Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Get Ctrl+alt+del Back?


  • Please log in to reply
8 replies to this topic

#1 Soul Invictus

Soul Invictus

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 08 March 2006 - 04:18 PM

Somehow I was messing with my computer because it had spyware and malware on it and I messed with the startup tray as well. Now when I do a Ctrl+Alt+Del, the Windows Task Manager doesn't come up.

Any idea how to get it back? :thumbsup:

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:01:06 PM

Posted 08 March 2006 - 04:48 PM

Try Ctrl+Shift+Escape

#3 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:05:06 PM

Posted 09 March 2006 - 12:36 AM

It might be a good idea to post a hijack log in the Hijackthis! forum. This can often be caused by malware. Before you post, read the preparation guide for posting a log. Don't try to fix things yourself with Hijack. It's too easy to mess up your computer.

#4 Soul Invictus

Soul Invictus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 09 March 2006 - 12:57 AM

Try Ctrl+Shift+Escape


I had never heard of this option before. This doesn't work for me either. :thumbsup:

It might be a good idea to post a hijack log in the Hijackthis! forum. This can often be caused by malware. Before you post, read the preparation guide for posting a log. Don't try to fix things yourself with Hijack. It's too easy to mess up your computer.



Will do. I'll do it and post it shortly.

#5 Cyclica

Cyclica

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 09 March 2006 - 05:06 PM

If malware has disabled your task manager, by posting in Hijackthis! forum, you'll be in good hands.

If you only want to reenable task manager, open registry editor and look for the next values:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000001

Change the "00000001" for "00000000" and you'll be able to use task manager again.

#6 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:06 PM

Posted 09 March 2006 - 06:24 PM

Please if you decide to follow the advice given in the above post,
create a backup of your registery first!

Edited by Scarlett, 11 March 2006 - 12:11 AM.

Posted Image

#7 Soul Invictus

Soul Invictus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 13 March 2006 - 05:45 PM

I'm about to do the Hijackthis! however I wanted to let you all know that I tried to enter "regedit" in the Run option and it says another program is "Another program is currently using this file".

What does that mean? I've never had this happen before...

#8 Soul Invictus

Soul Invictus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 13 March 2006 - 05:55 PM

Here is my Hijackthis! Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:53:31 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Armond\Desktop\Security\HiJackthis! Extract\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6552A029-3E7E-997A-8A3D-52F9188D78A2} - (no file)
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: New &NetMark - C:\Program Files\NetMarks Manager\OpenNM.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: NetMarks Manager - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\Program Files\NetMarks Manager\NetMarks.exe (file missing)
O9 - Extra 'Tools' menuitem: New &NetMark - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\Program Files\NetMarks Manager\NetMarks.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100663776009
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fp6m03j1e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Thanks in advance!

#9 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:05:06 PM

Posted 13 March 2006 - 06:42 PM

Well, you are definitly infected, but you need to post your log in a different forum.

Here is my canned HJT forum referal speach:

For help with removing your infection I would like to refer you to the Highjack This (HJT) forum here at BleepingComputer.com:

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users