Task Manager Doesn't Work, Another Program Is Currently Using This File

Status
Not open for further replies.
B

.BillBert

Posts: 49   +0
Hi,

I have recently discovered this problem a few days ago.
What ever I do, I cant get Task Manager to display.
And whenever I try to run some of my Control Panel Tools I get this error "Another program is using this file."

Many Thanks

After going to

Viruses/Spyware/Malware, preliminary removal instructions

I was able to use my task manger, but some of my control panel tools are still in used

here are my logs plz help
 

Attachments

  • hijackthis.log
    12.9 KB · Views: 13
  • ComboFix.txt
    16.2 KB · Views: 6
What can I remove

And I was wondering, if i could remove some of the programs I installed that were listed on that Forum

Thanks
 
Oh yea i also had a program with windows during the removal.

It was LULnchr.exe [5924]

And after that everything stop working, But I dont know if it still does that.

Hopfully this info helps
 
That didnt do anything my Some of my Applications are still in used by another program

Thanks for the help
 
Plz Help

Im been patiently waiting for help, i dunno if you're looking over my logs r not, if you are can you please tell me, so i wouldnt be wondering about this post.
Thank you
 
Hi .BillBert,

Those logs.

I personally am not experienced enough with instruction on what to do with the log entries.
I was hoping that another member may check (and possibly still might)

Glad at least the problem has gone :)
 
Thank you Kimsland

I'll wait a little more for someone to help me or
Maybe I should rename my thread? (but dont know how)

Yes some of the problem is gone, but i still need help with my Applications
 
Open hijackthis and place a check next to the item below

O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O20 - AppInit_DLLs: myusemt.dll wcnonpe.dll woswelc.dll googlons.dll welyri.dll fssetle.dll jolinos.dll jolin0.dll hourpx2.dll theralte.dll

--------------------------------

Please run an on-line virus scan at http://www.kaspersky.com/virusscannerKaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
 
I did what you told me i check on them and fixed them, but that didnt slove the program im still having

Sorry i didnt see the scan part i thought it was part of ur slogan are something haha
 
place a checkmark next to the following entry:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,svchost.xy3
and click "fix"

Right-click your Start button and go to "Explore", please delete these files (if present):

C:\WINDOWS\system32\svchost.xy3

C:\WINDOWS\system32\myusemtk.exe

myusemt.dll
wcnonpe.dll
woswelc.dll
googlons.dll
welyri.dll
fssetle.dll
jolinos.dll
jolin0.dll
hourpx2.dll
theralte.dll

hopes that help:)
 
I had to go to sleep last night but yes we need to remove the file said above it is a lot easier using a the method below. Also if you can post the results from the test

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\WINDOWS\system32\svchost.xy3
C:\WINDOWS\system32\myusemtk.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 
Yea haha i had to go to sleep to...

and its 10 in the morning so.. i need to go back to sleep

Heres my scan (it doesnt look good...)

I might be back at around 1, till then :)
 
Download & Install SDFix
  • Download SDFix & save it to your Desktop.
  • Double click SDFix.exe & it will extract the file to %systemdrive%
    (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode
  • Restart your computer & start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix
  • Open the extracted SDFix folder & double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
  • Attach Report.txt back here
 
My OTMoving Text

I never thought that svchost was a virus, i've always seen it in my task manger

PS I'll do that last part later im really tired right now...
 
Sorry for cutting in but you need to fix this

Fix the above mentioned hijackthis entries

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt.

=====================================================


Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\dearnts.dll
C:\WINDOWS\system32\jolinos.dll
C:\WINDOWS\system32\rmbsony.dll
C:\WINDOWS\system32\xfimerl.dll
C:\WINDOWS\system32\siemous.dll
C:\WINDOWS\system32\hourpx2.dll
C:\WINDOWS\system32\offecao.dll
C:\WINDOWS\system32\zfexle.dll
C:\WINDOWS\system32\welyri.dll
C:\WINDOWS\system32\googlons.dll
C:\WINDOWS\system32\myusemt.dll
C:\WINDOWS\system32\2245GEZ6.dll
C:\WINDOWS\system32\tg0157b.ini
C:\WINDOWS\system32\tg0157a.ini
C:\WINDOWS\system32\2245JEZE.dll
C:\WINDOWS\tg0157c.ini

Folder::
C:\qoobox
C:\0000C44A
C:\00006021
C:\0000E455
C:\0000D4F3
C:\00006040
C:\000060CD
C:\00005FF2
C:\00005F08
C:\00005D91
C:\0000614A
C:\00005FC3
C:\00005E0E
C:\00006002
C:\0000607F
C:\000062FF
C:\00005F46
C:\00005D33
C:\0000DBE8
C:\00005D81
C:\0000613A
C:\0000F79E
C:\000061C7
C:\00005A55
C:\00005C87
C:\0000D30F
C:\00006801
C:\000083E5
C:\00007520
C:\00007927
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

====================================================



Attach the combofix log
the windelf.txt log
and a new hijackthis log
 
I did what you told my Blind Dragron, but I dont know if I did the win32delfkiller property because it did not create a file named win32delf. When i ran it it just did the file searching

Here are my logs
 
There is a lot of chinese files on here

Its funny though once you start ripping these infections apart sometimes more of them show up - we definitly put a dent in it. You need to install an anti-virus and firewall - I will make a suggestion with links after combofix instructions - update and full scan with Avira preferably


Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\knx32.exe
C:\WINDOWS\system32\Drivers\msiffei.sys
C:\WINDOWS\system32\360mon.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\zgtwfx.dll
C:\WINDOWS\system32\offscrl.dll
C:\WINDOWS\system32\therbrek.dll
C:\WINDOWS\system32\keyiftp.dll
C:\WINDOWS\system32\BeepEx.sys
C:\WINDOWS\system32\baccops.dll
C:\WINDOWS\system32\xpstong.dll

Folder::
C:\0000689D
C:\00006AFE
C:\000064E4
C:\0000663B
C:\00006A62
C:\0000667A
C:\00006522
C:\000065ED
C:\0000668A
C:\00006958
C:\000062B1
C:\00005EC9
C:\000066D8
C:\00007A12
C:\00006B9A
C:\0000612B
C:\000063AB
C:\00005F94
C:\00005E8B
C:\00006476
C:\0000DDEC
C:\00005D71

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"kcodn"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{006CA8A1-61BC-4774-A54C-F49034270BAD}"=-
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"=-
"{AEB6717E-7E19-21d2-97EE-00C04FD91972}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xy3safe]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7fa2a46-d8b1-11db-9691-00a0d148938a}]
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

========================================================

Firewalls
Here are some firewalls which are free for personal use and most commonly used:
Comodo <-Vista Compatible
Zonealarm <-Vista Compatible

Anti-Virus
Avast Free
Avira Free <- My recommendation


Post the Combofix log and let us now what the Anti-virus finds
 
I never thought that svchost was a virus, i've always seen it in my task manger
Click to expand...


svchost.exe is not a virus. It is a windows executable that is used to run .dll files associated with various programs or services. The file that turned up in your log files svchost.xy3 is a trojan . it disguised itself as the windows executable (.exe) file. Follow the instruction being given and you should be fine.
 
Oh haha thank you TWorld for explaming it to me

yea thoes chinese files I think I was doing something I shouldnt have with this game, cus my cousin told me not to do it... haha

Well I do have anit virus and a fire wall (TELUS Security service)
and I thought its been pretty good
 

Attachments

  • ComboFix.txt
    20.2 KB · Views: 6
  • hijackthis.log
    13 KB · Views: 5
ok when i installed antvir and updated it started to detact all these malwares and i use to option to detele them all.

but when i tried to scan my system it gave me:

C:\0000665B\1130640
TR/Dropper.Gen

and it froze, so i had to end task for it.

Sorry for the late reply been a bit busy
 
Make sure you have installed a firewall as well - as this thing may be trying to download additional malware. We are getting it off in pieces - lets try something a little more powerful. After you run this and it reboots combofix should automatically run - don't touch anything just let it go and attach both logs for me after

==========================================================

Avenger by Swandog

  • Download Avenger by Swandog and unzip it to your Desktop.

    Note: This program must be run from an account with Administrator priviledges.

  • Open the Avenger folder and double click Avenger.exe to launch the programme.
  • Copy the text in the code box below and Paste it into the Input script here: box.
Code: 
Drivers to delete:
msiffei

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | myusemt.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | wcnonpe.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | woswelc.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | baccops.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | aliens.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\appinit_dlls | rmbsony.dll

Files to delete:
C:\WINDOWS\system32\dearnts.dll
C:\WINDOWS\system32\hourpx2.dll
C:\WINDOWS\system32\jolinos.dll
C:\WINDOWS\system32\rmbsony.dll
C:\WINDOWS\system32\myusemt.dll
C:\WINDOWS\system32\aliens.dll
C:\WINDOWS\system32\360mon.dll
C:\WINDOWS\system32\zgtwfx.dll
C:\WINDOWS\system32\mttwfh.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\kgfghd.dll
C:\WINDOWS\system32\wklsdd.dll
C:\WINDOWS\system32\tdffdl.dll
C:\WINDOWS\system32\zefdst.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\zycdex.dll
C:\WINDOWS\system32\cedafb.dll

Folders to delete:
C:\[u]0[/u]0006B7B

Registry keys to delete:
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{006CA8A1-61BC-4774-A54C-F49034270BAD}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{AEB6717E-7E19-21d2-97EE-00C04FD91972}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{021F087F-4378-545F-74FA-37D345AD7A8C}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{C0595A7E-2E2F-4B34-A83A-019270A0A464}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{28EB3777-3E23-4E72-8449-A992D09D24C3}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\{84143967-B645-4BFF-B873-DA1DC886E9A7}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xy3safe

Programs to launch on reboot:
C:\Documents and Settings\Billy\Desktop\ComboFix.exe

  • Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Attach the log back here please. (it can also be found at C:\avenger.txt)

=================================================

Show me C:\Avenger.txt
Show me C:\combofix.txt
 
Status
Not open for further replies.

Similar threads

Scorpus
Nvidia app launches in beta: Nvidia's new GPU control panel is much faster, no log in...
2
Replies
28
Views
611
RaXelliX
R
AlphaX
Microsoft is thinking about letting users force-close apps from the Windows 11 taskbar
Replies
1
Views
484
Blqckout
Blqckout
midian182
User-activated bug in Windows File Explorer unintentionally boosts performance
Replies
6
Views
433
Ben Myers
Ben Myers

Latest posts

Back