Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installations and Programs Don't Function Properly


  • This topic is locked This topic is locked
2 replies to this topic

#1 homg

homg

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 23 December 2011 - 03:56 AM

I first realized that something was wrong when my browsers kept crashing. I tried both firefox and chrome and they had the same problem, so I uninstalled them and now I can't re-install them as I usually get errors. Also, I had to rename malwarebytes to get it working, but it didn't detect anything. Spybot also gave me a warning that it's files were modified when I tried to install it. Additionally, my startup task manager does not see anything out of the ordinary. I must admit that I used combofix on my own. I know I shouldn't but it usually fixes most of my computer problems. It was weird this time because I kept on getting "Application Corrupt" messages and it ended up deleting unwise.exe and some .tmp files. Thank you for reading this. Somehow I got got Opera to install, but every know and then it crashes. Unfortunately I can't get a GMER log because I end up getting the blue screen mid-scan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Administrator at 0:21:39 on 2011-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1298 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mMouHk.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\stuff\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\stuff\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.890\SystemExplorer.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E06AXLRD_4326718] "c:\program files\microsoft encarta\encarta premium dvd 2006\EDICT.EXE" -m
uRun: [SystemExplorerAutoStart] "c:\docume~1\admini~1\locals~1\temp\rar$ex00.890\SystemExplorer.exe" /TRAY
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [<NO NAME>]
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [zMouHk] mMouHk.exe
mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\stuff\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [<NO NAME>]
dRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: kuaiche.com\software
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{A4B6BAE5-7BDF-42D0-82B7-30B9E90E503A} : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{F53AF949-7FBE-46BF-9930-B1B1287A19E6} : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\stuff\mbamservice.exe [2011-12-22 366152]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2010-8-2 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2010-8-2 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-22 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-10 135664]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-25 256000]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-10 135664]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2010-8-2 14848]
.
=============== Created Last 30 ================
.
2011-12-23 08:09:26 549888 ----a-w- c:\windows\system32\OLD53.tmp
2011-12-23 08:06:26 -------- d-----w- c:\program files\CCleaner
2011-12-23 07:39:56 -------- d-----w- C:\ComboFix
2011-12-23 07:19:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-23 07:19:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-23 07:14:49 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-12-23 07:14:48 -------- d-----w- c:\program files\TrendMicro
2011-12-23 07:08:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2011-12-23 05:51:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-12-23 05:50:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-23 05:50:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 05:50:49 -------- d-----w- c:\program files\stuff
2011-12-23 05:36:19 66896 ----a-w- C:\mbam-clean.exe
2011-12-23 03:50:07 98816 ----a-w- c:\windows\sed.exe
2011-12-23 03:50:07 518144 ----a-w- c:\windows\SWREG.exe
2011-12-23 03:50:07 256000 ----a-w- c:\windows\PEV.exe
2011-12-23 03:50:07 208896 ----a-w- c:\windows\MBR.exe
2011-12-23 01:05:26 -------- d-----w- c:\program files\New Folder
2011-12-22 21:26:59 1409 ----a-w- c:\windows\QTFont.for
2011-12-19 00:23:05 -------- d-----w- c:\program files\MSECache
2011-12-17 21:34:30 -------- d-----w- c:\documents and settings\administrator\application data\WindSolutions
2011-12-17 21:34:29 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions
2011-12-17 21:03:44 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2011-12-17 21:03:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-17 21:03:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-17 21:02:18 -------- d-----w- c:\program files\iPod
2011-12-17 21:02:12 -------- d-----w- c:\program files\iTunes
2011-12-17 21:02:12 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-17 21:01:56 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2011-12-17 21:01:48 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-12-17 21:01:48 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-12-17 20:47:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-17 20:47:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-17 20:47:35 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 0:21:55.51 ===============

Attached Files


Edited by Noviciate, 24 December 2011 - 03:13 PM.
Added DDS log from attachment


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:02 PM

Posted 24 December 2011 - 03:24 PM

Good evening. :)

I see two problems with your PC, and one is enough for me to come to a conclusion - you have no active anti-virus program installed, and so my recommendation is that you back-up any important files and then reformat and reinstall your operating system.

Without adequate security there is no real way to know what may have occurred on your system, legitimate files replaced or corrupted and system security settings lowered to make reinfection more likely in future, which leads me to think that attempting to repair the system isn't the best way forward.

Also, your Windows installation is now over three years old and that is the other issue that I have. Over time Windows naturally slows down as a result of installations/uninstallations and Windows updates and a fresh start is the only way to get the system back shiny new - I reinstall mine about every six months and I see a real difference.

If this was my PC that is what I would do and it is what I recommend that you do too.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:02 PM

Posted 31 December 2011 - 03:07 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users