Regedit and Task manager wont open =(

[karMeister]

Hi! I noticed that this topic has been very redundant in the forums.. Ive tried going thru some walkthrus (How to remove Begin2Search / Coolwebsearch and other Nasties) you guys provided but to no avail

Mcafee also detect hijackthis as a worm for some reason (I disabled Mcafee )

I have attached my hijack log.

Thanks!:bounce:

ooooopppsss! will move my post sorry my bad...

 

[Rick]

Viruses usually disable these using options available in GPEDIT.

Start > Run > gpedit.msc

To enable regedit:
Browse to User Configuration / Administrative Templates / System. Change 'Prevent access to registry editing tools' to diabled.

To enable task manager:
Browse to User Configuration / Administrative Templates / System / CTRL+ALT+DEL Options and Disable 'Remove Task Manager'.

Chances are, more things are disabled... Such as msconfig, tabs in various Windows etc.. But most of the options to reenabled these things are located in gpedit.msc. Good luck

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have deleted your other thread on this subject and moved this thread to the correct forum.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Follow as many of these instructions as you can. If you have any problems with any of the instructions, go to the next step.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - Global Startup: svchost.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe Do not delete any other svchost.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Delete your existing version of HJT and download a new version as per these instructions HERE. Make sure you put it in the following directory. C:\program files\HijackThis\HijackThis1991.exe

Post a fresh HJT log and let me know how your system is running.

Regards Howard :wave: :wave:

This thread is for the use of karMeister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[karMeister]

Thanks rick and Howard! for the very prompt reply! :stickout:

Yes I have noticed the weird svchost fileon the startup .. tried renaming/deleting it but it just created another when i booted up.

I will do that when I get home (Im still at work right now ):blackeye:


Hope you dont mind me asking ... are you the same guy from Howardsforums?

 

[howard_hopkinso]

Hope you dont mind me asking ... are you the same guy from Howardsforums?

No mate I`m not lol. I`m not a member of any other tech forums.

Regards Howard

 

[karMeister]

:hotbounce It worked! ehehe! Thanks!
ran Registry cleaner, removed auto startup progs and saved a restore point.

Startup is alot faster now! I'm posting my latest log. Anything else I have to change?

Thanks again! :giddy:

 

[howard_hopkinso]

Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of karMeister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[karMeister]

Okay, will do that... Thanks again!!!... :bounce:

 

[karMeister]

Hi! It's me again!

I'm working on a desktop.
Its running really slow and I noticed that the CPU usage erratically jumps from 6% to 60-80%.

I went thru Howard's "Viruses/Spyware/Malware, preliminary removal instructions." Didnt detect anything serious so far but its running alot better.

Whats bothering me is that I get this error

"Generic Host Process for win32 Services has encountered a problem and needs to close...."

Startup is slow aswell.
I have a licenced Spyware Doctor installed. Wondering if that might be causing the slow startup?. I have posted my latest Hijack log.
Hope you can find time to take a look at it.

Thanks! alot!

 

[howard_hopkinso]

Please post an AVG Antispyware log in your next reply.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

SOFTWA~1
Zune

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ZuneNss.exe
soproc.exe
ALCMTR.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertAjMiniTest] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertAjMiniTest

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\PROGRA~1\SOFTWA~1<Delete the entire folder.
C:\Program Files\Zune<Delete the entire folder.
C:\windows\ALCMTR.EXE

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs. Let me know if you`re still having problems.

Regards Howard

This thread is for the use of karMeister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[karMeister]

Hi Howard! nice to hear from you again! Thanks for all the help man!

I went thru your suggestion and have the files saved:
So the Zune software is causing it to run slow aswell? ehehe its microsoft ehehe =P

Ill prob just install it when I need to update my library then take it off =P

Thanks alot the PC is alot more responsive now.

 

[howard_hopkinso]

Your HJT log is clean.

Run AVG Antispyware and disable the the resident shield. Close AVG Antispyware.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of karMeister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[karMeister]

Thanks howard_hopkinso!! Ill do that! Thanks again!