Maged\Application Data\DeepBurner2008-10-10 09:10 --------- d-----w c:\program files\Astonsoft2008-10-10 08:54 --------- d-----w c:\program files\CDBurnerXP2008-10-10 08:54 --------- d-----w c:\documents and settings\Maged\Application Data\Canneverbe_Limited2008-10-07 19:28 --------- d-----w c:\program files\Windows Live Safety Center2008-10-05 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia2008-05-23 11:02 44,120 ----a-w c:\documents and settings\Maged\Application Data\GDIPFONTCACHEV1.DAT2007-12-30 22:45 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat.((((((((((((((((((((((((((((( [email protected]_16.35.39.60 ))))))))))))))))))))))))))))))))))))))))).- 2005-11-28 20:55:58 118,784 ----a-w c:\windows\system32\igfxpers.exe+ 2005-11-28 20:55:58 188,416 ----a-w c:\windows\system32\igfxpers.exe- 2008-06-09 22:21:01 135,168 ----a-w c:\windows\system32\java.exe+ 2008-11-18 16:34:28 144,792 ----a-w c:\windows\system32\java.exe- 2008-06-09 22:21:04 135,168 ----a-w c:\windows\system32\javaw.exe+ 2008-11-18 16:34:28 144,792 ----a-w c:\windows\system32\javaw.exe- 2008-06-09 23:32:34 139,264 ----a-w c:\windows\system32\javaws.exe+ 2008-11-18 16:34:28 148,888 ----a-w c:\windows\system32\javaws.exe+ 2008-11-20 22:20:06 16,384 ----atw c:\windows\temp\Perflib_Perfdata_cc.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 172032]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 159744]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 831577]"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 421888]"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 151552]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 196608]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 745542]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 680006]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 561152]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 255528]"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 483328]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 210328]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 117616]"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 c:\windows\RTHDCPL.exe]"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]"TFncKy"="TFncKy.exe" [BU]"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 161184][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"= 1 (0x1)"DisableRegistryTools"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]"Debugger"=dummy.dat[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]"Debugger"=dummy.dat[HKLM\~\startupfolder\C:^Documents and Settings^Maged^Start Menu^Programs^Startup^desktop.ini]path=c:\documents and settings\Maged\Start Menu\Programs\Startup\desktop.inibackup=c:\windows\pss\desktop.iniStartup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001"UacDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001"FirewallOverride"=dword:00000001"UpdatesDisableNotify"=dword:00000001"UacDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"="c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"="c:\\Program Files\\Synaptics\\SynTP\\Toshiba.exe"="c:\\WINDOWS\\system32\\igfxtray.exe"="c:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"="c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\tosBtProc.exe"="c:\\WINDOWS\\ALCMTR.EXE"="c:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"="c:\\WINDOWS\\system32\\hkcmd.exe"="c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"="c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"="c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"="c:\\WINDOWS\\AGRSMMSG.exe"="c:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"="c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"="c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"="c:\\WINDOWS\\system32\\ctfmon.exe"="c:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"="c:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe"="c:\\WINDOWS\\RTHDCPL.EXE"="c:\\WINDOWS\\VFIND.exe"="c:\\WINDOWS\\system32\\CF22634.exe"="c:\\WINDOWS\\system32\\igfxpers.exe"=R2 U3sHlpDr;U3sHlpDr;\??\c:\windows\System32\Drivers\U3sHlpDr.sys [2008-10-13 8959]R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nfmnhi.sys []S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Maged\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]\Shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a3c793-c050-11dc-9581-0018dea43156}]\Shell\Auto\command - app.exe\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]\Shell\AutoRun\command - browser.exe.Contents of the 'Scheduled Tasks' folder2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]2008-11-20 c:\windows\Tasks\User_Feed_Synchronization-{0BE07DAD-2789-4A5B-95AC-ED3C97B2E235}.job- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36].**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-21 00:21:05Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Java\jre6\bin\jqs.exec:\program files\CDBurnerXP\NMSAccessU.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exec:\program files\Toshiba\TOSHIBA Controls\TFncKy.exec:\program files\Synaptics\SynTP\Toshiba.exec:\windows\system32\TPSBattM.exec:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe.**************************************************************************.Completion time: 2008-11-21 0:30:27 - machine was rebootedComboFix-quarantined-files.txt 2008-11-20 22:30:24ComboFix2.txt 2008-11-20 19:12:04ComboFix3.txt 2008-11-20 18:26:47ComboFix4.txt 2008-11-20 16:10:01ComboFix5.txt 2008-11-20 22:14:45Pre-Run: 31,933,108,224 bytes freePost-Run: 31,724,781,568 bytes free230 --- E O F --- 2008-11-13 07:23:03

RELEVANCY SCORE 200
Preferred Solution: blocked task manager and regedit and show hidden files option

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: blocked task manager and regedit and show hidden files option

Hi, My computer was infected. The virus disable the task manager, register edit and firewall and can not install some antivirus on my machine or open website like trend micro, when I access on internet the virus download three files in my Temp folder. I attach the HijackThis log file and the Combofix as well. Another point, I have linux this computer, Can this virus hidden on linux?ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:26 AM, on 11/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\Tvs\TvsTray.exeC:\Program Files\Synaptics\SynTP\Toshiba.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wuauclt.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exeO4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscanO4 - HKUS\S-1-5-19\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe--End of file - 4482 bytes____________________________________________________________________________________________________________________________ComboFix 08-11-17.01 - Maged 2008-11-22 22:46:16.34 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.675 [GMT 2:00]Running from: D:\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 ))))))))))))))))))))))))))))))).2008-11-22 22:13 . 2008-11-22 22:13 <DIR> d-------- C:\rsit2008-11-22 22:07 . 2008-11-22 22:12 <DIR> d-------- c:\program files\SpywareBlaster2008-11-22 21:49 . 2008-11-22 21:49 <DIR> d-------- C:\Rustbfix2008-11-22 21:32 . 2008-11-22 21:32 <DIR> d-------- C:\VundoFix Backups2008-11-22 21:22 . 2008-11-22 21:22 <DIR> d-------- c:\documents and settings\Maged\Application Data\Malwarebytes2008-11-22 21:22 . 2008-11-22 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2008-11-22 19:23 . 2008-11-22 19:23 7,680 --ahs---- c:\windows\system32\Thumbs.db2008-11-22 09:00 . 2008-11-22 20:10 <DIR> d-------- C:\SDFix2008-11-21 10:41 . 2008-11-21 10:41 <DIR> d-------- c:\program files\Lavasoft2008-11-21 10:40 . 2008-11-21 11:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft2008-11-21 03:06 . 2008-11-22 20:13 <DIR> d-------- c:\windows\system32\CatRoot22008-11-20 15:49 . 2008-11-20 15:49 <DIR> d--hs---- c:\documents and settings\NetworkService2008-11-20 15:49 . 2008-11-20 15:49 <DIR> d--hs---- c:\documents and settings\LocalService2008-11-18 18:44 . 2008-11-18 18:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2008-11-18 18:43 . 2008-11-21 21:01 <DIR> d-------- c:\program files\SUPERAntiSpyware2008-11-18 18:43 . 2008-11-21 21:01 <DIR> d-------- c:\documents and settings\Maged\Application Data\SUPERAntiSpyware.com2008-11-18 18:13 . 2008-11-18 18:34 410,976 --a------ c:\windows\system32\deploytk.dll2008-11-18 17:51 . 2008-11-21 19:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy2008-11-18 17:51 . 2008-11-21 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-18 17:02 . 2008-11-18 17:02 <DIR> d-------- c:\program files\Trend Micro2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\windows\Recent2008-11-18 13:03 . 2008-11-18 13:03 <DIR> d-------- c:\windows\Cookies2008-11-17 20:48 . 2008-11-17 20:48 4,024 --a------ c:\windows\system32\tmp.reg2008-11-17 20:47 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe2008-11-17 20:47 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe2008-11-17 20:47 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe2008-11-17 20:47 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe2008-11-17 20:47 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe2008-11-17 20:47 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe2008-11-17 20:47 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe2008-11-17 20:47 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe2008-11-17 20:47 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe2008-11-12 19:49 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys2008-11-12 19:45 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll2008-10-30 18:36 . 2008-11-22 22:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2008-10-29 06:44 . 2008-10-30 18:20 <DIR> d-------- c:\program files\Recovery Toolbox for RAR2008-10-24 08:35 . 2008-10-15 18:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll2008-10-23 12:21 . 2008-10-23 12:22 <DIR> d-------- c:\documents and settings\Maged\.idlerc2008-10-23 10:50 . 2004-08-04 15:00 1,039,955 --a--c--- c:\windows\system32\dllcache\cmnresm.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-21 17:26 --------- d-----w c:\program files\ImageJ2008-11-21 17:24 --------- d-----w c:\program files\Java2008-11-15 09:20 --------- d-----w c:\documents and settings\All Users\Application Data\pdf9952008-11-09 10:37 --------- d-----w c:\program files\Common Files\Adobe2008-10-28 17:57 --------- d-----w c:\program files\Free Download Manager2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll2008-10-16 10:40 --------- d-----w c:\documents and settings\Maged\Application Data\gtk-2.02008-10-13 15:05 --------- d-----w c:\program files\Veritask Software2008-10-13 12:47 8,959 ----a-w c:\windows\system32\drivers\U3sHlpDr.sys2008-10-13 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\TST Biometrics2008-10-12 19:02 --------- d-----w c:\program files\Priore2008-10-10 09:22 --------- d-----w c:\documents and settings\Maged\Application Data\FinalBurner .ISO2008-10-10 09:20 --------- d-----w c:\documents and settings\Maged\Application Data\ImgBurn2008-10-10 09:14 --------- d-----w c:\program files\ImgBurn2008-10-10 09:14 --------- d-----w c:\documents and settings\Maged\Application Data\DeepBurner2008-10-10 09:10 --------- d-----w c:\program files\Astonsoft2008-10-10 08:54 --------- d-----w c:\documents and settings\Maged\Application Data\Canneverbe_Limited2008-10-07 19:28 --------- d-----w c:\program files\Windows Live Safety Center2008-10-05 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll2008-05-23 11:02 44,120 ----a-w c:\documents and settings\Maged\Application Data\GDIPFONTCACHEV1.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 172032]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 159744]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 831577]"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 421888]"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 151552]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 196608]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 745542]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 680006]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 561152]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 255528]"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 483328]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 117616]"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 c:\windows\RTHDCPL.exe]"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]"TFncKy"="TFncKy.exe" [BU]"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1814528]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 161184][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"= 1 (0x1)"DisableRegistryTools"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]"Debugger"=dummy.dat[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]"Debugger"=dummy.dat[HKLM\~\startupfolder\C:^Documents and Settings^Maged^Start Menu^Programs^Startup^desktop.ini]path=c:\documents and settings\Maged\Start Menu\Programs\Startup\desktop.inibackup=c:\windows\pss\desktop.iniStartup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001"UacDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001"FirewallOverride"=dword:00000001"UpdatesDisableNotify"=dword:00000001"UacDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\AGRSMMSG.exe"="c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosAVRC.exe"="c:\\WINDOWS\\system32\\igfxpers.exe"="c:\\WINDOWS\\system32\\igfxtray.exe"="c:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"="c:\\WINDOWS\\system32\\hkcmd.exe"="c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"="c:\\WINDOWS\\system32\\TPSMain.exe"="c:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"="c:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe"="c:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"=R2 U3sHlpDr;U3sHlpDr;\??\c:\windows\System32\Drivers\U3sHlpDr.sys [2008-10-13 8959]R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nfmnhi.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]\Shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a3c793-c050-11dc-9581-0018dea43156}]\Shell\Auto\command - app.exe\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]\Shell\AutoRun\command - browser.exe.Contents of the 'Scheduled Tasks' folder2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]2008-11-22 c:\windows\Tasks\User_Feed_Synchronization-{0BE07DAD-2789-4A5B-95AC-ED3C97B2E235}.job- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}uInternet Connection Wizard,ShellNext = iexploreO16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabc:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-22 22:49:29Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-11-22 22:54:31ComboFix-quarantined-files.txt 2008-11-22 20:54:29ComboFix2.txt 2008-11-22 17:47:35ComboFix3.txt 2008-11-22 16:47:32ComboFix4.txt 2008-11-22 16:23:53ComboFix5.txt 2008-11-22 20:46:05Pre-Run: 32,073,842,688 bytes freePost-Run: 32,061,071,360 bytes free198 --- E O F --- 2008-11-13 07:23:03

Read other 2 answers
RELEVANCY SCORE 119.2

When I try to go into Task Manager "Has been blocked by your Administrator" pops up. For folder option, i found it missing from tools. Plus when i run the regedit, it just show up for a second and then disappear. I am the only one who uses this pc so I was confused at first but then concluded that their must be something running that I don't know about. Here is my HiJackThis log, i'm not sure how much you will need so ill post the whole thing. Thanks for your help guysLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:27:56 PM, on 10/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\Explorer.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\... Read more

A:Regedit, Folder Option and Task Manager "blocked By Administrator"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 112.8

Well, I officially got a bad one...

I work on computers everyday, and know alot about removal, and I am quite shocked that I was not able to do anything with this...

Here are the symptoms:

No Task Manager - I ran a small line that re-enables it, but in about 5 seconds it is disabled again

No regedit - I ran another command, it brings it back for 5 seconds as well, then it is disabled.

Cannot view hidden files - I put a tick in for "Show hidden files and folders" I can see them for 5 seconds, then nothing.

So, I ran alot of scans (I will name them) and none of them worked, I was going to do them all in safe mode now... but now whenever I try to reboot into safe mode, i get a STOP: ox00000007b error (never happened before)

It is a trojan downloader for sure... in netstat, I can see a bunch of connections randomly appear, then my anti virus goes nuts, and Heals those files, but after about 10 minutes it does it over again...

My computer now has a bunch of weird connections to my router... never saw that before (about 8 connections to it)

Sadly, I clicked on one link, a popup came, a windows installer window, and thats what caused this all, I clicked cancel on the MSI window, but it didnt help...

So far I ran:

HJT (no suspicious entries thru my eyes)
Adaware 2007
Spybot 1.6
SUPER Anti-spyware
Trojan Hunter
Malware Bytes
AVG (but it caused my computer to crash about 150k files in)
And ComboFix

Nothing has changed the status... ... Read more

A:No Task Manager/Regedit/Hidden files

Well, I solved my own problem...

Since nobody here could help me, hopefully this will help someone else...

I downloaded AntiVir and scanned... and it got rid of the virus... along with half of my applications...

I got the W32/Sality.AA virus from a website, it automatically installed, I plan on taking any action I can against the site.

But I lost alot of my executables, including my old anti-virus...

System Restore wouldnt work either... but if these symptoms are happening to you after typical scans, you probably have the Sality.AA virus.

Read other 1 answers
RELEVANCY SCORE 106.8

Thanks in advance to those who could help!
My task manager and folder option to see hidden files is disabled. It started when a friend got her USB flash drive used in my PC. The AVG anti virus has detected the virus but to my surprise after scanning the flash drive and the virus was vaulted my PC still got infected. Here I include my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:43 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SSCVIHOST.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:... Read more

A:Solved: Task manager & hidden files option not accesible

Read other 16 answers
RELEVANCY SCORE 97.2

When I try to go into Task Manager or Regedit the error "Has been blocked by your Administrator" pops up. I am the only one who uses this pc so I was confused at first but then concluded that their must be something running that I don't know about. Here is my HiJackThis log, i'm not sure how much you will need so ill post the whole thing. Thanks for your help guysRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEc:\windows\system32\rlvknlg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ezSP_Px.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Ah... Read more

A:Regedit And Task Manager "blocked By Administrator"

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

The top header of your log is missing. Please repost your log to include the header information.

Also I would like to ask you to change your avatar. There is a line for these things and I think that is on the wrong side of it.

Read other 21 answers
RELEVANCY SCORE 94.8

Hi,

I have a desktop and laptop at my house and my sister has been using my laptop for sometime. One day she told me that there was a virus on the computer. There was a message bumping up and down saying "This computer is being attacked". I was able to remove the virus but the computer was running so slow. So i opened the task manager and it says "Task Manager has been disabled by your administrator". Same thing with regedit and hidden file folders. i have tried a lot of ways and the closest thing i have come up with was to go to safemode, it is giving me the same error message when i try to open it from there. So now i am asking for help from you guys. Here is the most recent log from HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 2009-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restricti... Read more

Read other answers
RELEVANCY SCORE 94.4

hi i'm using windows xp and vista together.in windows xp virus are main problem me. some viruses attack the task manager, folder option and regedit at the same time. so we can't see the folder option in tools menu and control panel. also we can't open task manager. it will not appear even if we press Ctrl+Alt+delete. if we pressed it will say administrator has blocked the task manager. task manager name which is in the task bar it will be not active. and we can't open regedit. if we open it it says also administer has blocked the regedit. and we can't open CMD also. some time we can't install any programe. this time we can delete the virus( if you use kaspersky or AVG). but i couldn't open task manager, folder option, regedit and other option. so if i deleted the virus then how can show the folder option in tools menu and control panel. how can open task manager?how can open regedit. i think virus rewrite something in those execute files. therefor we couldn't open it. is there any solution for this problem i can say viruses name like this.
SVCHOST.EXE
crazya.exe

and there are some other virus. but i can remove other virus without a anti-virus software. sometime we can see the folder option in the menu option. but we can't chenge show hidden option in view tab. if we change it won't change. this time if we use anti-virus software it will delete that software, but still we couldn't change show hidden option. for this ... Read more

A:Virus attack to task manager, folder option and regedit

Please go here and follow the steps:
New malware cleaning instructions from TechSpot: http://www.techspot.com/vb/post645589-1.html

Post a new thread in the Security Forum with note of the problem and attach the logs.
 

Read other 1 answers
RELEVANCY SCORE 94.4

Hi guys ,

If I am Not wrong then There are numerous members out here who are facing the same problem which i am facing with my comp (Recently ).As I have seen it on many websites , members asking for help.

This virus disables Task manager, Regedit , Folder optins, etc and slows down the pc. After a lot of search online i came to know that this virus can be a
BRONTOK VIRUS.Guys i need help removing this virus from my pc, , every time i Turn on the Computer first of all the Yahoo messenger pops up (AUTOMATICALLY, even after disabling it from autostart). and then the Task manager or regedit wont work, .. I also noticed folders like Gphone.exe and Newfolder.exe on my C drive , which i know are Virus's . So please Techi's help me out removing these vrius's from my PC as I love my computer its 12 yrs Old , specifications are as below

WINDOWS XP PRO
SP2
P4
1.5 MGHZ
512 RAM

Waiting for your reply as I know there are several other Members (atleast in asia side) who are infected with this Virus.

Cheers
SAGAR

A:Help!Task manager,regedit,folder option disabling virus

DDS LOG


DDS (Ver_09-07-30.01) - FAT32x86
Run by amit at 10:02:47.85 on Mon 07/13/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.232 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
D:\software\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStar... Read more

Read other 19 answers
RELEVANCY SCORE 92

You
can access Command Prompt,reg-edit, and task manager on a computer where its disabled with no admin rights. You can do this by copying the files for Cmd,regedit, and task manager, to a writable location. Then you can edit them with a binary editor to run regardless
of the policies set up. . The reason this works is because when Microsoft was coding Windows, , they decided they'd rather have it be more open than closed. When the command line starts, it checks a value in the registry to see if it can run. When you do this
your changing the registry location it looks in. Therefore it doesn't find the restriction in the registry. As a result, it allows execution. Once you've changed this one binary value, it will work on any school, work, or home computer that has it disabled.
Also on 64 bit versions of windows 7 and 8 you also need to copy the En-US folder from System32 and paste it in the folder with the binary edited CMD file. This is so it can load all the commands properly. I am not responsible for what you do. Have fun. The
unicode strings are CMD- disablecmd, Regedit- disableregistrytools. You can also use this method to access a disabled task manager. 
Note: When doing this put the files
into a place you can write to like a flash drive or the desktop, or else you won't be able to make the edits. You can do this all on a standard account. You don't need to be a Administrator. 

Video link that demonstrates flaw

https://www.youtube.com/watch?... Read more

Read other answers
RELEVANCY SCORE 90.8

hi,
i just noticed that the option of show hidden files has disappeared from the folder options menu...
i read on this forum to post a log of a scan of hijackthis...
i am attaching a log...
please if some one can help me

Read other answers
RELEVANCY SCORE 88.8

Earlier too I had similar problem It was due to w32sillydc problem. I got it solved with this forum's help at W32.sillydc Infection, Infection to usb pen drive and then to desktop- unable to removeAfter that I loaded spybot search & destroy free, windows defender free , AVG 7.5 free , Spywareblaster free , Superantispyware, a2 free version, I also have latest yahoo tool bar spyware scanning tool, and even clamwin.Ok. Still I was infected by virus through a USB pen drive. But this time I do not why and how. It seems Spybot S&D did not work? I rbr that I ddenied changes to my registry and told it to remember my decision also as that message was repeatedly coming fast and even though once I told it to remember the box kept coming and vanishing near m system tray. It was disturbing me a lot. So i rebooted.. and maybe then in that rebooting time or some gap when spybot was not functioning it got installed?? This is question-1 . What do you think the reason for the infection was? Ok before you reply to above let me tell you that all the signs of infection I got was that my hidden files and folders got hidden and could not be restored using tools options feature!Yet no amount of scanning and even online scan through panda and trendmicro and norton could find it (Bitdefender does not work on my pC for some reason)And I also used a RRT. exe program from the internet. It just made my hidden files and folders visible. And then I could not see any autorun.onf file&#... Read more

A:Usb Virus- Show Hidden Files Option Not Working

please clarify; do you have TWO antivirus programs on there; avg7.5 and clamwin?
if your computer is still infected can you update super; reboot and run a FULL deep scan with it

then post the log report FROM that scan for examination>

Read other 8 answers
RELEVANCY SCORE 88

i'm sick of looking for solutions...i've looked everywhere...every forum every antivirus site...but the damn problem wont get fixed...i plugged in my sisters usb drive into my pc, scanned it using avg antivirus and anti spyware, it found a virus on the pen drive, deleted it, suddenly two more viruses were detected, and quarantined, in my temp folder, and all my hidden files were gone. I tried selecting the "show hidden files and folders" and unchecking the "hide system files" options in folder options, no change. Infact when i went back to the folder options, "do not show hidden files and folders" was selected and "hide system files was checked". WHAT DO I DO NOW? Someone please give me a solution. I've tried solutions given to other people with the same problem on this forum but nothing worked.
I would really appreciate some help.
 

A:please help me....show hidden files and folders option doesnt work...

Read other 13 answers
RELEVANCY SCORE 87.2

Hey all. Super frustrated. Cannot install AV program to remove it. Thank you all.

A:Virus deactivating regedit, task mgr, new program install, wireless internet, hidden files

In particular I can install software but it cancels installation or blocks installation of antivirus programs. It also selectively blocks access to online virus scanning sites. Seems to behave slightly like conficker but the online detection tools and remove tools do nothing. Used AnVir Task Manager but no unsual processes were seen. Thanks!

Read other 4 answers
RELEVANCY SCORE 83.6

My friend has some important photos in his memory card which is in cell
phone.
They are not appearing in the cell phone.
But, they are appearing in my PC when connected using the data cable (

USB ) and after checked the option "show hidden files and folders".
They are reappearing in the cell phone after deleting and recopying
the files to cell phone.

My question is ,the "show hidden files and folders" is a option in
windows based operating systems. But, why it is effecting the memory
card. Why they are not appearing in the cell phone.

Thank you for your consideration.
 

A:Files are hiding in memory card? The "show hidden files and folders" option.....

I got the answer, thank you.

The properties of the file has changed to 'hidden'.
I have unchecked the "hidden" option in the file properties.
 

Read other 1 answers
RELEVANCY SCORE 82.4

That's what's been bothering me. Also, I cannot access certain files like some of my games and I'm always told that they have encountered a problem and must be closed. Please help. >.<

Here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:28 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\WISPTI... Read more

A:Task Manager Problem + Cannot Display Hidden Files and Folders

Welcome to TSG
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

 

Read other 1 answers
RELEVANCY SCORE 81.6

I'm trying to fix a computer for a friend and I do know that they have internet security tools malware on there....among other malware. I have been able to install Malware bytes but can't get it to run.(even in safe mode) Spybot installation almost finishes but takes me to the blue memory dump screen at the last second. Taskmanager has been disabled and I can't even get to it from a dos prompt. I have tried to get the rkill file off the internet to kill the processes but keep getting redirected away from the site. I'm pretty much on my last hope and need some help. Here is the Hijack log. Any help would be GREATLY appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:18:12 PM, on 1/24/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16982)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\smss32.exeC:\Program Files\IObit\IObit Security 360\is360.exeC:\Program Files\IObit\IObit Security 360\is360tray.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\InternetSecurity2010\IS2010.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch... Read more

A:Internet Security malware w/ .exe files & task manager blocked from running....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 81.6

hey

Im a new member to this community .

As topic name suggests i can not able to access task manager , Registry editor and unable to see hidden files
also my computer dont get boot in safe mode
Thx in advance

A:Task Manager ,Registry Editor disabled cant view hidden files

Hi and welcome. Are you running Xp or Vista? What is your installed antivirus?

Read other 13 answers
RELEVANCY SCORE 80

Hi,
for some strange reason I can't seem to check the "Show hidden files and folders" option, every time I do so it reverts back to "Do not show hidden files and folders".

Has anyone had the same problem. This feels so stupid. Please help me. Thanks.
 

A:Checking the "Show hidden files and folders" option in Windows XP

Hi and welcome, are you applying the change? Not just X'ing out and closing the box?
 

Read other 3 answers
RELEVANCY SCORE 80

I am not able to view hidden files and folders because i cannot find the option "Show hidden files and folders". Look at the image below to know how the window looks. Some people said it could be a possible virus that has disabled that option. I thourougly scanned the pc with Kaspersky Internet security 2011, but could not find any thing. Please help me solve this problem. I cannot view any hidden files or folders. Look at the image below
https://picasaweb.google.com/lh/photo/QuoTbqEyY8qvx9HJfP4A0g?feat=directlink
 

A:"Show hidden files and folders" option not present. HELP

Read other 16 answers
RELEVANCY SCORE 80

Hi, guys.

After my pc has been infected by the "bagle prague" (hldrrr/wintems/flec006/srosa) i got cleaned by a software called Regrun. But the malwares have left some problems on my pc. The main problem is : In Control Panel / Folder option / View, i canīt find the options related to "show hidden files". In this forum there is a solution already posted,but it didnīt solve my problem.
The member says to go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
and change the value into "group" My problem is : I do not have this last folder in the registry line ("hidden").
I mean, there is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder] and in this folder ("folder") thereīs no "hidden" folder. So I canīt change the value of "hidden" īcause thereīs no "hidden". Help me please, thanks.
 

A:Option "show hidden files" in controlpanel->folder options disappeared

Greetings pokemon2005, Welcome To TSG

Show hidden files and folders - option missing or does not work
http://www.winhelponline.com/blog/show-hidden-files-and-folders-option-missing-or-does-not-work/
 

Read other 1 answers
RELEVANCY SCORE 80

somebody pls help me
i got hit by some virus(trojan i think ) and try to run norton but notron cannot clean some suspect file. it show
- error opening (Access denied)[4] or
- error opening (folder locked)[4]
after running norton i found that 'folder options' from Tools command is diappear
i download and repaire registary as kiwiguy suggest

kiwiguy said:

Go here:
http://www.kellys-korner-xp.com/xp_tweaks.htm

Read the heading as to how to apply these Registry "fixes", and then scroll down to number 129 and click on it to download the registry script to correct this problem.Click to expand...

now i can see 'folder options' but cannot find 'show hidden file and folder' checkbox
pls help me, thank in advance!!!!
 

A:checkbox for "show hidden files and folders" disappear from folder option

Read other 7 answers
RELEVANCY SCORE 78.8

can ny one please solve this problem,.....i'm not able to see "show hidden files option" in the folder options........
the display can be found in the attachment....
 

Read other answers
RELEVANCY SCORE 78.8

Strange are the ways of Windows. After an episode with a Worm/Small.2.F, I cannot set the option <My Computer/Tools/Folder Options/View/Show Hidden Files> Once I check this box and click 'Apply', the hidden files don't show and then on clicking 'OK'. it reverts back to <...Do Not Show Hidden Files>. Please help.

I had installed Avast Anti-Virus after the Worm infection because my existing AVG anti-virus was unable to 'delete' or 'heal' infected files (although it did detect them). I've now uninstalled it yet the problem remains (it has occurred after Avast installation though I'm not sure the two are connected). Any Experience, Strength & Hope?!

A:Cannot set option"show hidden files"

follow the five steps and check you have got rid of the infections
http://www.techsupportforum.com/showthread.php?t=15968

Read other 3 answers
RELEVANCY SCORE 75.2

Hi,

I am guessing this will be either incredibly easy and I am missing something, or incredibly difficult to achieve.

But what I am wanting is to setup my system so that one partition has the ability to view all of the hidden windows files and folders and also hidden system files.

However at the same time for none other partitions on my PC to have this ability.

I can set this up affecting all paritions but there are some that I do not want this feature on.

I know I can laboriously keep switching it back and forth on the drive I want but I would not like to have to do this unless absolutely necessary.

So does anyone know any method that I can achieve what I am wanting.

Thanks
Anthony

Read other answers
RELEVANCY SCORE 74.8

Hi,
Does anyone know where Task Scheduler toggles the "Show Hidden Tasks" ? I tried to see if i could locate it with procmon but i can't see it does it in the registry.
Somehow "Show Hidden Tasks" is enable by default. I want it to be disable by default.

BR
René

A:Task Scheduler - Show Hidden Task

Here's a general tip for discovering such things:
1.  Run regedit and right-click on Computer at the top, then export the entire registry to a .reg file.
2.  Change the setting.
3.  Repeat step 1 again and export to a different .reg file.
4.  Use a text file comparison tool to determine what's changed between the before and after .reg files.
Since some things may have changed for unrelated reasons, you may have to use a bit of intuition, but if you get the task done fairly quickly and without doing much in between, usually the number of changes are minimal and the actual setting you seek
is obvious.
 
-Noel





Detailed how-to in my eBooks:  


Configure The Windows 7 "To Work" Options
Configure The Windows 8 "To Work" Options

Read other 5 answers
RELEVANCY SCORE 74

Hey Guys, I cannot find a soultion to this problem. I was using my desktop like normal then an error came up saying that there was a hdd failure, and that i needed to scan for errors. all my files disappeared and only this error would come up. There would be hundreds of the same msg spamed on my screen. I scaned my hdd for errors using my Bios/Advanced options and no errors came up. I decided to take out the hdd and put it into my External Hdd bay to hook up to my laptop to extract the data off it.

When i hooked it up to my laptop it showed up empty. I went into folder options and clicked on show hidden files and folders. Everything came up but it was grey/transparent. I then copied the files to another hdd for backup.

Then i formatted the hdd and put on a fresh new OS. Id like to mention i have a second internal drive that i use for backups but it wasnt backed up recently when this issue happen so i had to take out the main drive and use it as an external to back up onto another external drive.

so then when i click on my second internal drive after the reinstall of the new OS it shows empty i have to go in and show hidden files and folders.. now they show again transparent. also i plug in my external to get the recent back up and all those files are still transparent when i move them to my desktop that is freshly OS installed they are still grey/transparent and i have to keep the show hidden files and folders to view them.. so its all my music, pics, documents etc th... Read more

A:backup files will only show up if i click show hidden files and folder

Hello Spooky, and welcome to Seven Forums.

You might see if you may be able to use the tutorial below to set the attributes of these files and folders to be unhidden to see if that may help.

File and Folder - Hide or Unhide

Hope this helps,
Shawn

Read other 2 answers
RELEVANCY SCORE 73.2

I don't know how this happened, but I can no longer use the three programs listed above. Anybody have a solution????
 

A:Can't use regedit, task manager, or cmd. Help!!

here is a screen shot of what happens when I try to run regedit and cmd. I don't even get a response from ctrl+alt+delete( task manager )
 

Read other 2 answers
RELEVANCY SCORE 72.4

Hello,
In 'folder options' the action of 'show' and 'don't show' hidden files have got interchanged.

So, when I select 'don't show' hidden files are shown, and vice versa.

How to get this back to normal?
Thanks!

Royce.

Sent from my GT-I9103 using Tapatalk 2
 

Read other answers
RELEVANCY SCORE 72.4

ALGUEM ME AJUDA, MEU REGEDIT N?O ABRE E NEM O GERENCIADOR DE TAREFAS, AGRADE?O DESDE J?ComboFix 10-01-13.07 - Administrador 13/01/2010 20:18:57.1.1 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.766.406 [GMT -2:00]Executando de: c:\documents and settings\Administrador\Desktop\Downloads\ComboFix.exe.((((((((((((((((((((((((((((((((((((( Outras Exclus?es ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\arquivos de programas\driverc:\arquivos de programas\driver\Modem Driver\Uninst.isuc:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\??????.lnkc:\windows\Alcmtr.exec:\windows\system32\com.runc:\windows\system32\dp1.fnec:\windows\system32\eAPI.fnec:\windows\system32\internet.fnec:\windows\system32\krnln.fnrc:\windows\system32\og.dllc:\windows\system32\og.edtc:\windows\system32\RegEx.fnrc:\windows\system32\shell.fnec:\windows\system32\spec.fnec:\windows\system32\ul.dllc:\windows\system32\XP-B517DF2B.EXE.(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))).2010-01-13 22:13 . 2010-01-13 22:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!2010... Read more

A:Regedit and Task manager do not work

Hello. I think that this is Portuguese. Saying Regedit and Task manager do not work.I moved your Topic to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal section of the Security foum. This where it need to be.

Read other 1 answers
RELEVANCY SCORE 72.4

My computer has something installed on it that prevents the user from being able to run CMD, regedit and also prevents CTRL+ALT+DELETE. I have seen other topics on this issue but the cause seems to be different for each one.I have already installed SPYBOT and ran it. Problem still exists. While troubleshooting, I found that on bootup we can open up task manager if I am quick enough. The task running is called "setup" and it is attached to a process 'svchost'. If I end this process or task then cmd, regedit, ctrl+alt+delete works fine.Here is the hijackthis log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:30:10 AM, on 7/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svcho... Read more

A:Another Program Using Cmd, Task Manager, Regedit?

Hello,It's important you follow the next steps in the right order without missing any step.;* Download Brute Force Uninstaller.Unzip it to a folder of it?s own (c:\BFU).Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlStart the Brute Force Uninstaller by doubleclicking BFU.exeNext to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste next URL:http://metallica.geekstogo.com/alcanshorty.bfuClick Ok. Then click execute in Brute Force Uninstaller.Extra note:If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-windowBrowse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.Wait for the complete script execution box to popup and press OK.Press exit to terminate the BFU program Then, * Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open aga... Read more

Read other 4 answers
RELEVANCY SCORE 72.4

I have run both Spybot and Adaware and both have fixed multiple problems but for some reason I can never get my task manager to open up and for a while I couldn't delete a program called win-dh from my add/remove programs list. Every time I clicked delte it would reappear. Also when I run all of these programs in safe mode it keeps deleting them but the programs keep recreating registry entries and starting all over again. SO yeah any and all help would be appreciated. Everytime I try to run HJT it closes automatically and it does the same to my Task Manager and Regedit I am getting extremly frustrated.

PS. this is not my computer I am fixing it for a family at my church.
 

A:Cant get Task manager or Regedit to open

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 2 answers
RELEVANCY SCORE 72.4

Task Manager, regedit, msconfig just flash on my screen (Windows XP). NAV caught backdoor.sdbot two weeks ago and I thought removed it. Adaware finds nothing. Any help would be greatly appreciated.
 

A:Task Manager/regedit problems

Read other 16 answers
RELEVANCY SCORE 72.4

I downloaded the microsoft update so my restarting problem is fixed. Only thing left is the task manager ect. Here is the Hijackthis log.

Logfile of HijackThis v1.96.0
Scan saved at 3:31:38 PM, on 8/11/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
C:\windows\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\windows\System32\lxamsp32.exe
C:\windows\System32\PRMVUECOCC.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nick\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet E... Read more

A:Task Manager, Regedit ect. Problems

Read other 6 answers
RELEVANCY SCORE 72.4

Good day.

I noticed that my Task Manager and Regedit is disabled by the "administrator". So I decided to scan my PC using Malwarebytes. It detected a 2 Trojan.Downloader which is winrmey.exe stored in D:\WINDOWS\Temp folder and winnlptpo.exe also stored in the Temp folder of the Local Settings folder in the Documents and Settings folder and a Hijack.Taskmanager and a Hijack.Regedit log. I fixed it, then I can use my task manager now. But then, when I restarted my PC, I can't open my task manager and registry editor again. And when I scanned it with Malwarebytes, it detected another Trojan.Downloader with a seemingly random filename (By the way, I googled winrmey.exe and there were no results).

So I decided to download HouseCall from TrendMicro and scanned it. It detected 79 threats (78 PE_SALITY EN-1, and a Trojan), fixed and then restarted my PC. But then, the same happened. I can't still open my Task Manager.

Anyway, there isn't any other manifestations of the malware that infected my PC aside from blocking the Task Manager and Registry Editor. Anyway, everytime I start my PC, the time and date always revert to March 8, 2006 12:00AM due to a BIOS Checksum Error.

Root Repeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2006/03/08 00:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dum... Read more

A:Can't open Task Manager and Regedit

Hi,I'm sorry I have bad news for you:You have contracted sality.Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web...About Sality VirusWin32/Sality FamilyIf the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before coThere is no guarantee the infection can be completely removed. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best... Read more

Read other 4 answers
RELEVANCY SCORE 72.4

Original post

http://www.techsupportforum.com/f100...ed-428542.html

i believe it was a virus that is doing all this because my PC were all find back then till i downloaded a patch for an online game

IMPORTANT INFO:1.Window XP Service Pack 2
2.Task Manager and Regedit disabled
3.I cant access to any official antivirus website
(except for websites like download.com)
4.Task manager and Regedit are not manually disabled


ok this is what happened...

I start to realised that my pc was infected when i tried to end a task using task manager and i got this error stating that "task manager has been disabled by your administrator" . first i thought it was just a technical error so i start to go through some guide to enable my task manager as it was . Then i found this guide that by running Regedit i could enable my task manager back as it was , but then i also realised that my Regedit was also disabled . Since this computer belong to me and no one is touching it because i'm a single guy who live alone , so i guess it should be a virus .

im quite lost.. i dont know what to do.. even though i go through the tutorials .. sorry im a newbie xD

the dds seems to be not responding and the only thing i got was the logs..
i think this should be it

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-05 14:26:20
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kxtdapob.sys


---- Services - GMER 1.0.15 ... Read more

A:Task Manager and Regedit disabled

Hello -

Let's see if we can get some logs from this tool.
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.



---------------------------------------------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 72.4

ok.. i have a problem with regedit and task manager...yesterday i donwloaded a progrem whcih caused the task manager and regedit to be disabled by the administrator but how can that be if i am the administrator??

here is a hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49, on 2009-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ROCCAT\Kone Mouse\osd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\UPORAB~1\LOCALS~1\Temp\kvxxc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.ex... Read more

A:Task manager and regedit won't open

Read other 7 answers
RELEVANCY SCORE 72.4

my system says cannot find taskmanger or regedit whenever i wnat to access them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:40 AM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\wmplayer.exe
C:\WIN... Read more

Read other answers
RELEVANCY SCORE 72.4

After recently installing and un-installing Lime Wire my task manager stopped working, as did my regedit. I removed all Lime Wire files and my tak manager started to work. About a day later it stopped again. I have run.. PestPatrol, Adaware, Spybot, Super Anti Spyware(normal and safe mode), Spywaredoctor, Dr web-cureit and bitdefender, as well as RRT and nothing has worked. I am still task managerless and after a few attempts at downloading HJT, I've finally managed to do it, so here is my log... Logfile of HijackThis v1.99.1Scan saved at 12:20:52 PM, on 6/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\E... Read more

A:Non-working Task Manager Or Regedit

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Jena054 My name is Richie and i'll be helping you to fix your problems.Please make sure all hidden files are showing:* Click 'Start'.* Open 'My Computer'.* Select the 'Tools' menu and click 'Folder Options'.* Select the 'View' tab.* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.* Uncheck the 'Hide file extensions for known types' option.* Uncheck the 'Hide protected operating system files (recommended)' option.* Click Yes to confirm.* Click OK.-----------------------------------Go here:http://virusscan.jotti.org/ Using the 'Browse' button,browse to:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exeThen press the 'Submit' button.Wait while the file is scanned.Post the results into your next reply please.If Jotti's too busy,try here:Go here:http://www.virustotal.com/en/virustotalf.htmlUsing the 'Browse' button,browse to:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exeThen click on 'Send'.Post the results into your next reply please.Also post a new Hijackthis log.

Read other 15 answers
RELEVANCY SCORE 72.4

when i try to open the task manager and the regedit it comes up but then it goes away what can i do to fix the problem. Need help.

A:task manager regedit msconfig

Welcome to TSF Father!

Well, first off you need to give us a little more info than that. Please tell me exactly what happened. Second, as for the task manager, you can get a better one from here and maybe even use it to troubleshoot your problem:

http://technet.microsoft.com/en-us/s.../bb896653.aspx

Christian Dude

Read other 3 answers
RELEVANCY SCORE 72.4

Same problem as some other threads. Task manager and regedit open for half a second and close. &#304;'ve installed hijack in safe mode and took this log below. can you help me sort this out? thousand thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 20:00:46, on 24/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Documents and Settings\Ferran\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ukproxy:80
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} ... Read more

A:Help please. Task Manager, regedit not working

Use System Restore to roll your computer back to a date to before when your computer worked right. Before the error(s) started occurring.

To start System Restore, click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore. Or, in the Help and Support main screen, click Use System Restore under Fix a problem.

You may need to remove; restart your computer; re-install some programs after this. Backup your sensitive data first.
 

Read other 2 answers
RELEVANCY SCORE 72.4

Operating System: WinXP Home

When I attempt to start regedit, I get the following error:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Found another problem where I could no longer access any AntiVirus websites. I purchased Norton and McAfee install CDs, but have had no luck installing. I still can't access most of the antivirus sites.

Found variants of beagle virus on machine and removed using Stinger command line tool. I am still unable to install any Anti-Virus software. The Norton installation ends with a "Write error. Probably disk is full" message, even though I have 30GB free space. The McAfee 10.0 install just ends abruptly about 5 seconds after it starts.

I ran through the normal spyware removal tools and have included my HijackThis log below. Any help would be greatly appreciated. I have a feeling that the antivirus software installs fail b/c I don't have access to the registry.

-Todd



Logfile of HijackThis v1.99.1
Scan saved at 10:38:57 PM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Sys... Read more

A:Can't open task manager or regedit

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Let's do this first..




Download and unzip - bfu.zip
Run the program and click the Web button located on the top right corner

Copy/Paste this url into the address bar of the Download script window:

http://metallica.geekstogo.com/alcanshorty.bfu


Checkmark the following boxes:Use settings specified in script for the above option
Show log after script ends
Execute the script by clicking the Execute button.

When it finishes running, click the Save button for a copy of the log
Post the log created by the script when you have completed the fix


If you have any questions about the use of BFU please click here


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download Hoster.exe
Close ALL browser & Run Hoster.exe immeaditelyClick "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Original Hosts and then click OK.
Click the X to exit the program & re-open your brow... Read more

Read other 1 answers
RELEVANCY SCORE 72.4

I can't get regedit or task manager to work, when I try
I get message they are disabled by administrator. I didn't disable them. Also I have Trend Micro antivirus
and it want update or scan. I can't go to trendmicro.com
My computer is using Windows XP Pro.
 

A:Regedit and task manager disabled by adm.

I solved the problem by uninstalling TrenMicro Anti Virus and reinstalling. The trick was not to activated
it until after it completed installation. Then I updated,
activated and scanned. That got rid of the virus. Then
I fixed regedit with a fix I found on the web , the I
fixed task manager with another fix from the web.
 

Read other 1 answers
RELEVANCY SCORE 72.4

Well, somehow Task Manager and registry editor got disabled and I can't get it working. Even with gpedit.msc I open it once, than I can't open another. Same with registry editor. Please help me out.
------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:03:50 AM, on 9/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\laxtp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpirvo.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1... Read more

Read other answers
RELEVANCY SCORE 72.4

Hello, As I couldnot access task manager and the programs did not start properly on my laptop (XP Home Edition Service Pack 3), I decided to format it but after I had transferred my files to another laptop via lan, this recenty formatted working one (Windows Vista Home Premium Service Pack 2) started to behave like the previous one. I cannot access task manager, also the programs run slow. What should I do now? I have downloaded Combofix, Hijack this, mbam, spybot and SuperAntiSpyware desperately, in the hope that one of them will solve the problem but nothing changed after I scanned both of the computers with them. (I also get a blue screen while I try to scan the computer with XP via combofix) Thank you in advance for the answers which may help me to get rid of this problem.

A:I cannot access task manager and regedit

QUOTEHello, As I couldnot access task manager and the programs did not start properly on my laptop (XP Home Edition Service Pack 3), I decided to format it but after I had transferred my files to another laptop via lan, this recenty formatted working one (Windows Vista Home Premium Service Pack 2) started to behave like the previous one. I cannot access task manager, also the programs run slow. What should I do now? I have downloaded Combofix, Hijack this, mbam, spybot and SuperAntiSpyware desperately, in the hope that one of them will solve the problem but nothing changed after I scanned both of the computers with them. (I also get a blue screen while I try to scan the computer with XP via combofix) Thank you in advance for the answers which may help me to get rid of this problem.Hello again, As I had no replies for my previous post and my problem still exists, I went on searching forum looking for how to enable my task manager and I have succeed using one of the programs from the recommended sites here. But the my blue screen problem BAD_POOL_HEADER (on XP) and slow working (XP & Vista) continued, then I searched for viruses on both of them and I have these logs. for xp;Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 3948Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187024/3/2010 8:56:34 AMmbam-log-2010-04-03 (08-56-34).txtScan type: Quick scanObjects scanned: 67415Time elapsed: 48 minute(s), 14 second(s)Memory Processes Infected: 0M... Read more

Read other 3 answers
RELEVANCY SCORE 72.4

i have problem with my task manager.when i open my computer suddenly the error popup saying that "There is no disk in the drive. Please insert a disk into drive\Device\Harddisk3\DR6.when i click cancel the popup still keep coming. i also cant open the task manager. it says that the task manager has been disable by the administrator.i hv tried to click STart>run>regedit.... it also says the task manager has been disable by the administrator.will someone please help me with the problem. i appreciate it very much. thank you. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:06 PM, on 9/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\RVHOST.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\CyberLink\PowerDVD ... Read more

A:Cannot Open Task Manager And Regedit.

can someone help me with this thing please...

Read other 3 answers
RELEVANCY SCORE 72.4

Hi I have a pentium(R) 4 cpu 2.66GHZ, 1GB Ram, XP, SP2.

I cannot seem to start CMD, or Regedit. I get a popup 'Another program is currently using it'

Also, I cannot launch task manager when I right click on my mouse from the task bar.

I tried doing a system restore to 3 weeks ago and I still have the same problem.

Also , it appears that my PC is running very slow, sometimes it freezes, sometimes it take a long time to reboot,

I have NOD32 and I ran a spybot and ran a fix and repair. Still have the same problems.

Can you please help ? Thank you.

A:Cannot start CMD, Regedit, task manager

hi, post in security forum, its a virus - very likely.
if you press ALT + CTRL + DEL - you will likely get a message that " TASK MANAGER DISABLED BY SYS ADMIN " - there is a way to reenable by downloading a task manager file that re-enables it, editing registry.
without the task manager
get
get http://technet.microsoft.com/en-us/s.../bb896645.aspx
instead of task manager for now, it's much better - no install, stand alone. it will help, prob.
to fix some problems automatically.
download & dblclick the files (.reg)
http://www.kellys-korner-xp.com/xp_tweaks.htm

i strongly suggest the security threads 1st.
eliot

Read other 1 answers