Task Manager disabled

Question

stranoblaze 0 Junior Poster in Training

18 Years Ago

when i try to view my task list with ctrl+alt+del, a window pops up with a red X saying "The task manager has been disabled by your administrator"

i'm the only one that uses this computer and this is the first time i've seen this error...

anyone have any ideas?

windows-virus

8 Contributors
13 Replies
208 Views
3 Years Discussion Span
Latest Post 15 Years Ago Latest Post by janebush08

All 13 Replies

tayspen 28 <Insert title here>

18 Years Ago

Hi,

The Task Manager can be disabled in the registry. It sounds to me like a virus did that to you. More on how it may have been chaned visit this site.

http://www.winguides.com/registry/display.php/163/

Ihave attached a script to fx your task manager. Just unzip and double click. Note: It changes your registry

Also post a hijackThis log, it sounds like your computer may be infected.

-T

This attachment is potentially unsafe to open. It may be an executable that is capable of making changes to your file system, or it may require specific software to open. Use caution and only open this attachment if you are comfortable working with zip files.

EnableTM.zip (0.3 KB)

tayspen 28 <Insert title here>

18 Years Ago

Hi, i am not able to read your log, as i dont know how :). But one of our experts will be along to help you. I wanted to know i that script worked?

-T

stressbattle 0 Newbie Poster

17 Years Ago

I've got a virus which disables my task manager and regedit. It also blocks most antivirus from running.

After much research and hours of browsing for the solution I found it at this site that explains how to kill virus that disables task manager

Hope it helps any of you with the same problem.

gerbil 216 Industrious Poster

17 Years Ago

stranoblaze, i may not be that chap! However you have a nasty trojan/hijacker in there, and don't feel too bad about it cos quite a few guard softwares will let it in. One thing though, and i am not certain about this, but are updates for Ewido anti-malware still available, because it has been superceded by AVG anti-spyware 7.5? You should update... it's still free. Go to the ewido site, or AVG and follow the links.http://www.ewido.net/en/download/ :download button is on this page. Update the definitions!!!

On to your pest.... I think we have only manual methods to remove it. If you are uncertain about this, but follow my instructions exactly, you will not break anything.Here goes.
To begin with I want you to download these softwares [and update where applicable]; they are all free...
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.

Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it. Explore what settings you can change in it [via the cogwheel icon up top, if you are comfortable with that... you won't hurt anything, but it runs well with the default settings]. Put an icon on your desktop for regular use.

Your problem is due to 3 files: we have to delete them and their associated registry keys, and then a couple of simple scans should do the final mop-up.

Disconnect from the net, and run Ccleaner from your recycle bin with its default settings. [Rclick the Recycle Bin icon, open CCleaner, select Cleaner icon, Press Run Cleaner, and OK in the warning window...].Close it when it finishes.

Now restart your computer in Safe Mode [ Press F8 several times while POST runs and before it finishes detecting your IDE drives...] and log in as an administrator. You now have a black screen with your icons etc...
Rightclick on Start, lclick explore, go tools > folder options > view, and select Show hidden files and folders, Apply.

Then still in that explorer window Search for these three files and delete them, either by using the Search tool or by running through the folder tree to locate them:

C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\hp732C.tmp

Next you must go into the registry to delete a key's entry. Go Start, Run, type regedit and press OK. I'm going to assume that you have not been in here [the registry] before, SO BEWARE!! I want you to navigate to this key, and it is similar to going through the folder tree in Explorer. So expand My Computer [click on the +], expand HKEY local machine, then Software, Microsoft, Windows, CurrentVersion, policies, Explorer and then lclick Run. At the bottom of your screen you should see the key listed as this :-

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

--In the right pane you should see an entry named kernel32.dll with a value set to mssearchnet.dll? Yes? Delete it [lclick on the name and go Edit > delete]. {or rclick on the name and then delete in the menu... :) ]
Now just close the Registry window.

Inside that explorer window search for these 3 files [nvctrl.exe, mssearchnet.exe and hp732C.tmp] and delete them from wherever [application data\ etc ]
Cool. Still in Safe Mode, run Hijackthis again and check the following for fixing, and fix them...

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp732C.tmp
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

these last two are up to you [you may like the site..]

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll

Run Adaware and fix whatever it finds.
Okay, now restart your puter in Normal Mode, and run AVG antispyware. It may now find spyaxe... delete all it puts up.

Now it's time to update your java machine. Control Panel, java, update, update now. When it has finished go control panel, add/remove programs and delete the java _06 version.
Run Hijackthis AGAIN and post the new log.

Edited 11 Years Ago by pritaeas because: Fixed formatting

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

stranoblaze 0 Junior Poster in Training · Answer 1 · 2006-01-09T05:51:11+00:00

Logfile of HijackThis v1.99.1
Scan saved at 6:49:17 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\EASY CD CREATOR\CREATR50.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp732C.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1.2\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\ABMTSR.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097192599984
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bw+0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {76D487B8-25EC-4832-B4B8-B5ECFFD0C40B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

stranoblaze 0 Junior Poster in Training · Answer 2 · 2006-01-09T07:24:42+00:00

Hi, i am not able to read your log, as i dont know how :). But one of our experts will be along to help you. I wanted to know i that script worked?
-T

yes, i used the script and now my task manager is viewable.

thanks!

gerbil 216 Industrious Poster · Answer 3 · 2006-12-27T13:31:35+00:00

WHOOPS!! One final thing:- before you get back on the net, and only if your puter is working properly, turn off system restore for all drives. And then turn it right back ON again. That will clear all old restore points so any trojan remnants will be removed [if they were in there].
----Select Start , Control Panel > System. Then click the System Restore tab, and check the Turn off System Restore check box. Apply. OK.
Now go back and uncheck it!! And make a new restore point.

gerbil 216 Industrious Poster · Answer 4 · 2006-12-28T10:28:43+00:00

sodding opera. i wasted my time by posting on a non-updated tab! curses self.

premanand 0 Newbie Poster · Answer 5 · 2007-01-24T17:20:46+00:00

Hi:

Thank you for that wonderful EnableTM.zip.. it worked..anyway i am still to kill the virus that created the problem. should i send my hijack?

Thanks.

Hi,
The Task Manager can be disabled in the registry. It sounds to me like a virus did that to you. More on how it may have been chaned visit this site.
http://www.winguides.com/registry/display.php/163/
Ihave attached a script to fx your task manager. Just unzip and double click. Note: It changes your registry
Also post a hijackThis log, it sounds like your computer may be infected.
-T

anthrax_sexy 0 Newbie Poster · Answer 6 · 2007-02-08T00:43:14+00:00

i used hijackthis...
n i am posting my log..
kindly guide me how to get rid of this virus...which makes new folders in my computer of size 104 kb...disables my task manager, standby and hibernation, hides my folder options...
pleaseee help

Logfile of HijackThis v1.99.1
Scan saved at 12:09:28 AM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rahul Puri\Desktop\InstallPREVX102010030.exe
C:\DOCUME~1\RAHULP~1\LOCALS~1\Temp\SFX60.tmp\PXSetup.exe
C:\Documents and Settings\Rahul Puri\Desktop\hijackthis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zinblog.com/
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\svhost32.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: MSconfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

gerbil 216 Industrious Poster · Answer 7 · 2007-02-08T07:28:16+00:00

anthrax n sexy together??? k. Anyway, put that post into a new thread otherwise it will be missed.. cos the original problem here is pretty well sorted.

Alex English 0 Newbie Poster · Answer 8 · 2008-08-04T12:05:20+00:00

To fix the task manager disabled issue, follow these steps:
Using Group Policy Editor - for Windows XP Professional
Click Start, Run, type gpedit.msc and click OK.
Navigate to this path
User Configuration
=> Administrative Templates
==> System
===> Ctrl+Alt+Delete Options
====> Remove Task Manager
Double-click the Remove Task Manager option.
Set the policy to Not Configured or Disabled.

Using Registry Editor - for Windows XP home edition:
Click Start, Run, type regedit and click OK.
Navigate to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
In the right pane, delete the "DisableTaskMgr" key.
Log off for the change to take effect

janebush08 0 Newbie Poster · Answer 9 · 2009-02-13T16:17:22+00:00

Hi there,

check out the following source to find out the solution:

http://free-tips-tricks.blogspot.com/2009/02/windows-xp-task-manager-disabled-by.html

With Regards,
Jane

Task Manager disabled

Recommended Answers Collapse Answers

All 13 Replies

Recommended Answers