1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot run Hijack this

Discussion in 'Virus & Other Malware Removal' started by GSRDPM, Sep 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. GSRDPM

    GSRDPM Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    69
    System info:

    Dell Dimension running Windows XP Home edition and Norton Systemworks 2003. It's my Dad's system and he has Alzheimer's disease and cannot recall "how his computer gets all messed up."

    He cannot open Norton Systemworks by pressing the Icon for it nor by using the start menu. He is not able to open Norton Antivirus or run the Live update either. He can run Norton Windoctor and Speed disk though. I notice that when I run his computer with my user account (administrator privleges) A dialog box opens up that asks. "You or a prgram have requested information from dark.naksha.org. Which connection do you want to use?" It gives me a choice of his dial up ISP. I alway cancel out but the dialog box keeps coming up so I have to keep ignoring it. Should I connect, his borwser will usually get hijacked to a site. (don't have the info as to the exact site as I am typing this from my computer).

    I have run adaware and spybot S&D. Adaware cleaned out some 7 entries and spybot gives me the three DSO exploits that I can never seem to permanently delete.

    Unfortunately, when I try to run Hijack This, the program loads and shows up on the screen for less than second before it disappears. I have downloaded a new copy of the program only to have it do the same thing when I try to run it. therfore, I cannot post a log here. :mad:

    Finally, if I try to press control- alt- delete and bring up the task manager, it will not work.

    Help...
     
  2. physician

    physician

    Joined:
    Jul 13, 2004
    Messages:
    1,421
    I had the same problem and it was tough to solve without reinstalling the OS. What I did was reboot and as soon as the OS was booted, I did a cntrl alt delete to get the task manager up. I then started clicking end process for all processes that I knew were not valid processes. The bug would close task manager as soon as it ran and I would reboot and start at the last process that I closed. Finally I got the process that was closing task manager. Then I started closing all the processes that I recognized that did not belong in the running processes. I was then able to download the tools I needed, and even better the computer started running fast again. After cleaning some 500 to 600 malware type programs from this computer, the lady then decided she wanted to go ahead and keep "that piece of junk" since it was running like new. I educated her about antispyware apps, antivirus and how to use the registry scanning devices like spywareguard and teatimer.

    Unfortunately, if you cant look at the running processes and tell which ones belong there, then you have a problem that only one of the most expert can help you with. Be patient and someone will help you...doc
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hi :)

    Download "ExeFix" from this link:
    www.kellys-korner-xp.com/regs_edits/exefix.reg
    Doubleclick it, and it will restore the default Windows file associations for executable files.
    That should enable you to Run HijackThis and post your log.

    ;)
     
  4. GSRDPM

    GSRDPM Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    69
    Whew!

    It took a couple of days to get back to my Dad's computer. I was able to download the exefix program, but had trouble running it. When I would try to run it, a dialog box would flash on the screen for a second or less and disappear. I would hit enter as fast as I could and I blieve I could see a response that the registry settings had been chnaged etc... or somethng like that. I tried to run Hijack This and the same problem occurred. Finally, I restared in safe mode and was able to run Hijack this and get the following log. (Incidently, I cannot run MSconfig, either, unless I am in safe mode)

    Thanks again.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:29:57 AM, on 9/26/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Joseph Pignetti\Backup Programs\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program Files\Outlook Express\msimn.exe"
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [Windows Media Player] taskmqr.exe
    O4 - HKLM\..\Run: [REFUSED] C:\installer.exe
    O4 - HKLM\..\Run: [REGISTRY] c:\activex.exe
    O4 - HKLM\..\Run: [GAMAME] C:\gam.exe
    O4 - HKLM\..\Run: [BAAAL] C:\unload.exe
    O4 - HKLM\..\RunServices: [Windows Media Player] taskmqr.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Micr Update] soundblaster.exe
    O4 - HKCU\..\Run: [SDKpackage] cmmgr.exe
    O4 - HKCU\..\Run: [Windows Media Player] taskmqr.exe
    O4 - HKCU\..\RunServices: [Windows Media Player] taskmqr.exe
    O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38123.529224537
     
  5. GSRDPM

    GSRDPM Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    69
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276792

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice