Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get any executable to run


  • Please log in to reply
No replies to this topic

#1 Scott Neslund

Scott Neslund

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 12 July 2012 - 02:10 PM

I am having some issues with a Remote Desktop Server running Windows Server 2003 SP2. We are running all thin clients and no one can open Google Chrome (just never opens) and when I open a program or folder it immediately goes minimized and I cannot restore to a window. I can only maximize the window. A number of other strange issues with IE and Firefox. I have scanned and cleaned with Malwarebytes but the issues still keep returning.

I tried running the DDS.scr program but Windows 2003 Server is not a supported OS.

The GMER logs are

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-11 07:14:46
Windows 5.2.3790 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\cpqcissm1Port2Path0Target4Lun0 HP______ rev.2.84
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\1\ufldypob.sys


---- System - GMER 1.0.15 ----

SSDT 8B009160 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF5C58350]
SSDT 8A9DDBD8 ZwQueryValueKey
SSDT 8AAF7448 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF5C58580]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xF52C06D0]

---- Kernel code sections - GMER 1.0.15 ----

? frunyc.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxParamW 773896A9 5 Bytes JMP 40CD54BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!CreateWindowExW 773923B8 5 Bytes JMP 40DADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxExW 7739EE4A 5 Bytes JMP 40EA4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxIndirectParamW 773A6296 5 Bytes JMP 40EA5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxExA 773C42AD 5 Bytes JMP 40EA4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxParamA 773CA0AF 5 Bytes JMP 40EA50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxIndirectParamA 773CA172 5 Bytes JMP 40EA517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxIndirectA 773D7D40 5 Bytes JMP 40EA5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxIndirectW 773D7E30 5 Bytes JMP 40EA4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] ole32.dll!OleLoadFromStream 776A0122 5 Bytes JMP 40EA547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!DialogBoxParamW 773896A9 5 Bytes JMP 40CD54BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!CreateWindowExW 773923B8 5 Bytes JMP 40DADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!MessageBoxExW 7739EE4A 5 Bytes JMP 40EA4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!DialogBoxIndirectParamW 773A6296 5 Bytes JMP 40EA5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!MessageBoxExA 773C42AD 5 Bytes JMP 40EA4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!DialogBoxParamA 773CA0AF 5 Bytes JMP 40EA50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!DialogBoxIndirectParamA 773CA172 5 Bytes JMP 40EA517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!MessageBoxIndirectA 773D7D40 5 Bytes JMP 40EA5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] USER32.dll!MessageBoxIndirectW 773D7E30 5 Bytes JMP 40EA4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5172] ole32.dll!OleLoadFromStream 776A0122 5 Bytes JMP 40EA547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5212] kernel32.dll!SetUnhandledExceptionFilter 77E82220 5 Bytes JMP 326054C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5212] ole32.dll!OleLoadFromStream 776A0122 5 Bytes JMP 330BD62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5736] kernel32.dll!SetUnhandledExceptionFilter 77E82220 5 Bytes JMP 326054C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5736] ole32.dll!OleLoadFromStream 776A0122 5 Bytes JMP 330BD62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability@LastAliveUptime 7231
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\3da21691-e39d-4da6-8a4b-b43877bcb1b7@FlushCacheFiles ??????????N?????????????????????????? ???????????????????^?????????????? ????????????????????????t????????????????????????????????ion?????????????N???????????????????????????.??(????????????????????????N???????????????????????????????????????????????????????N?????????????????????????????RAW?????0?<?3???????????????????? ???????????????????_?????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????_?????????????? ????????????????????????????S????????????????????????s?n?????????????????????????????????????????????????????????????????????N?????????????????????????????????????RAW?????????????? ???????????????????a?????????????? ?????????????.??C???????????????????????????????????????????????H???????????????????????????????????????????????????s????N??????????????????????????????????? ??????????????????????????????????????s??????????? ???????????????????a?????????????? ???????????????????????????????? ?????????

---- EOF - GMER 1.0.15 ----

Please advise.

Thanks

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users