I cannot access the task manager

Now the task manager is the least of my problems

Here is my Hijackthis log-file.

Hello and welcome to Techspot.

Your version of Hijackthis is out of date. Therefore that is not a full log.

Go HERE and follow the instructions carefully. especially about updating and Hjackthis placement. print them out if you can.

Then post a new Hijackthis log.

Regards Howard :wave: :wave:

Thank you for the extremely quick reply! :giddy: I updated and here is my new log:

You are infected by the gaobot bc worm(winupdates.exe)

Go HERE for removal instructions.

When you have done that, Go to my previous post and follow the instructions in the link I provided.

Regards Howard

Thank you for the help, this is taking a while to do but I will let you know how everything goes.

I went to that link and performed everything up to the

At which point the only file that was detected was called WxBug.EXE.

I just now went onto the next step that involves "regedit." I typed regedit into "run..." and the black screen popped up for about 2 seconds then disapeared and nothing else happened.

Have tried to open the task manager and stopped the process winupdates.exe?

Regards Howard

Yes, I did everything in that link up to the "regedit" part at this point.

Is your computer in safe mode? If not it needs to be. Also don`t forget to turn off system restore.

Regards Howard

Ok, I'll do that now. I didn't think I had to be in safe mode due to these instructions:

I just came back from safe mode, and now I have an entirely new (or so it seems) problem. Right when my desktop appeared an IE pop-up window popped up, and I have a new icon in the taskbar called "180 search assistant". I have no idea where this came from.

Now, my other problem is while I was in safe mode, I typed "regedit" again and a box popped up that said

To top it all off, as I was typing this reply, my Spybot S&D has been going crazy telling me about changes to my registry and process that are parts of malicious software. The one currently up is ap9h4wmo.exe "ShopAtHome".

God! That problem of yours sounds terrible! How did u get that 180 spyware onto your pc? Dosen't your Spybot detect & delete or quarantine it?
Sypware really gets to me. I ran a search through Ad aware on my wifes sisters pc last weekend & it found 185 infected files! Thats just from her general browsing & shes only had her laptop for 1 month! Stupid advertisment!

How about u save all of your stuff, format & start fresh?

Don't listen to me though ... im currently in training!!!

Formatting is a serious consideration in the back of my mind right now. As long as I'm getting help in this thread, I have hope that I won't have to do that, though.

Now go to my original post in this thread, and follow all the instructions I linked.

Including downloading the required programmes etc.

Once and only once you have done that, post another HJT log.

Regards Howard

I had this problem on a friends PC, turns out the sneaky buggers had created a 'regedit.com' file in the system32 directory, amongst others such as 'ping.com', 'cmd.com' etc overwriting the windows versions. For whatever reason regedit.com takes priority over regedit.exe and will run if you type 'regedit' in the run box. If you type 'regedit.exe' then you should get the registry editor.

Once you've done all that you'll want to clean out the bogus files. Browse to the c:\windows\system32 folder and make sure you are showing all hidden & system files (tools -> folder options -> View -> select 'Show hidden files' and untick 'hide protected operating system files')
Then change the view to 'Details', sort by file type and scroll down till you get to 'MS-DOS Application' You'll see the virus files are very small in size, I think they were all 1kb and the genuine Microsoft files should be much bigger.

The next step is to move the files out of the system32 folder somewhere, Windows should then automatically replace them with the correct files from the dll cache, unless you switched off system restore. If so you can either copy the files from another XP box, restore them from an XP CD or ask someone very nicely to email you the files

Let us know how you get on!

Nice bit of info there rubjonny.

Regards Howard :grinthumb

OK! Here is the new HJT log after everything suggested.

edit: hold on there were a few steps I skipped, I'll re-post shortly.

Ok here's an updated HJT log. For what it's worth, my computer is acting/appearing to act normally again right now.

Let HJT fix the following.

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -

Once that`s done your system looks clean.

Turn on system restore.

Regards Howard