| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79537 | 2007-05-23 00:07:00 | I've lost the power button from my Vista Start Menu | whallenich (12311) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 552347 | 2007-05-23 00:07:00 | A couple of days ago something odd happened to my Vista ultimate setup: 1) I discovered that I could nolonger access task manager - "this operation has been cancelled due to restrictions in effect on this computer." 2) I could nolonger access registry editor - (see above message). 3) The power button was nolonger on the start menu, and when I try to shut down using the alt + f4 command I'm presented with the same message (see above message). Now I've managed to claw back access to task manager and regedit using some scripts I found on websites but i've been unable to restore the power button to the start menu. I've tried to go into group policy editor - gpedit.msc and enable the start meny power button to no avail - it makes no difference. I've done countless virus and spyware checks with different programs and nothing has come up. My PC doesn't seem to be operating any less effectively. Temporarily I've created shortcuts to shut down, hibernate and restart my PC but I'd really like the button on the start menu back. Any help in this regard would be much appreciated :):( |
whallenich (12311) | ||
| 552348 | 2007-05-23 00:12:00 | Sounds like a worm/virus etc has disabled regedit/task manager. See if Hijackthis in my sig works with Vista. Put it in its own folder, run it click on scan and save a log. Copy and paste the log here. And/or get trojan remover which is in my sig below. Update it then click on scan. And then select the 3rd-7th option under the utilities menu. Hopefully, both work with Vista. And hopefully, both will install. |
Speedy Gonzales (78) | ||
| 552349 | 2007-05-23 03:26:00 | Here is the HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 2:25:43 PM, on 5/23/2007 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe C:\Program Files\BitLord\BitLord.exe C:\Windows\system32\sdclt.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Downloads\New Stuff\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] -C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [NvSvc] -RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [IAAnotif] -"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [] - O4 - HKLM\..\Run: [NVIDIA nTune] -"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CTHelper] -CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] -CTXFIHLP.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - www.creative.com O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - www.ca.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - -C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (file missing) O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" (file missing) O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing) O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing) -- End of file - 8385 bytes |
whallenich (12311) | ||
| 552350 | 2007-05-23 03:40:00 | Tried Trojan remover, rogue remover and ad-aware no luck - they didn't pick up anything :( I'm not quite sure why you gave me a link to Java SE Downloads - am I missing something? |
whallenich (12311) | ||
| 552351 | 2007-05-23 03:49:00 | Log doesnt look too bad, run HJT again tick these entries and tick fix checked . Close browser/s . O4 - HKLM\ . . \Run: [NvSvc] -RUNDLL32 . EXE C:\Windows\system32\nvsvc . dll,nvsvcStart O4 - HKLM\ . . \Run: [NvCplDaemon] -RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] -RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O4 - HKLM\ . . \Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1 . 6 . 0_01\bin\jusched . exe" Are u using Nero Home, if not tick this entry too O4 - HKCU\ . . \Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe" O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe O13 - Gopher Prefix: O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) The link to Java is my sig . All the programs below get posted when I post/ reply to a post . You're not using some kind of tweaking program are you?? |
Speedy Gonzales (78) | ||
| 552352 | 2007-05-23 04:20:00 | No I'm not running any tweaks - just the standard setup although I notice a few of the things you have flagged me to get rid of relate to drivers for my nvidia gfx rig. | whallenich (12311) | ||
| 552353 | 2007-05-23 04:30:00 | I might be missing something but are you in the Administration profile??? Being denied access to me means you are in a guest or dummy account. | trinsic (6945) | ||
| 552354 | 2007-05-23 04:31:00 | Well theyre related to the drivers but they dont have to run on startup. | Speedy Gonzales (78) | ||
| 552355 | 2007-05-23 04:34:00 | I've plugged in the changes you recommended (with the exception of the ones related to gfx). Shall I restart and see if that makes a difference? |
whallenich (12311) | ||
| 552356 | 2007-05-23 04:36:00 | And re the other question - No I am setup as an administrator. | whallenich (12311) | ||
| 1 2 | |||||