Advertisement

09.13.2007 at 07:10AM PDT, ID: 22826187
[x]
Attachment Details

Many many problems - Can't run ComboFix.exe, SDFix.exe, Cmd.exe or Regedit

Asked by JatinHemant in HijackThis Software, Networking Security Vulnerabilities, Windows XP Operating System

Tags: Microsoft, XP, Professional Service Pack 2, NoooH...Please Try to Open - TaskManager - now

Hi friends !

I have many problems in my computer. Please look at the problems&

(1) When I start the computer, it gives the following message&

NoooH&
Please Try to Open  TaskManager  now

(2) Run--->regedit doesnt open regedit.exe, I receive cmd prompt just for a second then it disappears.

(3)Regedit.exe file is there in C:\WINDOWS. When I try to run this file from this location, I receive cmd prompt just for a second then it disappears.

(4) Run--->Regedit32.exe gives the following error&

Windows cannot find regedit32.exe. Make sure you typed the name correctly and try again&

(5) When I try to open run the file Regedit32.exe from C:\WINDOWS\system32 location, I receive cmd prompt just for a second then it disappears.

(6) Run---->cmd doesnt open Command Prompt. I receive cmd prompt just for a second then it disappears.

(7) When I try to run the file from C:\WINDOWS\system32 location. It gives the same result. BUT& when I copy this file to desktop and run it, I can see cmd prompt and it remains there, it doesnt disappear.

(8) When I press Ctrl + Alt + Del, I cant receive Task Manager. It just comes for less than one second and disappears.

(9) When I open My Computer--->Tools and click on Folder Options, it also comes for less than one second and disappear so I can not change the settings through Folder Options

(10) Generally the computer works normally. BUT&any time it stops responding. The mouse moves normally. The keyboard is detected but When I click on any program it doesnt work. I find the APPLICATION ERROR&

(11) When the above APPLICATION ERROR comes, I cant shut down or restart the computer. When I click on Start--->Turn Off Computer, Only two options come either to log off or switch off. I cant hibernate it nor standby. Then I forcefully shut it down by pressing the power button. (When I restart it again it works normally)

(12) ComboFix.exe cant be run either in normal or safe mode.

(13) SDFix cant be run either in normal or safe mode.

I have not installed any antivirus software. I am going to install and update Kaspersky and then I will scan the pc. I am quite sure this is the problem of a dangerous threat.

NOTE: IN SAFE MODE, I CAN RUN BOTH CMD.EXE REGEDIT.EXE . FOLDER OPTIONS ALSO WORK THERE AND I CAN USE CTRL + ALT + DEL TO GET TASKMANAGER.

BUT SDFixs RunThis.bat FILE IS NOT RUNNING IN SAFE MODE

Before posting the HijackThis log&

(1) I have cleaned up the pc with CCleaner and now it is free from cookies, Temporary Internet files, Temporary files and unused log files.

(2) I have run Spybot  Search & Destroy. It didnt give me any error. It gave me congratulation that no problem is found.

(3) Then I tried to run SDFix and Combofix in normal as well as in safe mode but it couldnt be run. It executes and disappers just in one second.

(4) I run HijackThis and created the logs. This is the HijackThis log file...

HijackThis Log:

 Logfile of HijackThis v1.99.1
Scan saved at 3:53:19 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\MAKTray.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\Web\Sys.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\WINDOWS\MAKHKEY.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\ncscv32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Desktop\Cleaning-Fixing Tools\HijackThis\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.5.223:8080
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MAKTray] MAKTray.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NoooH] C:\Windows\Web\Sys.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [nvscv32] C:\WINDOWS\system32\drivers\ncscv32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

I will also send the Kaspersky log file soon.

Please see what may be the problem.

Thanking you.

Regards,

Hemant
 

Start Free Trial
[+][-]09.13.2007 at 07:12AM PDT, ID: 19883797

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]09.13.2007 at 07:27AM PDT, ID: 19883917

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]09.13.2007 at 07:49AM PDT, ID: 19884143

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: HijackThis Software, Networking Security Vulnerabilities, Windows XP Operating System
Tags: Microsoft, XP, Professional Service Pack 2, NoooH...Please Try to Open - TaskManager - now
Sign Up Now!
Solution Provided By: rpggamergirl
Participating Experts: 3
Solution Grade: A
 
 
[+][-]09.14.2007 at 12:03AM PDT, ID: 19889474

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.14.2007 at 04:11AM PDT, ID: 19890389

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]09.14.2007 at 06:06AM PDT, ID: 19891036

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.14.2007 at 07:02AM PDT, ID: 19891531

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628