Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer only runs in safe mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 tolleym

tolleym

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 December 2009 - 10:11 AM

hi

i posted this original in xp forum but was asked to post a hijack this log here

so all the information is in one place , the original post read

Hi every one

I am stuck and now getting no where

A week ago I got a virus called Anti Virus pro

Managed to get rid of this using Malwarebytes and also run registry cleaning tool (Eusing) and between the two of them this seemed to do the trick

Then my pc started crashing when I log on as normal it was just outlook and ie8 that would freeze (I have office 2003 and Ie8 installed with xp sp3)

i uninstalled ie8 and went back to ie7 but when I start it up it would just flash up then quit if I do this a couple of time it then seems to open

however outlook keeps freezing

so

as an experiment, I created a new user account to try this out and when ever I try and run any office programs (outlook, word, excel etc) the windows installer starts (as if it was a new user install) I would expect this first time but it starts every time I use one of the ms office applications

I went back to my original user log in and all the ms office app (other than outlook and internet explore work and run fine)

So logged on in safe mode (f8 with networking) and everything runs just fine if I log on as my existing user but if I log on in safe mode as my new user account , all the ms office application still try to start windows installer every time all then finally load the application except outlook with says install failed

So that the story happy to forget about the new user account and focus on my main user account

So the issue is

Outlook and ie 7 will not run or freeze on usage unless I log in via windows safe mode (f8) and then they run fine

Happy to post more info or hijack this log but wanted some advice around what people here may want me to post first


the hijackthis log below

i booted the pc into normal started up to get the log but then had to reboot to safe mode to use explorer



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:29, on 15/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSstsystra.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:Program FilesMicrosoft HardwareMousepoint32.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMicrosoft HardwareKeyboardtype32.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1MICROS~4wcescomm.exe
C:Documents and SettingsMarkLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:PROGRA~1MICROS~4rapimgr.exe
C:Program FilesAdobeAcrobat 7.0AcrobatAcrobat_sl.exe
C:Program FilesSageLicence ManagerSGRegSvr.exe
C:Program FilesStardockObjectDockObjectDock.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.orange.co.uk/iesearch/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061025
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/fee...D21205E6FD415B8
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesBAEBAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [IntelliType] "C:Program FilesMicrosoft HardwareKeyboardtype32.exe"
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:PROGRA~1MICROS~4wcescomm.exe"
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsMarkLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "c:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O4 - Global Startup: Sage Licence Manager.lnk = C:Program FilesSageLicence ManagerSGRegSvr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221738446312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe

--
End of file - 9375 bytes

hi again

also just noticed that when i go to

control panel - add or remove programs

when the list of installed programs comes up many of the programs do not have the option to change or remove

hi

still investigated this

when i check

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

many of the programs on my machine do not appear here even thought they are installed

Merged 3 posts. ~ OB

Edited by Orange Blossom, 17 December 2009 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:00 AM

Posted 26 December 2009 - 08:24 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:00 AM

Posted 01 January 2010 - 05:48 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users