Sign in with
Sign up | Sign in
Your question

Can't open programs & programs closing by themselves

Last response: in Windows XP
Share
February 19, 2010 9:04:53 PM

Hi,

I have a problem on my computer (WinXP SP3) with some programs that can't get launched or are closing by themselves 5 sec after being launched. I first thought of a virus so I scanned my computer with NOD32 (which is one of the softs I can run without troubles) but it didn't find anything suspicious. I then did a HijackThis scan and it also didn't find anything. I wanted to run Malwarebytes Antimalware (Mbam) but this one is one of the softs that close without notice after 5 sec.

Just to be sure, I booted on another physical hard drive which has Win7 RC installed and connected the other WinXP system as a slave. From this Win7 system I ran a NOD32 and a Mbam scan of the WinXP hard drive without luck. Nothing suspicious got detected.

I really don't know what to do now... I can run Chrome, Spybot, FileZilla, CCleaner, MS Office, Winamp and so on, but can't open VSRip, Mbam, or even Media Player Classic HC.

What do you think this could be ? I'm running out of ideas here so your help will be appreciated!
Thanks!
February 19, 2010 9:52:39 PM

Do they stay open in safe mode?

Is the change sudden?

Have you tried system restore?

Do you mind sharing the HJT logfile?

Sorry about all the questions.
February 19, 2010 11:40:10 PM

Hi, thanks for your reply!

I tried to open the softwares in safe mode but they either don't open (VSRip), disappear (Mbam) or crash (DVDShrink) just like in normal mode.

I didn't try system restore as I deactivated it, so if I can't find a solution, I'll be good for a new reinstall. (I was already planning to do so, even before having this problem)

The change was sudden. It seems to me that the problem occured right after I visited a malicious website. The funny thing is that this malicious website is MY personal website. I wanted to visit my website and then got a warning message from Chrome saying the website I was about to visit contained some malicious connections with some "connectabilities(.)com" website or something. I was surprised as it's a very basic html website with no link to this whatever other malicious website. So I ignored Chrome warning and displayed the page. Blank page. I connected to my FTP to download my index.html file in order to see what's in there. I found some php script, which was odd since I don't know anything about php. Anyway, I deleted this file. I then noticed this corrupted behavior with some (not all) programs. And here I am.


Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:02, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\MAFWDITray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=2432...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWDITray.exe
O4 - HKLM\..\Run: [MAFWDITaskbarApp] C:\WINDOWS\system32\MAFWdiTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4832 bytes
February 20, 2010 10:31:26 AM

:bounce: 
!