Taskmgr and Regedit won't run

[Gluzko]

Please see log in attached

I ran Avast and Trend Micro and weeded out the virus that it found..
Ran SuperAntiSpyware and Spybot and weeded the malware they found also...

Despite all of this im still unable to open my regedit and taskmgr, I am able to run gpedit and msconfig...

This happened after when avast informed me continuously about a virus I had (Win32 : onlinegames -dqp) [trj]), I aborted connection to down the virus many times but the warning still popped up... and thats when I tried to run taskmgr and found out that it wouldn't run at all...

Thanks in advance

 

[kimsland]

Download RatsCheddar

It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

Um I didn't check the HJT Log

 

[Gluzko]

Thanks, did what you said but I still cant open regedit and taskmgr :T

 

[kimsland]

Download and run CCleaner, to remove all your Temp files (there are a couple of strange ones)

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.

 

[Gluzko]

Thanks for the help!

I got regedit to run after the scans and cleaning, I still cant get taskmgr to run though.

Attached is the new log from HJT and the log from Malwarebytes Anti-Malware.

Once again thanks for your help!

 

[kimsland]

Please note, I am not a expert in HJT Logs
But when I see issues that I know to be bad, I'll help

Turn Off System Restore

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check *Turn off System Restore*.
• Click Apply, and then click OK.

Please browse to, and delete the following:

• C:\Documents and Settings\Peter\LOCAL Settings\Temp\bwgo00050213.exe
• C:\WINDOWS\stup_tmp.#32,Ini

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - Startup: Reboot.exe
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
Click the Fix checked button.
A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

Restart

Test Task Manager

If still not working, download and run this REG file.
Once it has been merged to registry, Restart again

Retest Task Manager.

Reply back !

 

[Gluzko]

Still doesn't work :T

Is there a chance that taskmgr is permanently damaged?

 

[kimsland]

Yes

Please run sfc /scannow

Start-->Run-->sfc /scannow

 

[Gluzko]

Ran the test but nothing seem to have happened, should I try using the reg file again?

Thanks for being so diligent!

 

[kimsland]

Manually update your Avast Antivirus (usually right click tray icon, search for updates)
Do a full scan
Does Avast still say a Virus is present?

 

[Gluzko]

It did say one virus was present Win32:Trojan-gen {Other} I deleted that file afterwards. I will run another safe mode check to let you know the results again.

 

[Blind Dragon]

kimsland if I may, I think this is malware related

Disable Teatimer

• Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
• Open Spybot S&D
• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

-----------------------------------------------------

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[Gluzko]

Thanks for the help! ran combofix and managed to get my taskmgr back also.

Attached is the fresh HJT log and the log from combofix, please let me know if there's anything irregular.

Thanks again!

 

[Blind Dragon]

Next reply attach:
C:\ComboFix-quarantined-files.txt
C:\Combofix.txt
Fresh HIjackthis

--------------------------------

Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

File::
C:\WINDOWS\system32\x264vfw.dll
C:\WINDOWS\system32\huffyuv.dll
C:\WINDOWS\system32\bwqkcx.exe
C:\WINDOWS\system32\smmkcx.exe
C:\WINDOWS\system32\wqkdav.exe

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bwqkcx]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\smmkcx]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wqkdav]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"=-
"VIDC.HFYU"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

 

[Gluzko]

Attached is the ComboFix log (log.txt) after running the script that you told me to run and the fresh HJT log after running the script.

Thanks again

 

[Blind Dragon]

is regedit working now?

Have hijackthis fix the following entries - check them - close all browsers and select fix checked:
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing)


Let's go ahead and see an online scan.
Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[Gluzko]

regedit and taskmgr is working now thanks much for the help.

Attached is the online scan report. Again please let me know if you find any irregularities.

 

[Blind Dragon]

Go to add/remove programs and uninstall
mIRC

Then navigate to and delete the following folder:
C:\Program Files\mIRC
----------------------------------------------------------------------------

Afterwards attach 1 more Hijackthis log, we can tidy up a bit then remove the programs we used and secure the work you have done.