Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access Task Manager - Error: Access is denied


  • This topic is locked This topic is locked
2 replies to this topic

#1 blue gravity

blue gravity

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 16 November 2015 - 05:25 PM

Hello I am unable to access my task manager on Windows 7 as administrator. Whenever I try to access it a Command window flashes on the screen quickly and that's it. Same thing happens when taskmgr.exe is clicked. 

 

I was able to capture the command window error as the following:

 

C;\Users\Brian\Documents>REG and HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System  /v  DisableTaskMgr  /t  REG_DWORD  /d  /0  /f

ERROR: Access is denied.

 

Any help with this would be appreciated. I have checked that TaskMgr is enabled in the registry, and have ran AVG, Malwarebytes, TDSS Killer, RKill and Combofix and they didn't come up with anything. 

 

Here is the FRST logs:

 

 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 14:05 - 2015-11-16 14:05 - 00020866 _____ C:\Users\Brian\Downloads\FRST.txt
2015-11-16 14:04 - 2015-11-16 14:05 - 00000000 ____D C:\FRST
2015-11-16 14:04 - 2015-11-16 14:04 - 01378304 _____ (Farbar) C:\Users\Brian\Downloads\FRST.exe
2015-11-16 10:55 - 2015-11-16 10:55 - 00001446 _____ C:\Users\Brian\Downloads\hijackthis.log
2015-11-16 10:52 - 2015-11-16 10:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HijackThis.exe
2015-11-16 10:51 - 2015-11-16 10:51 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Process Hacker 2
2015-11-16 10:46 - 2015-11-16 10:46 - 00001994 _____ C:\Users\Brian\Desktop\Process Hacker 2.lnk
2015-11-16 10:46 - 2015-11-16 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-11-16 10:46 - 2015-11-16 10:46 - 00000000 ____D C:\Program Files\Process Hacker 2
2015-11-16 10:42 - 2015-11-16 10:42 - 02018808 _____ (wj32 ) C:\Users\Brian\Downloads\processhacker-2.36-setup.exe
2015-11-16 09:17 - 2015-11-16 09:20 - 00002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2015-11-16 09:17 - 2015-11-16 09:17 - 00000000 ____D C:\Program Files\Microsoft Office
2015-11-16 09:16 - 2015-11-16 09:16 - 00000000 ____D C:\Program Files\MSECache
2015-11-16 09:13 - 2015-11-16 09:15 - 77738888 _____ (Microsoft Corporation) C:\Users\Brian\Downloads\ExcelViewer.exe
2015-11-13 22:39 - 2015-11-13 22:39 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Brian\Downloads\tdsskiller.exe
2015-11-13 22:37 - 2015-11-13 22:38 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Brian\Downloads\rkill.com
2015-11-13 22:16 - 2015-11-13 22:16 - 00346306 _____ C:\Users\Brian\AppData\Local\census.cache
2015-11-13 22:16 - 2015-11-13 22:16 - 00151408 _____ C:\Users\Brian\AppData\Local\ars.cache
2015-11-13 22:15 - 2015-11-13 22:15 - 00000010 _____ C:\Users\Brian\AppData\Local\sponge.last.runtime.cache
2015-11-13 22:07 - 2015-05-28 23:43 - 00303744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-13 22:06 - 2015-11-13 22:06 - 02073512 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HousecallLauncher.exe
2015-11-13 22:06 - 2015-11-13 22:06 - 00000036 _____ C:\Users\Brian\AppData\Local\housecall.guid.cache
2015-11-13 22:02 - 2015-11-13 22:02 - 00000114 _____ C:\Users\Brian\Documents\TaskManager.bat
2015-11-13 21:58 - 2015-11-13 21:58 - 00000558 _____ C:\Windows\PFRO.log
2015-11-13 21:55 - 2015-11-13 21:55 - 00009581 _____ C:\ComboFix.txt
2015-11-13 21:41 - 2015-11-13 21:55 - 00000000 ____D C:\Qoobox
2015-11-13 21:41 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-13 21:41 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-13 21:41 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-13 21:41 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-13 21:41 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-13 21:41 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-13 21:41 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-13 21:41 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-13 21:40 - 2015-11-13 21:54 - 00000000 ____D C:\Windows\erdnt
2015-11-13 21:39 - 2015-11-13 21:39 - 05638248 ____R (Swearware) C:\Users\Brian\Downloads\ComboFix.exe
2015-11-13 21:34 - 2015-11-16 07:33 - 00001344 _____ C:\Windows\setupact.log
2015-11-13 21:34 - 2015-11-13 21:34 - 00000000 _____ C:\Windows\setuperr.log
2015-11-04 09:54 - 2015-11-05 07:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-24 20:12 - 2015-10-24 20:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\AVG
2015-10-24 20:09 - 2015-11-04 15:56 - 00000906 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-10-24 20:03 - 2015-10-24 20:06 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 19:51 - 2015-10-24 20:03 - 00000000 ____D C:\Users\Brian\AppData\Local\AvgSetupLog
2015-10-21 16:24 - 2015-10-21 16:24 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2015-10-21 16:14 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-10-21 06:12 - 2015-10-21 06:12 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-19 08:06 - 2015-10-19 08:06 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 13:22 - 2015-04-18 11:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-16 13:10 - 2015-04-15 08:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 12:08 - 2009-07-13 20:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 12:08 - 2009-07-13 20:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 11:35 - 2015-04-13 16:57 - 01442474 _____ C:\Windows\WindowsUpdate.log
2015-11-16 11:09 - 2015-04-15 08:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 09:17 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-16 07:41 - 2015-04-13 18:38 - 00000000 ____D C:\ProgramData\MFAData
2015-11-16 07:32 - 2015-04-13 17:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-16 07:32 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 18:47 - 2010-11-20 13:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 21:55 - 2009-07-13 18:37 - 00000000 ___RD C:\Users\Public
2015-11-13 21:53 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2015-11-13 21:25 - 2015-06-11 10:55 - 00000000 ____D C:\Users\Brian\AppData\Local\CrashDumps
2015-11-13 12:38 - 2015-04-16 12:35 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 10:56 - 2015-04-13 19:16 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-13 10:56 - 2015-04-13 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-13 10:56 - 2015-04-13 19:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-13 10:34 - 2015-04-13 17:17 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore
2015-11-11 18:11 - 2015-04-15 08:36 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 09:22 - 2015-04-18 11:27 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 09:22 - 2015-04-18 11:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-05 11:37 - 2015-04-14 08:17 - 00000000 ___HD C:\Users\Brian\dwhelper
2015-11-05 07:03 - 2015-04-13 17:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-04 15:56 - 2015-04-13 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-04 15:54 - 2015-06-02 08:01 - 00000000 ____D C:\Users\Brian\AppData\Local\Avg
2015-11-01 21:10 - 2015-04-13 19:46 - 00000000 ___RD C:\Users\Brian\Podcasts
2015-10-31 17:55 - 2015-04-18 11:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-24 20:12 - 2015-04-13 19:00 - 00000000 ____D C:\Program Files\AVG
2015-10-24 20:10 - 2015-06-29 08:20 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-21 06:12 - 2015-04-13 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 06:12 - 2015-04-13 17:34 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 06:11 - 2015-10-12 12:23 - 00000000 ____D C:\Users\Brian\.oracle_jre_usage
2015-10-21 06:11 - 2015-04-13 17:35 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-10-21 06:11 - 2015-04-13 17:34 - 00000000 ____D C:\Program Files\Java
2015-10-19 14:34 - 2015-08-28 08:36 - 00000000 ____D C:\Users\Brian\AppData\Roaming\TS3Client
 
==================== Files in the root of some directories =======
 
2015-11-13 22:16 - 2015-11-13 22:16 - 0151408 _____ () C:\Users\Brian\AppData\Local\ars.cache
2015-11-13 22:16 - 2015-11-13 22:16 - 0346306 _____ () C:\Users\Brian\AppData\Local\census.cache
2015-11-13 22:06 - 2015-11-13 22:06 - 0000036 _____ () C:\Users\Brian\AppData\Local\housecall.guid.cache
2015-11-13 22:15 - 2015-11-13 22:15 - 0000010 _____ () C:\Users\Brian\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 07:40
 
==================== End of FRST.txt ============================

 

Thanks again for any help on this one.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:46 PM

Posted 19 November 2015 - 11:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Here is the FRST logs:

Your your is not complete. Please post the complete FRST log for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:46 PM

Posted 24 November 2015 - 09:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users