Cannot open regedit, task manager, among others....

[The Lost Chord]

Hi! I am having a huge problem with a brand new computer that has been running perfectly well. It is a Dell XPS and is about 4 months old.

The OS is Windows XP. My friends came over and supposedly download dell drivers to a flash drive to bring to my other friends laptop. My computer is now choc full of problems.

I can run various applications, but everything is slower. I managed to view Task Manager twice at random times, but it otherwise never opens, along with: Every application in "Control Panel", System Restore, Regedit, right clicking "properties" on the desktop or on My Computer in the start menu...I have not even tried others because it seems obvious they will not work.

I cannot open versions of applications I already had downloaded, but can run any newly downloaded apps like Ad Aware and Hijackthis. The old versions do not open at all just like everything else.

When I did view Task Manager, it showed I was running almost 20 extra processes then I had before my friends tampered with the PC. I have run Hijackthis and their analyzing showed no problems whatsoever.

Booting in safe mode mirrors all of these things and is not helpful in any way.

Can anyone help me? I have not even heard of anything like this happening to anyone.

My AIM works fine, IE works fine, Windows Media Player and my full 70 Gigs of music are all in tact. But almost everything else is not accessible and seems to have vanished.

Also, these icons have transformed to look pixelated and large like old Dell desktops. From the crisp XP versions, I now have these large icons and crappy pixelations on my desktop icons (not all of them, though) and the start menu icons.

 

[gavinseabrook]

ROFL! Thats why you dont let your friends surf the web on your lappy lol. Usually if your getting really infected, it is about time to reformat the lappy. Well.. I would. But you can always download yahoo toolbar w/ antispy (http://toolbar.yahoo.com) and the windows defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx. Run full scans on both. Wish you luck

 

[howard_hopkinso]

Hello and welcome to Techspot.

Let`s check to see if your system is infected with malware.

Go and read this thread HERE, then post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

 

[The Lost Chord]

Thanks guys, I will be honest and let you know I certainly know a good deal about fixing malware/virus problems and fixing PCs at that.

I have run all necessary malware/virus software. Ran Hijackthis, chacked all unknown exe files as well as using the online checker.

Everything is as ffresh as it was before this disaster. I just cannot open anything originally with Windows it seems...I can open Microsoft Word but NO games, applications, or anything involved with basic windows.

Anything that can be downloaded will work, but everything perviously here is not opening, including the aformentioned very important things like Task Manager and such.

 

[The Lost Chord]

I sadly canot open Notepad because it is also part of basic Windows...so I cant seem to get the hijackthis log in here! Any suggestions?

 

[gavinseabrook]

what about wordpad?

 

[howard_hopkinso]

I`d still like to see a HJT log.

You might also want to take a look at this thread HERE.

Regards Howard

 

[The Lost Chord]

Wordpad opens fine...but i still dont know how to get this Hijackthis log anywhere but Notepad...it wont open in Internet Explorer, and it cant be opened in word or wordpad.

Open with ---> choose programs also does not work, same exact reaction as everything else : A quick hourglass shot and then nothing.

 

[The Lost Chord]

http://www.hijackthis.de/index.php#anl

 

[howard_hopkinso]

If you can`t attach the notepad file of HJT, then can you copy and paste it into your next reply?

Regards Howard

 

[The Lost Chord]

Just copy the actual HJT log into this post.

I cannot, I cant open the log...I can only analyze it through the website, I cant open Notepad

 

[gavinseabrook]

wanna email me the log and i will post it for you? my addy is gavinseabrook2004@yahoo.com

 

[The Lost Chord]

Sent, I cant thank you enough!

View attachment 15352

attempt at attaching log

My mistake, sorry I didn't know about the edit button !

Did you recieve the Log OK??

 

[howard_hopkinso]

That`s great.

I have moved your thread to our Security and the Web forum.

Your system is infected with a variety of nasties. Start by doing the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager

Close control panel

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Windows System Helper
Viewpoint Manager Service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there). If you can.

WindowsHelp.exe
Ir32_b.exe
SystemHelp.EXE
ViewMgr.exe
UpdReg.EXE
ViewpointService.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [SystemMgr] C:\WINDOWS\system32\Ir32_b.exe

O23 - Service: Windows System Helper - Unknown owner - C:\WINDOWS\system32\WindowsHelp.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\WindowsHelp.exe
C:\WINDOWS\system32\Ir32_b.exe
C:\WINDOWS\SystemHelp.EXE
C:\WINDOWS\UpdReg.EXE
C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let us know how your system is running.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[gavinseabrook]

There you go.

Thanks gavinseabrook: As you can see, The Lost Chord managed to attach his HJT log.

 

[The Lost Chord]

Howard, I appreciate this GREATly, but I cannot perform many of those tasks...I cannot access the Add or Remove Programs feature let alone any application in Control Panel. I also cannot access Task Manager.

 

[howard_hopkinso]

That`s ok, just do as much as you can.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[The Lost Chord]

thanks so much, I am heading into it right after this post, I will be back shortly!

 

[howard_hopkinso]

No worries mate.

Once you`ve done what you can, instead of posting a fresh HJT log, go HERE and follow as many of the instructions as you can.

Post the requested log files when you`re done.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[The Lost Chord]

I have done it all...I came on and I recieved an "Update Manager Control panal" popped up from installshield...seems friendly but has never happened before at start up.

The same problems persist with not being able to open most programs. the computer moves sleightly faster.

I recieve errors time to time as well now, exe errors. A new one has just popped up as I type this. isuspm.exe has encountered a problem and needs to close....yada yada. "Don't Send" and im done.

I will post a new log right now!

I have ran the online virus scan, as well as AVG software full system scan.

View attachment 15354

 

[howard_hopkinso]

That`s looking much better.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there). If you can.

isuspe .exe
qttase .exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspe .exe" -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttase .exe" -atboottime

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\InstallShield\UpdateService\isuspe .exe

Reboot into normal mode and rehide your protected OS files.

Now, go HERE and follow as many of the instructions as you can.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[The Lost Chord]

Ok going right now...

View attachment 15357Well, Hijackthis does not open now and performs the same exact way as all of the other "non-opening" programs. Extremely strange

But i did manage to delet that exe and have had no error.

I am re-installing it to a new directory and changing the name to Analyze.exe

View attachment 15357

 

[howard_hopkinso]

The O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspe .exe" -startup entry is still there in your HJT log.

I need to see an AVG Antispyware log and a Combofix log. I also need the results of an AVG Antirootkit scan.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[The Lost Chord]

Hijackthis will not work in safe mode, but it works in regular now...i deleted those two in regular mode.

The problems still persist...any idea why I cant open the basic programs?

 

[howard_hopkinso]

Your system is infected with something real nasty, which may have damaged your OS files.

That`s why I need you to follow the instructions in this thread HERE. Then post all the log files requested.

The only alternative, is to backup your important data and reformat and reinstall from scratch.

Regards Howard

This thread is for the use of The Lost Chord only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.