Task Manager and Regedit go poof

Many thanks for a great site with excellent tools. I have gone through your step-by-step cleanup process and have eliminated most of the electronic vermin on my XP machine. Popups and browser weirdness have subsided but the Task Manager and Regedit will not stay open when invoked. It appears that something is still squatting in there on my magnetic turf. Here is a run down so far:

1. Tried to update with SP2 today but the process halted in mid update and gave an error message saying "access denied." I assume this hijacker prevented the update or the Windows update site was malfunctioning.

2. With system restore off and in safe mode with networking I ran the following: Trend Micro's online virus scan, Panda's online virus scan, CA's Etrust online virus scan. Ran and repaired or deleted until they came back clean.

3. With system restore off and in safe mode without networking I ran the following fully updated tools: CCleaner, Ad-Aware with VX2 plug-in, Spybot S&D, CWShredder, about:Buster, and Kazaa Spyware Removal. This flushed out all form of vermin such as Purity Scan, Xabot, Wild Tangent, Coolwebsearch, Trojan.chost, etc. It was like a cockroach 3a.m. buffet on a dirty kitchen floor. These things were everywhere, but I continued to scan and repair until the tools came back clean. Many of the things that were found did not have the registry entries etc. that the removal instructions at Symantec indicated.

4. I then went through by hand and tracked down every process I could find in either the add/remove programs list or the registry to sniff out all of the exe files to see from whence they came. In safe mode I squashed such bugs as midADdle, TV Media, View Manager, and Keen Value.

5. I had installed Zone Alarm earlier and this helped find the little roaches as they tried to scurry back to the Internet for more food.

6. All seemed well as far as previous funkiness but the Task Manager and Regedit are still being controlled. These two items are the only noticeable problems. It seems I have even killed the popups.

7. In desperation I installed and ran HJT, but I have not attached the log per posted instructions. I used the log to delete some remnants of Wild Tangent and AOL but this has not fixed it. I also canned Kazaa and P2P Networking. I see some additional exe files but have not been able to determine if they are malicious. The list includes: cisvc, hkcmd, bcmsmmsg, cfd, pnrutil, wuauclt, etc.

This reinforces why I hate AOL. This machine belongs to a friend and I am attempting to get her back on the right track with mended computing ways. Please offer up any suggestions. I am all ears, and will post the HJT log pronto.

Many thanks in advance,

totally BlueMoon

 

If I have posted this in the wrong section or if anyone knows of other boards I should go to for help please let me know. I don't know if I am in the wrong place or if the problem is that complicated.

Thanks,

BlueMoon

 

Yes, I failed to mention that I am running full blown McAfee resident on the machine and it found nothing. The Trend Micro, Panda, and CA's ETrust are online and also came back clean. I will run the tools you listed and report back when I return to the machine in the morning. Thanks very much.

BlueMoon

 

Will do. Many thanks, and I will post up tomorrow morning after I complete those steps.

 

Success!!!!!!! McAfee's Stinger found the W32.Sdbot worm in a leftover AOL exe file in the windows\system32 folder. This worm had a ".gen.i" extension on it which I have not seen before. I guess the scumbags are always creating new versions. Stinger launched its missile, destroyed the vermin, and now the Task Manager and Regedit open and stay open with no mysterious closure. Many many thanks to you. You have helped me tremendously.

Blue Moon