Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Task Manager Disabled

Started by Romelu , Jul 30 2010 02:54 AM

  • Please log in to reply

#1
Romelu
Posted 30 July 2010 - 02:54 AM

Romelu

    New Member

  • Member
  • Pip
  • 1 posts
Hello all! I can't manage to enable it. I changed the settings typing in RUN gpedit.msc and enable the task manager, it works once and then it doesn't allow me at all.

I have to mention that I reinstalled my Windows and I have no program in C/ directory. I left only my D/ directory the same because i have some important documents in there.

The problem samed to apper when I tryed to format my USB memory stick.

I scaned it with HiJackThis and here's the result:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:03 AM, on 7/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\RomDan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RomDan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\RomDan\LOCALS~1\Temp\winlles.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCFA6A9-A794-4EE1-8B6D-ACB7E491DC8B}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2

--
End of file - 1729 bytes



After I fixed all the problems in HiJackThis I used ComboFix and theres the log:

ComboFix 10-07-29.02 - RomDan 07/30/2010 23:24:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.310 [GMT 3:00]
Running from: c:\documents and settings\RomDan\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 20:15 . 2010-07-30 20:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-30 20:08 . 2010-07-30 20:08 -------- d-----w- c:\documents and settings\RomDan\Local Settings\Application Data\Temp
2010-07-30 20:08 . 2010-07-30 20:08 -------- d-----w- c:\documents and settings\RomDan\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 19:58 . 2010-07-30 19:58 465920 ----a-r- c:\documents and settings\RomDan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-30 19:58 . 2010-07-30 19:58 -------- d-----w- c:\program files\Trend Micro
2010-07-30 19:53 . 2010-07-30 19:53 12328 ----a-w- c:\documents and settings\RomDan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 19:37 . 2010-07-30 19:37 -------- d-----w- c:\program files\microsoft frontpage
2010-07-30 19:35 . 2010-07-30 19:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-30 19:32 . 2010-07-30 19:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Live for Speed Alpha 0.5Z\\LFS.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-839522115-1003Core.job
- c:\documents and settings\RomDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 20:08]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-839522115-1003UA.job
- c:\documents and settings\RomDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 20:08]
.
.
------- Supplementary Scan -------
.
TCP: {13284590-54BD-41C8-A303-D9A05F5A35E6} = 86.127.112.108 80.96.50.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-30 23:29:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 20:29

Pre-Run: 12,908,560,384 bytes free
Post-Run: 12,861,210,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 71F7E048CC933BD4CCD19CDC3E2D68F8


Before I reinstalled the OS, AVG was finding me infection on all of the programs and was a virus, i don't know the exact name: Txxxx M.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP