TechSpot

Task Manager Doesn't Work, Another Program Is Currently Using This File

By .BillBert
Jul 29, 2008
Topic Status:
Not open for further replies.
  1. Hi,

    I have recently discovered this problem a few days ago.
    What ever I do, I cant get Task Manager to display.
    And whenever i try to run some of my Control Panel Tools I get this error "Another program is using this file."

    Many Thanks

    After going to

    Viruses/Spyware/Malware, preliminary removal instructions

    I was able to use my task manger, but some of my control panel tools are still in used

    here are my logs plz help
     

    Attached Files:

  2. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    What can I remove

    And I was wondering, if i could remove some of the programs I installed that were listed on that Forum

    Thanks
     
  3. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Oh yea i also had a program with windows during the removal.

    It was LULnchr.exe [5924]

    And after that everything stop working, But I dont know if it still does that.

    Hopfully this info helps
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Download RatsCheddar
    http://rathat.geekstogo.com/Applications/RatsCheddar.zip

    It contains a program written by Rathat, and it is a Policy Controller.
    Save and extract this program to the desktop.
    Once extracted, click on the RatsCheddar.exe file.
    Enable everything, then click Exit
    Reboot your Computer.

    I have not checked logs
     
  5. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    That didnt do anything my Some of my Applications are still in used by another program

    Thanks for the help
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  7. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Thanks i dont have that problem now

    But I still need help with the applications.
     
  8. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Plz Help

    Im been patiently waiting for help, i dunno if you're looking over my logs r not, if you are can you please tell me, so i wouldnt be wondering about this post.
    Thank you
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hi .BillBert,

    Those logs.

    I personally am not experienced enough with instruction on what to do with the log entries.
    I was hoping that another member may check (and possibly still might)

    Glad at least the problem has gone :)
     
  10. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Thank you Kimsland

    I'll wait a little more for someone to help me or
    Maybe I should rename my thread? (but dont know how)

    Yes some of the problem is gone, but i still need help with my Applications
     
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Open hijackthis and place a check next to the item below

    O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
    O20 - AppInit_DLLs: myusemt.dll wcnonpe.dll woswelc.dll googlons.dll welyri.dll fssetle.dll jolinos.dll jolin0.dll hourpx2.dll theralte.dll


    --------------------------------

    Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
     
     
  12. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    I did what you told me i check on them and fixed them, but that didnt slove the program im still having

    Sorry i didnt see the scan part i thought it was part of ur slogan are something haha
     
  13. adu123

    adu123 TS Maniac Posts: 301

    place a checkmark next to the following entry:

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,svchost.xy3
    and click "fix"

    Right-click your Start button and go to "Explore", please delete these files (if present):

    C:\WINDOWS\system32\svchost.xy3

    C:\WINDOWS\system32\myusemtk.exe

    myusemt.dll
    wcnonpe.dll
    woswelc.dll
    googlons.dll
    welyri.dll
    fssetle.dll
    jolinos.dll
    jolin0.dll
    hourpx2.dll
    theralte.dll


    hopes that help:)
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    I had to go to sleep last night but yes we need to remove the file said above it is a lot easier using a the method below. Also if you can post the results from the test

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\WINDOWS\system32\svchost.xy3
      C:\WINDOWS\system32\myusemtk.exe
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  15. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Yea haha i had to go to sleep to...

    and its 10 in the morning so.. i need to go back to sleep

    Heres my scan (it doesnt look good...)

    I might be back at around 1, till then :)
     
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here
     
  17. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    I should do the OTMoveIt2 by OldTimer. First right?
     
  18. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    My OTMoving Text

    I never thought that svchost was a virus, i've always seen it in my task manger

    PS I'll do that last part later im really tired right now...
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Sorry for cutting in but you need to fix this

    Fix the above mentioned hijackthis entries

    Download win32delfkil.exe.
    Save it on your desktop.
    Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
    Close all windows, open the win32delfkil folder and double click on fix.bat.
    The computer will reboot automatically.
    Post the contents of the logfile c\windelf.txt.

    =====================================================


    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    ====================================================



    Attach the combofix log
    the windelf.txt log
    and a new hijackthis log
     
  20. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    I did what you told my Blind Dragron, but I dont know if I did the win32delfkiller property because it did not create a file named win32delf. When i ran it it just did the file searching

    Here are my logs
     
  21. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    There is a lot of chinese files on here

    Its funny though once you start ripping these infections apart sometimes more of them show up - we definitly put a dent in it. You need to install an anti-virus and firewall - I will make a suggestion with links after combofix instructions - update and full scan with Avira preferably


    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    ========================================================

    Firewalls
    Here are some firewalls which are free for personal use and most commonly used:
    Comodo <-Vista Compatible
    Zonealarm <-Vista Compatible

    Anti-Virus
    Avast Free
    Avira Free <- My recommendation


    Post the Combofix log and let us now what the Anti-virus finds
     
  22. tw0rld

    tw0rld TS Maniac Posts: 609   +6


    svchost.exe is not a virus. It is a windows executable that is used to run .dll files associated with various programs or services. The file that turned up in your log files svchost.xy3 is a trojan . it disguised itself as the windows executable (.exe) file. Follow the instruction being given and you should be fine.
     
  23. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    Oh haha thank you TWorld for explaming it to me

    yea thoes chinese files i think i was doing something i shouldnt have with this game, cus my cousin told me not to do it... haha

    Well i do have anit virus and a fire wall (TELUS Security service)
    and i thought its been pretty good
     

    Attached Files:

  24. .BillBert

    .BillBert TS Rookie Topic Starter Posts: 52

    ok when i installed antvir and updated it started to detact all these malwares and i use to option to detele them all.

    but when i tried to scan my system it gave me:

    C:\0000665B\1130640
    TR/Dropper.Gen

    and it froze, so i had to end task for it.

    Sorry for the late reply been a bit busy
     
  25. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Make sure you have installed a firewall as well - as this thing may be trying to download additional malware. We are getting it off in pieces - lets try something a little more powerful. After you run this and it reboots combofix should automatically run - don't touch anything just let it go and attach both logs for me after

    ==========================================================

    Avenger by Swandog

    • Download Avenger by Swandog and unzip it to your Desktop.

      Note: This program must be run from an account with Administrator priviledges.

    • Open the Avenger folder and double click Avenger.exe to launch the programme.
    • Copy the text in the code box below and Paste it into the Input script here: box.
    Code:
    Drivers to delete:
    msiffei
    
    Registry values to delete:
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | myusemt.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | wcnonpe.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | woswelc.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | baccops.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | aliens.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | rmbsony.dll
    
    Files to delete:
    C:\WINDOWS\system32\dearnts.dll
    C:\WINDOWS\system32\hourpx2.dll
    C:\WINDOWS\system32\jolinos.dll
    C:\WINDOWS\system32\rmbsony.dll
    C:\WINDOWS\system32\myusemt.dll
    C:\WINDOWS\system32\aliens.dll
    C:\WINDOWS\system32\360mon.dll
    C:\WINDOWS\system32\zgtwfx.dll
    C:\WINDOWS\system32\mttwfh.dll
    C:\WINDOWS\system32\wyrsdj.dll
    C:\WINDOWS\system32\kgfghd.dll
    C:\WINDOWS\system32\wklsdd.dll
    C:\WINDOWS\system32\tdffdl.dll
    C:\WINDOWS\system32\zefdst.dll
    C:\WINDOWS\system32\ddserh.dll
    C:\WINDOWS\system32\tdfhex.dll
    C:\WINDOWS\system32\sgdewg.dll
    C:\WINDOWS\system32\hhrdxd.dll
    C:\WINDOWS\system32\fsrgeb.dll
    C:\WINDOWS\system32\zycdex.dll
    C:\WINDOWS\system32\cedafb.dll
    
    Folders to delete:
    C:\[u]0[/u]0006B7B
    
    Registry keys to delete:
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{006CA8A1-61BC-4774-A54C-F49034270BAD}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{AEB6717E-7E19-21d2-97EE-00C04FD91972}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{021F087F-4378-545F-74FA-37D345AD7A8C}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{C0595A7E-2E2F-4B34-A83A-019270A0A464}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{28EB3777-3E23-4E72-8449-A992D09D24C3}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{84143967-B645-4BFF-B873-DA1DC886E9A7}
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xy3safe
    
    Programs to launch on reboot:
    C:\Documents and Settings\Billy\Desktop\ComboFix.exe
    • Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    • Ensure the following:
      • Scan for Rootkits is checked.
      • Automatically disable any rootkits found is Unchecked.
    • Press the Execute key.
    • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
    • Attach the log back here please. (it can also be found at C:\avenger.txt)

    =================================================

    Show me C:\Avenger.txt
    Show me C:\combofix.txt
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.