Virus - Cant open TM, Regedit etc...

Status
Not open for further replies.

Sacrifice1

Posts: 6   +0
Hi All. First of all the OS is WinXP.
I am going nuts with this. I will try and keep it brief. I can not open Task Manager, Regedit, anything that has to do with virus scan, adware among others. I also can not search anything that seems to be connected to virus scans, spyware etc on the internet. The internet shutsdown and the shutdown windows flashs for about 1 or so minutes. If I click on the virus scan it does the same thing.

I can boot into safe mode and everything works. I scaned with adware, spybot and the Trend online scan. I did a virus scan, updated windows to no avail. I also ran cwshredder. everything came up fine. Still have the problems when not in Safe mode.

I can not run Security Task Manager, it just shuts down. Any Ideas ???


Sac....
 
Hello and welcome to Techspot.

Go HERE and follow as many of the instructions as you can.

Then, post a fresh HJT log as a .txt attachment into this thread.

Regards Howard :wave: :wave:

P.s I have removed your HJT log because it wasn`t posted as a .txt attachment.

I can tell you have several infections. Please follow the above instructions.
 
Thanks for reply howard_hopkinso.
HJT file is posted above, had to reboot into safe mode to get it up there (LOL). I think I did alot of those directions but I will verify and post back. I will also post the HJT file as a text attachment after I verify what I did and did not do.

Thanks
Sac...
 
howard_hopkinso said:
Hello and welcome to Techspot.

P.s I have removed your HJT log because it wasn`t posted as a .txt attachment.

I can tell you have several infections. Please follow the above instructions.

No problem, I understand.
 
howard_hopkinso said:
Hello and welcome to Techspot.

Go HERE and follow as many of the instructions as you can.

Then, post a fresh HJT log as a .txt attachment into this thread.

Regards Howard :wave: :wave:

P.s I have removed your HJT log because it wasn`t posted as a .txt attachment.

I can tell you have several infections. Please follow the above instructions.

O.K. I did all the instructions that I missed and re-did HJT. See attached for the new HJT file.

Please advise..

Sac....
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Partypoker


Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

mb2np

close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

xmfhda.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [mb2np] xmfhda.exe

O4 - HKLM\..\RunServices: [mb2np] xmfhda.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Fix all 016-DPF entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\PartyPoker
xmfhda.exe<You will need to search your computer for this file. Delete all instances found.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :)
 
howard_hopkinso said:
Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :)

Did everything and its looking pretty good. I can access everything now. I am going to proceed to virus scan, do a adware scan and other maintenance and see what happens. Not sure if anything else is corrupted yet. I did find the PartyPoker and xmfhda keys in the reg which I removed.

Attached is the updated log for HJT, could you please take a look and see if anything else looks wierd.

BTW,
I turned on "system restore" after I did the HJT again, is that O.K.? It was out of the sequence you told me.

Thanks,
Sac.....
 
howard_hopkinso,
Thanks for all the help! I really appreciate it!
Everything is running smooth now. I'm really glad I ran into this site, I will be back on a regular bassis.

Keep up the good work all.

Thanks again,
Sac....
 
Status
Not open for further replies.
Back