Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Task Manager Disabled


  • Please log in to reply

#1
Romelu

Romelu

    New Member

  • Member
  • Pip
  • 1 posts
Hello all! I can't manage to enable it. I changed the settings typing in RUN gpedit.msc and enable the task manager, it works once and then it doesn't allow me at all.

I have to mention that I reinstalled my Windows and I have no program in C/ directory. I left only my D/ directory the same because i have some important documents in there.

The problem samed to apper when I tryed to format my USB memory stick.

I scaned it with HiJackThis and here's the result:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:03 AM, on 7/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\RomDan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RomDan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\RomDan\LOCALS~1\Temp\winlles.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCFA6A9-A794-4EE1-8B6D-ACB7E491DC8B}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{13284590-54BD-41C8-A303-D9A05F5A35E6}: NameServer = 86.127.112.108 80.96.50.2

--
End of file - 1729 bytes



After I fixed all the problems in HiJackThis I used ComboFix and theres the log:

ComboFix 10-07-29.02 - RomDan 07/30/2010 23:24:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.310 [GMT 3:00]
Running from: c:\documents and settings\RomDan\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 20:15 . 2010-07-30 20:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-30 20:08 . 2010-07-30 20:08 -------- d-----w- c:\documents and settings\RomDan\Local Settings\Application Data\Temp
2010-07-30 20:08 . 2010-07-30 20:08 -------- d-----w- c:\documents and settings\RomDan\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 19:58 . 2010-07-30 19:58 465920 ----a-r- c:\documents and settings\RomDan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-30 19:58 . 2010-07-30 19:58 -------- d-----w- c:\program files\Trend Micro
2010-07-30 19:53 . 2010-07-30 19:53 12328 ----a-w- c:\documents and settings\RomDan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 19:37 . 2010-07-30 19:37 -------- d-----w- c:\program files\microsoft frontpage
2010-07-30 19:35 . 2010-07-30 19:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-30 19:32 . 2010-07-30 19:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Live for Speed Alpha 0.5Z\\LFS.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-839522115-1003Core.job
- c:\documents and settings\RomDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 20:08]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1292428093-839522115-1003UA.job
- c:\documents and settings\RomDan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 20:08]
.
.
------- Supplementary Scan -------
.
TCP: {13284590-54BD-41C8-A303-D9A05F5A35E6} = 86.127.112.108 80.96.50.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-30 23:29:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 20:29

Pre-Run: 12,908,560,384 bytes free
Post-Run: 12,861,210,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 71F7E048CC933BD4CCD19CDC3E2D68F8


Before I reinstalled the OS, AVG was finding me infection on all of the programs and was a virus, i don't know the exact name: Txxxx M.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP