Having problems! Please read task mgr.-Pop-ups

[charisme]

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click on it
and select Properties. If this setting is enabled and users try to start Task
Manager, a message appears explaining that a policy prevents the action. So
by disabling the policy, you are enabling the Task Manager.( (Click
Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or "Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn’t
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** I was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter" button.


Warning: Modifying your registry can cause serious problems that may require
you to reinstall your operating system. Always backup your files before doing
this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically 1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to default**/ I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in this sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes, from
one of my first posts 3/23/09. I still have the Task Manager ERROR, Plus I am
being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have missed.
:-(
Char.

 

[PA Bear [MS MVP]]

Charisme, you've GOT to stop beginning new threads about this problem.

See my reply (#8) to your post on 19 April in this thread:
http://groups.google.com/group/micr..._frm/thread/98e54063d0b9f32a/ae520d654972589a
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates
under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click on
it and select Properties. If this setting is enabled and users try to
start
Task Manager, a message appears explaining that a policy prevents the
action. So by disabling the policy, you are enabling the Task Manager.(
(Click Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to
http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or
"Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn’t
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** I was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter"
button.


Warning: Modifying your registry can cause serious problems that may
require
you to reinstall your operating system. Always backup your files before
doing this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically 1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no
value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to default**/
I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in this
sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes, from
one of my first posts 3/23/09. I still have the Task Manager ERROR, Plus I
am being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have
missed.
:-(
Char.

 

[Tim Meddick]

Hi charisme,
The value within:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

....that is called

"DisableTaskMgr"=dword:00000000

....should be IDENTICAL to your "DisableRegistryTools"=dword:00000000

in that they should BOTH be dword values and BOTH be set to 0 [zero]

if it is NOT there - don't create it. It NOT being there is the SAME as it
being configured to 0 [zero]
if it's there in any other form (i.e. REG_SZ - a string reg value - then
delete it and create a new REG_DWORD - a hexadecimal reg value - and leave
it with it's default value of 0 [zero])

The Group Policy Setting reg key, that you were looking for, is NOT there
because it is 'Not Configured' in Group Policy Editor and so Task Manager
should be okay. But, as it you say that it isn't. Configuring it to
'disabled' might help, as it overrides any other settings and should 'force'
Task Manager to be enabled (as you deducted - 'disabled' IS the right
setting to do this)

I have not heard of the other keys being relevant. Although there IS a
'policies' key in a couple more places I didn't think they were set. But as
you did the right thing and checked that they DON'T exist - then they cannot
be causing the problem. As I said try setting the GPO setting to 'disabled'
and as this is, by far, the most important setting, it should return after a
reboot.

--

Cheers, Tim Meddick, Peckham, London.

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates
under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click on
it
and select Properties. If this setting is enabled and users try to start
Task
Manager, a message appears explaining that a policy prevents the action.
So
by disabling the policy, you are enabling the Task Manager.( (Click
Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to
http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or
"Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn't
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** I was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter"
button.


Warning: Modifying your registry can cause serious problems that may
require
you to reinstall your operating system. Always backup your files before
doing
this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically 1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no
value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to default**/
I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in this
sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes, from
one of my first posts 3/23/09. I still have the Task Manager ERROR, Plus I
am
being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have
missed.
:-(
Char.

 

[charisme]

I am responding to the resolution/fix sent to me from: Tim Meddick.
Here's a bit of the history and *** marks what I have done.
Please respond? Thank You *** Char

o to "Start" -> "Run" -> Write "regedit" and press on "Enter"

button.

Hkey resolution (#1 of 4)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=dword:00000000

*** HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion *** there
was no Policies!
***There was a /Policies the last time I did this! ** Is this possible, can
it disappear? ***

*** So I went to the next Hkey resolution (#2 of 4)***

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group

Policy *** there is No /Objects listed under Group Policy \Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
***[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\ *** System (as instructed in 1of4 Hkey)

On the right side of the window there are 3 lines:
Default REG.SZ (value not set)
Disable Registr REG.SZ 1
Disable Task Mgr. REG.SZ 0

*** Should I change that Disable Registry from a 1 to a 0? ***

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click on it
and select Properties. If this setting is enabled and users try to start Task
Manager, a message appears explaining that a policy prevents the action. So
by disabling the policy, you are enabling the Task Manager.( (Click
Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or "Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn’t
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** I was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter" button.


Warning: Modifying your registry can cause serious problems that may require
you to reinstall your operating system. Always backup your files before doing
this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically 1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to default**/ I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in this sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes, from
one of my first posts 3/23/09. I still have the Task Manager ERROR, Plus I am
being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have missed.
:-(
Char.

 

[charisme]

Tim Meddick Hi! I have copied your note and *** by my questions, please see
below
Thank you so much for your time, knowledge And Patience... it is very much
needed and Oh So Appreciated!
*** P.S.
I have gotten a fix/reply from PA Bear, what do you think about Downloading
this:

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!
**** AND:
2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
******* END of PA Bear Letter ***********

Char in Santa Rosa, CA
(e-mail address removed)

Hi charisme,
The value within:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

*** Tim, Today I did the same as before but today there is no \Policies so I
went to \Group Policies
***[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group

Policy\ *** System (as instructed in 1of4 Hkey)

On the right side of the window there are 3 lines:
Default REG.SZ (value not set)
Disable Registr REG.SZ 1
Disable Task Mgr. REG.SZ 0

*** Should I change that Disable Registry from a 1 to a 0? ***
.....that is called

"DisableTaskMgr"=dword:00000000

.....should be IDENTICAL to your "DisableRegistryTools"=dword:00000000

in that they should BOTH be dword values and BOTH be set to 0 [zero]

if it is NOT there - don't create it. It NOT being there is the SAME as it
being configured to 0 [zero]
if it's there in any other form (i.e. REG_SZ - a string reg value - then
delete it and create a new REG_DWORD - a hexadecimal reg value - and leave
it with it's default value of 0 [zero])

** Tim, I don't know how to create a new REG_DWORD -
*** Or what a hexadecimal reg value - *** and leave
it with it's default value of 0 [zero]) *** Please, explain?

The Group Policy Setting reg key, that you were looking for, is NOT there
because it is 'Not Configured' in Group Policy Editor and so Task Manager
should be okay. But, as it you say that it isn't. Configuring it to
'disabled' might help, as it overrides any other settings and should 'force'
Task Manager to be enabled (as you deducted - 'disabled' IS the right
setting to do this)

I have not heard of the other keys being relevant. Although there IS a
'policies' key in a couple more places I didn't think they were set. But as
you did the right thing and checked that they DON'T exist - then they cannot
be causing the problem. As I said try setting the GPO setting to 'disabled'
and as this is, by far, the most important setting, it should return after a
reboot.

*** Tim, setting the GPO *** Group Policies_______? Do I delete and type it
in?
******************Your original letter *************************

Hi charisme,
The value within:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

....that is called

"DisableTaskMgr"=dword:00000000

....should be IDENTICAL to your "DisableRegistryTools"=dword:00000000

in that they should BOTH be dword values and BOTH be set to 0 [zero]

if it is NOT there - don't create it. It NOT being there is the SAME as it
being configured to 0 [zero]
if it's there in any other form (i.e. REG_SZ - a string reg value - then
delete it and create a new REG_DWORD - a hexadecimal reg value - and leave
it with it's default value of 0 [zero])

The Group Policy Setting reg key, that you were looking for, is NOT there
because it is 'Not Configured' in Group Policy Editor and so Task Manager
should be okay. But, as it you say that it isn't. Configuring it to
'disabled' might help, as it overrides any other settings and should 'force'
Task Manager to be enabled (as you deducted - 'disabled' IS the right
setting to do this)

I have not heard of the other keys being relevant. Although there IS a
'policies' key in a couple more places I didn't think they were set. But as
you did the right thing and checked that they DON'T exist - then they cannot
be causing the problem. As I said try setting the GPO setting to 'disabled'
and as this is, by far, the most important setting, it should return after a
reboot.

--

Cheers, Tim Meddick, Peckham, London.

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates
under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click on
it
and select Properties. If this setting is enabled and users try to start
Task
Manager, a message appears explaining that a policy prevents the action.
So
by disabling the policy, you are enabling the Task Manager.( (Click
Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to
http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or
"Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy" doesn't
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** It was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter"
button.


Warning: Modifying your registry can cause serious problems that may
require
you to reinstall your operating system. Always backup your files before
doing
this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically 1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no
value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to default**/
I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in this
sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes, from
one of my first posts 3/23/09. I still have the Task Manager ERROR, Plus I
am
being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have
missed.
:-(
Char.

 

[Tim Meddick]

Hi charisme,
Mr P.A. Bear does know a thing or two more than I on the
whole subject, but I think that even he would admit that no-one is above
accepting a fresh view. The MRT utility should already be on your system
(just type MRT into the 'Run' box). If 'Automatic Updates' were in
operation on your computer, then it should be the most up-to-date version,
as they release a new one every month. This, and the other 'fixes' that he
is advising you of, are all to do with your computer being the victim of
'malware' attack. While I wholeheartedly agree it could well be the cause
(so do follow his advice) sometimes XP just likes to mess up a single reg
value and screw something up on your computer from time to time. It happens
to everyone with a computer at sometime, that, inexplicably, something
changes with no help from anyone. So this, I think could also be what has
happened, it does no harm to try my advice: Which was, again, to go into
the Group Policy Editor and change the setting:

'Ctrl+Alt+Del Options' > 'Remove Task Manager'

....and set it from 'not configured' to 'disabled' If this does not work,
then try Mr Bear's advice, although, I would Run MRT.EXE as a matter of
course anyway.

PLEASE post back with an update on this. I'd be interested to know what
sorts it out in the end.

Cheers, Tim Meddick, Peckham, London.

Tim Meddick Hi! I have copied your note and *** by my questions, please
see
below
Thank you so much for your time, knowledge And Patience... it is very much
needed and Oh So Appreciated!
*** P.S.
I have gotten a fix/reply from PA Bear, what do you think about
Downloading
this:

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!
**** AND:
2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup,
http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting
this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
******* END of PA Bear Letter ***********

Char in Santa Rosa, CA
(e-mail address removed)

Hi charisme,
The value within:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

*** Tim, Today I did the same as before but today there is no \Policies so
I
went to \Group Policies
***[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group

Policy\ *** System (as instructed in 1of4 Hkey)

On the right side of the window there are 3 lines:
Default REG.SZ (value not set)
Disable Registr REG.SZ 1
Disable Task Mgr. REG.SZ 0

*** Should I change that Disable Registry from a 1 to a 0? ***
....that is called

"DisableTaskMgr"=dword:00000000

....should be IDENTICAL to your "DisableRegistryTools"=dword:00000000

in that they should BOTH be dword values and BOTH be set to 0 [zero]

if it is NOT there - don't create it. It NOT being there is the SAME as it
being configured to 0 [zero]
if it's there in any other form (i.e. REG_SZ - a string reg value - then
delete it and create a new REG_DWORD - a hexadecimal reg value - and leave
it with it's default value of 0 [zero])

** Tim, I don't know how to create a new REG_DWORD -
*** Or what a hexadecimal reg value - *** and leave
it with it's default value of 0 [zero]) *** Please, explain?

The Group Policy Setting reg key, that you were looking for, is NOT there
because it is 'Not Configured' in Group Policy Editor and so Task Manager
should be okay. But, as it you say that it isn't. Configuring it to
'disabled' might help, as it overrides any other settings and should
'force'
Task Manager to be enabled (as you deducted - 'disabled' IS the right
setting to do this)

I have not heard of the other keys being relevant. Although there IS a
'policies' key in a couple more places I didn't think they were set. But
as
you did the right thing and checked that they DON'T exist - then they
cannot
be causing the problem. As I said try setting the GPO setting to
'disabled'
and as this is, by far, the most important setting, it should return after
a
reboot.

*** Tim, setting the GPO *** Group Policies_______? Do I delete and type
it
in?
******************Your original letter *************************

Hi charisme,
The value within:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

....that is called

"DisableTaskMgr"=dword:00000000

....should be IDENTICAL to your "DisableRegistryTools"=dword:00000000

in that they should BOTH be dword values and BOTH be set to 0 [zero]

if it is NOT there - don't create it. It NOT being there is the SAME as
it
being configured to 0 [zero]
if it's there in any other form (i.e. REG_SZ - a string reg value - then
delete it and create a new REG_DWORD - a hexadecimal reg value - and
leave
it with it's default value of 0 [zero])

The Group Policy Setting reg key, that you were looking for, is NOT there
because it is 'Not Configured' in Group Policy Editor and so Task Manager
should be okay. But, as it you say that it isn't. Configuring it to
'disabled' might help, as it overrides any other settings and should
'force'
Task Manager to be enabled (as you deducted - 'disabled' IS the right
setting to do this)

I have not heard of the other keys being relevant. Although there IS a
'policies' key in a couple more places I didn't think they were set. But
as
you did the right thing and checked that they DON'T exist - then they
cannot
be causing the problem. As I said try setting the GPO setting to
'disabled'
and as this is, by far, the most important setting, it should return
after a
reboot.

--

Cheers, Tim Meddick, Peckham, London.

"Task Manager has been disabled by your administrator" error message

***I'm using XP Pro I ran the 1.gpedit.msc 2.Administrative Templates
under
the User Configuration.3. double click on System. Select Ctrl+Alt+Del
options. Double click on it. 4] Select Remove Task Manager. Right click
on
it
and select Properties. If this setting is enabled and users try to
start
Task
Manager, a message appears explaining that a policy prevents the
action.
So
by disabling the policy, you are enabling the Task Manager.( (Click
Setting>Select Disabled radio button>Apply/OK)
*** I did all of that and went to
http://support.microsoft.com/?kbid=555480

CAUSE
There following

1. You use account that was blocked via the "Local Group Policy" or
"Domain
Group Policy".
2. Some registry settings block you from using "Task Manager".

RESOLUTION

1. Verity that the "Local Group Policy" or "Domain Group Policy"
doesn't
block you from using "Task Manager".
1.1 "Local Group Policy A "Run" -> Write "Gpedit.msc B Navigate to
"User Configuration" -> "Administrative Templates" -> "System" ->
"Ctrl+Alt+Del Options" c. In the right side of the screen verity
that
"Remove Task Manager"" option set to "Disable" or "Not Configured".
*** It was NOT CONFIGURED***
d. Close "Gpedit.msc" MMC.

e. Go to "Start" -> "Run" -> Write "gpupdate /force" and press on
"Enter" button.
*** I did all of this ***
--------------------------------------------------------------
2. Verity correct registry settings::

a. Go to "Start" -> "Run" -> Write "regedit" and press on "Enter"
button.


Warning: Modifying your registry can cause serious problems that may
require
you to reinstall your operating system. Always backup your files before
doing
this registry hack.

b. Navigate to the following registry keys and verity that following
settings set to default:

Windows Registry Editor Version 5.00

*** HKey, 4 each Hkey copied as instructions list below***

*** First of Four HKEY***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 *** What is dword0000000*** ? ***

** 3 (horrizontal) CATAGORIES- A, B & C And 3 numbered vertically
1,2,&3**

1A NAME: (Default) **Blank brown icon B.TYPE REG: sz C/ DATA: no
value
set

2A DisableRegistrytools? blue icon B REG'WORD C 0x000000000

3A Disable Task Manager B REGSZ C 0
*** I wasn't sure what to do here? **Verify the settings set to
default**/
I
don't know what default setting should be*** ?

*** Second of Four HKEY ***
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group
Policy\Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies
\System] "DisableTaskMgr"=dword:00000000
*** I got as far as Group Policy, there was no \Objects\ ,listed in
this
sub
menu, or following the \Group Policy\***

*** Third of Four HKEY ***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\policies\system\]"DisableTaskMgr"=dword:00000000
*** There was No:\ Disable Task Manager listed after\CurrentVersion
\policies\system**

***Four of Four HKEY***
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]"DisableCAD"=dword:00000000
*** I found No Disable CAD following NT\CurrentVersion\Winlogon)
** I found nothing here listed ""Disablle".

c. Reboot the computer.

Now that I have done all of the above plus installed new Malwarebyes,
from
one of my first posts 3/23/09. I still have the Task Manager ERROR,
Plus I
am
being bombard with POP-UPS! -- I am going Out of My Mind. PLEASE HELP?

Thank you for reading all of this, maybe you'll see what I must have
missed.
:-(
Char.