Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager won't come up with ctrl+alt+delete, ctrl+shift+esc, start -> run-> taskmgr, or from right click task bar?


  • This topic is locked This topic is locked
6 replies to this topic

#1 ForcesUndivided

ForcesUndivided

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 08 November 2009 - 09:41 PM

Howdy,

I created a post on the "Am I Infected?" thread back on 11/02/2009 and Mark (garmanma) has been helping me. He does not feel I am infected but stated I could always touch base this you kind folks so here I am. My task manager won't come up with ctrl+alt+delete, ctrl+shift+esc, start -> run-> taskmgr, or from right click on the task bar? We tried all kinds of neat little programs to see what was up but to no avail, however we didn't try the HijackThis route so I am hopeful.

The previous post can be found at the following link provided (if you're curious as to what solutions have already been explored), http://www.bleepingcomputer.com/forums/top...ml#entry1491790.

The DDS and RootRepeal text files are attached as well, thank you so very much for any assistance you can provide. This site is wonderful and your team is the tops! :( I'm so bummed not having my task manager.

Attached Files


Edited by ForcesUndivided, 08 November 2009 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:23 PM

Posted 12 November 2009 - 08:47 PM

Hi ForcesUndivided,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
cd\
>Log.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
nslookup yahoo.com
ping -n 2 yahoo.com
nslookup freedrweb.com
ping -n 2 freedrweb.com
route print
)
dir /a/s c:\taskmgr.exe >>log.txt
start Log.txt
del %0
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click tast.bat on the desktop.
  • A notepad opens, copy and paste the content it (log.txt) to your reply.


#3 ForcesUndivided

ForcesUndivided
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 12 November 2009 - 10:38 PM

Howdy,

Thanks you so very much for assisting me! :( I know how busy you are so I will do whatever you ask of me in a timely fashion.

"Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this."

I agree to the above noted quotation from your initial post and will abide dutifully. :( The file you requested is both attached and posted below to be thorough. :)



Windows IP Configuration



Host Name . . . . . . . . . . . . : COMPUTER1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.ma.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-B6-FD-C0

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.114

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, November 12, 2009 1:26:14 PM

Lease Expires . . . . . . . . . . : Friday, November 13, 2009 1:26:14 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.45.100, 74.125.53.100, 74.125.67.100



Pinging google.com [74.125.53.100] with 32 bytes of data:



Reply from 74.125.53.100: bytes=32 time=99ms TTL=45

Reply from 74.125.53.100: bytes=32 time=96ms TTL=45



Ping statistics for 74.125.53.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 99ms, Average = 97ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.93.53, 69.147.114.224, 209.131.36.159



Pinging yahoo.com [209.131.36.159] with 32 bytes of data:



Reply from 209.131.36.159: bytes=32 time=102ms TTL=48

Reply from 209.131.36.159: bytes=32 time=101ms TTL=48



Ping statistics for 209.131.36.159:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 102ms, Average = 101ms

Server: UnKnown
Address: 192.168.0.1

Name: freedrweb.com
Address: 87.242.79.77



Pinging freedrweb.com [87.242.79.77] with 32 bytes of data:



Reply from 87.242.79.77: bytes=32 time=170ms TTL=44

Reply from 87.242.79.77: bytes=32 time=171ms TTL=44



Ping statistics for 87.242.79.77:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 170ms, Maximum = 171ms, Average = 170ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 b6 fd c0 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.114 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.114 192.168.0.114 20
192.168.0.114 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.114 192.168.0.114 20
224.0.0.0 240.0.0.0 192.168.0.114 192.168.0.114 20
255.255.255.255 255.255.255.255 192.168.0.114 192.168.0.114 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
Volume in drive C has no label.
Volume Serial Number is C0D5-3B69

Directory of c:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 135,680 taskmgr.exe
1 File(s) 135,680 bytes

Directory of c:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 135,680 taskmgr.exe
1 File(s) 135,680 bytes

Directory of c:\WINDOWS\system32\dllcache

04/13/2008 07:12 PM 135,680 taskmgr.exe
1 File(s) 135,680 bytes

Total Files Listed:
3 File(s) 407,040 bytes
0 Dir(s) 62,556,905,472 bytes free

Attached Files

  • Attached File  Log.txt   4.36KB   8 downloads


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:23 PM

Posted 13 November 2009 - 05:57 AM

Hi again ForcesUndivided,

Please go to Start > Run copy and paste the following line in the run box and click OK:

cmd /c copy /y c:\WINDOWS\system32\dllcache\taskmgr.exe c:\WINDOWS\system32\taskmgr.exe

See if the Task Manager is restored.

#5 ForcesUndivided

ForcesUndivided
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 13 November 2009 - 08:57 AM

Holy Moses,

How and the heck did you figure that one out!!! :( I am so impressed and thankful; you've done me a great service. If you have the time a brief explanation as to how I did this to myself would be wonderful. I am assuming it's something "user end" that happened. Thank you again, I am jazzed to have it back!!! :(

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:23 PM

Posted 13 November 2009 - 09:28 AM

You are most welcome. Glad I could help. :(

Well I can explain what was wrong but can't say how it happened. The Task Manager file was deleted and was missing from its location. Who did it I don't know. We just copied another copy of it to its default location.

At the same time I checked to see if there is some redirection as you stated in your original thread the DrWeb link got you to a Russian site. The connection is fine and there was no redirection when we pinged the site address. So whatever was the cause it should not be a problem now.

If you don't have any question I wish you happy computing.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:23 PM

Posted 18 November 2009 - 02:12 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users