TechSpot

Taskmgr and Regedit won't run

By Gluzko
Jun 10, 2008
Topic Status:
Not open for further replies.
  1. Please see log in attached

    I ran Avast and Trend Micro and weeded out the virus that it found..
    Ran SuperAntiSpyware and Spybot and weeded the malware they found also...

    Despite all of this im still unable to open my regedit and taskmgr, I am able to run gpedit and msconfig...

    This happened after when avast informed me continuously about a virus I had (Win32 : onlinegames -dqp) [trj]), I aborted connection to down the virus many times but the warning still popped up... and thats when I tried to run taskmgr and found out that it wouldn't run at all...

    Thanks in advance
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Download RatsCheddar

    It contains a program written by Rathat, and it is a Policy Controller.
    Save and extract this program to the desktop.
    Once extracted, click on the RatsCheddar.exe file.
    Enable everything, then click Exit
    Reboot your Computer.

    Um I didn't check the HJT Log
  3. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Thanks, did what you said but I still cant open regedit and taskmgr :T
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Download and run CCleaner, to remove all your Temp files (there are a couple of strange ones)

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
  5. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Thanks for the help!

    I got regedit to run after the scans and cleaning, I still cant get taskmgr to run though.

    Attached is the new log from HJT and the log from Malwarebytes Anti-Malware.

    Once again thanks for your help!
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please note, I am not a expert in HJT Logs
    But when I see issues that I know to be bad, I'll help

    Turn Off System Restore
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check *Turn off System Restore*.
    • Click Apply, and then click OK.

    Please browse to, and delete the following:
    • C:\Documents and Settings\Peter\LOCAL Settings\Temp\bwgo00050213.exe
    • C:\WINDOWS\stup_tmp.#32,Ini
    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
    O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
    O4 - Startup: Reboot.exe
    O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

    Click the Fix checked button.
    A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

    Restart

    Test Task Manager

    If still not working, download and run this REG file.
    Once it has been merged to registry, Restart again

    Retest Task Manager.

    Reply back !
  7. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Still doesn't work :T

    Is there a chance that taskmgr is permanently damaged?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes

    Please run sfc /scannow

    Start-->Run-->sfc /scannow
  9. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Ran the test but nothing seem to have happened, should I try using the reg file again?

    Thanks for being so diligent!
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Manually update your Avast Antivirus (usually right click tray icon, search for updates)
    Do a full scan
    Does Avast still say a Virus is present?
  11. Gluzko

    Gluzko Newcomer, in training Topic Starter

    It did say one virus was present Win32:Trojan-gen {Other} I deleted that file afterwards. I will run another safe mode check to let you know the results again.
     
  12. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    kimsland if I may, I think this is malware related

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    -----------------------------------------------------

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  13. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Thanks for the help! ran combofix and managed to get my taskmgr back also.

    Attached is the fresh HJT log and the log from combofix, please let me know if there's anything irregular.

    Thanks again!
  14. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Next reply attach:
    C:\ComboFix-quarantined-files.txt
    C:\Combofix.txt
    Fresh HIjackthis


    --------------------------------

    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
  15. Gluzko

    Gluzko Newcomer, in training Topic Starter

    Attached is the ComboFix log (log.txt) after running the script that you told me to run and the fresh HJT log after running the script.

    Thanks again :D
  16. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    is regedit working now?

    Have hijackthis fix the following entries - check them - close all browsers and select fix checked:
    O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL (file missing)



    Let's go ahead and see an online scan.
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  17. Gluzko

    Gluzko Newcomer, in training Topic Starter

    regedit and taskmgr is working now :) thanks much for the help.

    Attached is the online scan report. Again please let me know if you find any irregularities.
  18. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Go to add/remove programs and uninstall
    mIRC

    Then navigate to and delete the following folder:
    C:\Program Files\mIRC
    ----------------------------------------------------------------------------

    Afterwards attach 1 more Hijackthis log, we can tidy up a bit then remove the programs we used and secure the work you have done.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.