| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 82007 | 2007-08-13 12:35:00 | Vista - admin cannot open task manager | qazwsxokmijn (102) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 580508 | 2007-08-13 12:35:00 | For a while this had me stumped. My admin account for some reason cannot open the task manager. Right clicking on the desktop toolbar shows a whitened 'Task Manager', meaning I cannot open it. When I tried to manually open it from its folder, it says my 'administrator' has disabled my access to task manager. Tried searching for it, but it didn't come up. Weirdly enough, all other standard accounts CAN open the task manager, heck, even the guest account could. Some websites suggest I may have a virus. NOD32 and Windows Defender hasn't picked up anything. The only way I gained my access back to task manager was to changed the Administrative Template option for the CTRL+ALT+DEL option to 'Disable' removal of the task manager. What happened here? |
qazwsxokmijn (102) | ||
| 580509 | 2007-08-13 12:44:00 | wow now thats a new one o_O i had alot of problems with most things until i disabled UAC | Codex (3761) | ||
| 580510 | 2007-08-13 12:48:00 | Oh, I need to mention I have disabled UAC. | qazwsxokmijn (102) | ||
| 580511 | 2007-08-13 12:54:00 | After scanning with NOD32, it came up with this: File C:\$Recycle.Bin\S-1-5-21-2947651407-2332395176-1028710855-1001\$RXW3SD6.exe is infected with trojan Win32/Bifrose.ADR. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. However, under the 'Available Actions' only 'Leave' is available. Clean, Rename, Delete and Replace are all greyed, so I can't choose them. It appears to be some sort of trojan. What can I do? |
qazwsxokmijn (102) | ||
| 580512 | 2007-08-13 12:57:00 | Try emptying the recycle bin | zqwerty (97) | ||
| 580513 | 2007-08-13 13:06:00 | It's empty. | qazwsxokmijn (102) | ||
| 580514 | 2007-08-13 16:44:00 | have you tried running the scan in safe mode ? | drcspy (146) | ||
| 580515 | 2007-08-13 20:19:00 | NOD32? No......I tried In-Depth Analysis, found two threats, but NOD32 doesn't allow me to delete them, only 'Leave'. I dunno what to do anymore. |
qazwsxokmijn (102) | ||
| 580516 | 2007-08-13 20:31:00 | What you may need to do is when Nod32 finds the infection,or go to the log files and expand out the previous log/scan- find the infection, right click on its listing select Information, or when you have the pop up windows select "Information" there will be the complete path to its location, follow that path , locate it then delete it. Depending on what the infection is you may need to do this in safe mode if it wont delete. you may also have to alter your settings to"show Hidden folders" Once deleted go to the recycle bin and empty that. Rescan. |
wainuitech (129) | ||
| 580517 | 2007-08-13 20:32:00 | Yep, tried gaining 'information' but it comes up blank. Don't know what's up. NOD32 only prompts for an action during scanning. It seems to reside in C:\$Recycle Bin - but I don't know what that means. What does the $ mean? I'm posting a HijackThis log, hope someone can help me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:53:44 a.m., on 14/08/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Philip\Desktop\HiJackThis.exe C:\Users\Philip\Desktop\trsetup.exe C:\Users\Philip\AppData\Local\Temp\is-075IB.tmp\is-00EC3.tmp C:\Program Files\Trojan Remover\trupd.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\Windows\duocore.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O21 - SSODL: wmpenv - {69181B45-99B6-4E53-875C-CE05F73F19B6} - C:\Windows\wmpenv.dll O21 - SSODL: wmpconf - {824B829D-C0A8-4D75-A183-EDE40A2DB142} - C:\Windows\wmpconf.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 6297 bytes |
qazwsxokmijn (102) | ||
| 1 2 | |||||