TechSpot

Virus - Cant open TM, Regedit etc...

By Sacrifice1
Jun 27, 2006
  1. Hi All. First of all the OS is WinXP.
    I am going nuts with this. I will try and keep it brief. I can not open Task Manager, Regedit, anything that has to do with virus scan, adware among others. I also can not search anything that seems to be connected to virus scans, spyware etc on the internet. The internet shutsdown and the shutdown windows flashs for about 1 or so minutes. If I click on the virus scan it does the same thing.

    I can boot into safe mode and everything works. I scaned with adware, spybot and the Trend online scan. I did a virus scan, updated windows to no avail. I also ran cwshredder. everything came up fine. Still have the problems when not in Safe mode.

    I can not run Security Task Manager, it just shuts down. Any Ideas ???


    Sac....
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow as many of the instructions as you can.

    Then, post a fresh HJT log as a .txt attachment into this thread.

    Regards Howard :wave: :wave:

    P.s I have removed your HJT log because it wasn`t posted as a .txt attachment.

    I can tell you have several infections. Please follow the above instructions.
     
  3. Sacrifice1

    Sacrifice1 TS Rookie Topic Starter

    Thanks for reply howard_hopkinso.
    HJT file is posted above, had to reboot into safe mode to get it up there (LOL). I think I did alot of those directions but I will verify and post back. I will also post the HJT file as a text attachment after I verify what I did and did not do.

    Thanks
    Sac...
     
  4. Sacrifice1

    Sacrifice1 TS Rookie Topic Starter

    No problem, I understand.
     
  5. Sacrifice1

    Sacrifice1 TS Rookie Topic Starter

    O.K. I did all the instructions that I missed and re-did HJT. See attached for the new HJT file.

    Please advise..

    Sac....
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Partypoker


    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    mb2np

    close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    xmfhda.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [mb2np] xmfhda.exe

    O4 - HKLM\..\RunServices: [mb2np] xmfhda.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    Fix all 016-DPF entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\PartyPoker
    xmfhda.exe<You will need to search your computer for this file. Delete all instances found.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  7. Sacrifice1

    Sacrifice1 TS Rookie Topic Starter

    Did everything and its looking pretty good. I can access everything now. I am going to proceed to virus scan, do a adware scan and other maintenance and see what happens. Not sure if anything else is corrupted yet. I did find the PartyPoker and xmfhda keys in the reg which I removed.

    Attached is the updated log for HJT, could you please take a look and see if anything else looks wierd.

    BTW,
    I turned on "system restore" after I did the HJT again, is that O.K.? It was out of the sequence you told me.

    Thanks,
    Sac.....
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done. Your HJT log is now clean.

    Turning on system restore when you did is ok.

    Regards Howard :)
     
  9. Sacrifice1

    Sacrifice1 TS Rookie Topic Starter

    howard_hopkinso,
    Thanks for all the help! I really appreciate it!
    Everything is running smooth now. I'm really glad I ran into this site, I will be back on a regular bassis.

    Keep up the good work all.

    Thanks again,
    Sac....
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...