Solved

task manager is greyed out

Posted on 2007-04-06
11
1,344 Views
Last Modified: 2008-01-09
im currently running windows 2003  I have noticed; task manager is greyed out,  and says it was locked by the administrator  ie i did not do this...   Also processor is neat 100%
0
Comment
Question by:mwr123
  • 5
  • 3
  • 3
11 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 18866535
Disable Task Manager
http://www.pctools.com/guides/registry/detail/163/

Check out this link for where it is locked in the registry....
0
 

Author Comment

by:mwr123
ID: 18867973
ok registry mechanic found 267 errors.   What do i do next?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 100 total points
ID: 18868462
disabled utilities can also be caused by malware/trojans. Have you run any malware scanners?
Here's a good one SUPERAntispyware:
http://www.superantispyware.com/

Process explorer might also help to pinpoint the process taking up the high cpu.
Process explorer:
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

OR:
show us a hijackthis log please?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

You can either upload the log to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR you can paste the log to this site::
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18869695
Please dont use registry cleaners.

(i am sure this thread will get alot of debating now, bout by some people that love them, and the other half that hate them. Personal and professional opinions really.)

Some registry cleaners may work better than others, but they are not always reliable. They might delete critical values, and make a problem worse. I have seen them tank a system....

What about the registry value that I suggested for the task manager problem?
0
 

Author Comment

by:mwr123
ID: 18871600
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:52:44 PM, on 4/3/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_5
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://messenger.msn.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://ftp-mozilla.netscape.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169110493578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169110482875
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7528 bytes
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 100 total points
ID: 18871666
These entries below belongs to an SDBot variant:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


You need to run SDFix:
Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


After running SDFix, download and run SUPERAntispyware to remove what's leftover:
http://www.superantispyware.com/
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18871698
hmm......this trojan will be hard to remove because all the utilitites are disabled, SDFix needs to run a reg fix first to enable cmd.

Boot to safe mode and fix this entry in Hijackthis, (to enable the registry).
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Then goto start > Run > copy and paste

regedit %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Press OK and allow it to be merged then sdfix will run and clear up the rest of it,
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18871709
If nothing works, try these removal SDBot removal tools:

MS Removal tool claim to remove SDBot info below, will see, you can try that too:
http://support.microsoft.com/?kbid=890830

1.  MS Removal tool:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en


2.  Have you also tried SUPERAntispyware yet?
http://www.superantispyware.com/


3.  Here's Sophos SDBot removal instructions:
http://www.sophos.com/support/disinfection/sdbot.html
0
 

Author Comment

by:mwr123
ID: 18878081
have applied sd fix also ran superantispyware,  it seems that  the tools are back ie command prompt and task manager.  however my processor is still running at near 100%.  Should i run hijack this again and post
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 25 total points
ID: 18878415
Process Explorer for Windows v10.21
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

What process is eating the CPU?

When you find it, double click it and select the threads tab. Then you could probably see exactly what .dll or .exe loaded by that process is using the CPU.....
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18880126
Yes, we would've liked to still see your hijackthis log till it looks clean, but since you've already closed your question I assume everything is okay now.

Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now