Can't open programs & programs closing by themselves

[PODxt]

Hi,

I have a problem on my computer (WinXP SP3) with some programs that can't get launched or are closing by themselves 5 sec after being launched. I first thought of a virus so I scanned my computer with NOD32 (which is one of the softs I can run without troubles) but it didn't find anything suspicious. I then did a HijackThis scan and it also didn't find anything. I wanted to run Malwarebytes Antimalware (Mbam) but this one is one of the softs that close without notice after 5 sec.

Just to be sure, I booted on another physical hard drive which has Win7 RC installed and connected the other WinXP system as a slave. From this Win7 system I ran a NOD32 and a Mbam scan of the WinXP hard drive without luck. Nothing suspicious got detected.

I really don't know what to do now... I can run Chrome, Spybot, FileZilla, CCleaner, MS Office, Winamp and so on, but can't open VSRip, Mbam, or even Media Player Classic HC.

What do you think this could be ? I'm running out of ideas here so your help will be appreciated!
Thanks!

 

[btk1w1]

Do they stay open in safe mode?

Is the change sudden?

Have you tried system restore?

Do you mind sharing the HJT logfile?

Sorry about all the questions.

 

[PODxt]

Hi, thanks for your reply!

I tried to open the softwares in safe mode but they either don't open (VSRip), disappear (Mbam) or crash (DVDShrink) just like in normal mode.

I didn't try system restore as I deactivated it, so if I can't find a solution, I'll be good for a new reinstall. (I was already planning to do so, even before having this problem)

The change was sudden. It seems to me that the problem occured right after I visited a malicious website. The funny thing is that this malicious website is MY personal website. I wanted to visit my website and then got a warning message from Chrome saying the website I was about to visit contained some malicious connections with some "connectabilities(.)com" website or something. I was surprised as it's a very basic html website with no link to this whatever other malicious website. So I ignored Chrome warning and displayed the page. Blank page. I connected to my FTP to download my index.html file in order to see what's in there. I found some php script, which was odd since I don't know anything about php. Anyway, I deleted this file. I then noticed this corrupted behavior with some (not all) programs. And here I am.


Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:02, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\MAFWDITray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=1036&_lang=FR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWDITray.exe
O4 - HKLM\..\Run: [MAFWDITaskbarApp] C:\WINDOWS\system32\MAFWdiTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Snoopy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4832 bytes

 

[PODxt]