Unable to open Regedit Msconfig anc Ctrl Alt Del.
- Thread starter pauljt
- Start date
- Status
Your pc is definately infected, you need to follow the instructions below very carefully.
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.
Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, Combofix, Panda Antirootkit, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.
Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, Combofix, Panda Antirootkit, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Renaming is isnt much good without providing a new log with it renamed.
What do you mean combofix wouldnt open exactly. You are using windows xp sp2 so it should work perfectly well. The combofix log is also the most important log of them all too.
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
What do you mean combofix wouldnt open exactly. You are using windows xp sp2 so it should work perfectly well. The combofix log is also the most important log of them all too.
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key(if you can).
Click on the processes tab and end process for(if there).
dllhost.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: XBTB09580 Class - {213C7491-5A0D-4b99-8B6B-1498B14B398F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: &Search - ?p=ZU
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: vtstr - C:\WINDOWS\
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\windows\system32\vtstr.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard :wave: :wave:
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key(if you can).
Click on the processes tab and end process for(if there).
dllhost.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: XBTB09580 Class - {213C7491-5A0D-4b99-8B6B-1498B14B398F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: &Search - ?p=ZU
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: vtstr - C:\WINDOWS\
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\windows\system32\vtstr.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard :wave: :wave:
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Cont.
Sorry for the delay have been away on holiday.
Had to do a complete re-install of windows as comp crashed completly and couldn't open up even in safe mode.
I managed to retrieve all my usual settings and programs and followed you instructions.
Everything is working fine now, but have enclosed another HJ report incase there's something i've missed.
Thank you for your time
Paul
Sorry for the delay have been away on holiday.
Had to do a complete re-install of windows as comp crashed completly and couldn't open up even in safe mode.
I managed to retrieve all my usual settings and programs and followed you instructions.
Everything is working fine now, but have enclosed another HJ report incase there's something i've missed.
Thank you for your time
Paul
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
Sorry you had to reformat your system.
Hope you had a good holiday.
Regards Howard
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Sorry you had to reformat your system.
Hope you had a good holiday.
Regards Howard
This thread is for the use of pauljt only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Lenovo and Micron are first to announce a laptop using LPCAMM2 memory- Shawn Knight replied
