Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reformatted, task manager and regedit still disabled.


  • Please log in to reply
9 replies to this topic

#1 somedumbgamer

somedumbgamer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 05 August 2009 - 09:38 PM

A few months ago my task manager and regedit both mysteriously got disabled. No matter what I did, I could never get either of them to permanently work. Through some methods I could enable them for about a second or two, but then they'll become disabled again.

So I reformatted to try and fix this (amongst many other problems), but they're STILL disabled.

Posted Image

What should I do?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 05 August 2009 - 11:26 PM

Hello and welcome i think we can fix this..

This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File Exit.
Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.


There are 4 methods to fix the Registry editing issue L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 somedumbgamer

somedumbgamer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 06 August 2009 - 12:21 AM

Thanks for your response!

But I just tried all of those methods (except for the renaming one), and none of them worked... And about the first one you listed, I can't even access regedit anyway, so I used the ERUNT thing.

Another really weird thing that happened while I was trying to fix it: The pages wouldn't load! This one http://www.pchell.com/support/registryeditordisabled.shtml would only load about a quarter of the way, and then it'll be stuck on loading forever. I had to actually go on my other computer to look at the methods. I couldn't even access the symantec page to download the unhookexec.inf file; I had to google the file itself so it'd actually appear in the google search results.

Posted Image

Very strange... it's as though whatever is infecting my computer is stopping me from loading those pages.

#4 somedumbgamer

somedumbgamer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 09 August 2009 - 04:52 AM

Bump?

#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 AM

Posted 09 August 2009 - 06:00 AM

At what point did regedit and Task Manager quit working?

Was it right after the clean load?

Had you installed anything else? Windows updates? Other programs?

Had you had the machine online at all?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 09 August 2009 - 09:49 AM

Also please check for other malware.
run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 somedumbgamer

somedumbgamer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 10 August 2009 - 03:32 PM

I'm not quite sure when it stopped working after the reformat. I know the task manager worked at one point (I pressed ctrl alt del, and the window actually popped up!), but some time later, after installing some stuff and connecting to the net... it stopped working again. So I guess that means something that I did triggered the virus or whatever to activate and disable the stuff again.

Here's the mbam log.

Malwarebytes' Anti-Malware 1.40
Database version: 2593
Windows 5.1.2600 Service Pack 2

8/10/2009 1:13:39 PM
mbam-log-2009-08-10 (13-13-39).txt

Scan type: Quick Scan
Objects scanned: 83428
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Documents and Settings\Jefferson Lam\Local Settings\Temp\winaxsrn.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jefferson Lam\Local Settings\Temp\winaxsrn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ddji.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 10 August 2009 - 03:56 PM

Try running this file repair utility....sfc /scannow

You will need your XP CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 somedumbgamer

somedumbgamer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 10 August 2009 - 05:17 PM

I can't, task manager is still disabled :X

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 10 August 2009 - 08:09 PM

OOOppppssss
This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File Exit.
Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users