Regedit,Msconfig,Hijackthis,RegCleaner and Antivirus sites not working

[calvinL]

Some programs like regedit, msconfig, hijackthis, regcleaner, and antivirus sites like the trendmicro.com and symantec.com won't work. (i can still run trendmicro on their european website) Suprisingly taskmananager still works.

The programs that doesn't work open up for a few seconds and closes up by itself. Sometimes it won't open, sometimes you would see the program flash open and go out by itself again, and sometimes it can stay for a max of 5 seconds but no longer. I was able to open HJT just long enough for it to complete scanning, at the same time I was able to open msconfig while it was scanning. Hope that helps.

 

[Mictlantecuhtli]

Well, I don't usually do these HJT inspections, so my instructions might differ from others.

Anyhow, you need to get Process Explorer to kill csrss.exe and smss.exe, because Windows Task Manager thinks they're crucial system applications and refuses to kill them.

These two need to be killed with Process Explorer:

C:\WINDOWS\system32\ypavfdb\csrss.exe
C:\WINDOWS\system32\ypavfdb\smss.exe

Fix these with HJT:

F3 - REG:win.ini: load=C:\WINDOWS\system32\ypavfdb\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\ypavfdb\csrss.exe

O4 - HKLM\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\Run: [Windows Generic Proc] procmsg.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - Startup: csrss.lnk = ?

Delete C:\WINDOWS\system32\ypavfdb directory completely.

Delete all procmsg.exe files you find too. Check here for more information about it.


It just continues to amaze me how cluttered some people's computers are... I have 16 lines after the running processes in HJT log.