asked on

Unable to open any programs

I am unable to open any programs and when I do like say I open mozilla then a command box pops up for 2 sec and closes and this is the case with every program on my PC. I am running microsoft xp professional.

Member_2_49692

Sounds like you may be infected with something or you have a corrupt profile

Try this

Get the following tools create a folder on your hard drive at the root of C: called tools download the following tools below to that folder then reboot the computer while it is comming back up keep pressing f8 until you get the windows boot menu from there select safe mode once in safe mode run the tools starting with combofix.

Download combofix.exe and save it to your desktop
Close any open browsers.
Before starting ComboFix disable and exit any anti-virus software, anti-spyware or any other security related software as they may interfere with ComboFix's operation.
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you and display it on your desktop called c:\combofix.txt. By default this log is located on your 'C' drive. Post that log in your next reply along with a fresh HJT log as well
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Also run these

your going to need some anti spyware /malware utlities run too

http://www.superantispyware.com

http://security.kolla.de spybot s&d - download it install it (do not install tea timer, ) update it then run it

http://lavasoft.com - adaware - download it run it and then uninstall it
http://pack.google.com/intl/en/pack_installer_new.html?hl=en&gl=us&utm_source=en_US-et-more&utm_medium=et&utm_campaign=en_US&ciNum=11 - select to only download and install spyware doctor.

You'll also want to use several free online anti virus scanners such as

http://www.pandasoftware.com
http://www.bitdefender.com

Additionally you may want to run a rootkit tester...
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Member_2_49692

I forgot a program go to http://www.tomcoyote.org/hjt download hijack this.

after you run combofix it will produce a log file save it to someplace where you can find it and then reboot the system see if you can access things now if so run hijack this and post the logfile up here along with the combofix logfile then continue with the other tools i listed above.

LeeTutor

That's what it sounds like to me, too. There are a number of viruses that mess up the Registry data for running executable (.exe) files, so this can cause nothing to happen when you double click an .exe file in My Computer or try to execute one by putting the name in the Run dialog box off the Start Menu. Viruses can also corrupt the registry data for .lnk files (shortcuts) so that clicking on them doesn't work. So you may need the registry script from this page to fix the registry association for .exe files:

go to the following page and click on the link for item number 12, "EXE Fix for Windows XP" (and next to it in the same row of the table is the fix for .lnk files):

http://www.kellys-korner-xp.com/xp_tweaks.htm

You would need to download the .reg file to someplace convenient where you can access it, such as your Desktop, then double click it to merge the contents into the Registry and reboot the computer.

If double-clicking it doesn't work, try renaming regedit.exe to regedit.com and see if you can do it that way.

And if THAT doesn't work, try this tip from the following page:

http://www.dougknox.com/xp/file_assoc.htm

If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files. To work around this, press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.

Moiz Saifuddin

ASKER

ComboFix 08-02.05.3 - moiz 2008-02-05 11:37:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT -6:00]
Running from: C:\Documents and Settings\moiz\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\moiz\Application Data\macromedia\Flash Player\#SharedObjects\RCLBAT37\www.broadcaster.com
C:\Documents and Settings\moiz\Application Data\macromedia\Flash Player\#SharedObjects\RCLBAT37\www.broadcaster.com\played_list.sol
C:\Documents and Settings\moiz\Application Data\macromedia\Flash Player\#SharedObjects\RCLBAT37\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\moiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\moiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon(2).exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebxyxx.dll
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POWERMANAGER
-------\PowerManager

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-05 11:03 . 2008-02-05 11:02      103,673      -r-hs----      C:\188qsm.bat
2008-02-04 11:06 . 2008-02-04 11:06      281,050      -r-hs----      C:\2ifetri.cmd
2008-02-02 09:19 . 2008-02-02 09:19      282,584      -r-hs----      C:\i.cmd
2008-02-02 09:01 . 2008-02-02 09:01      <DIR>      d--------      C:\Program Files\iPod
2008-02-02 08:58 . 2008-02-02 08:59      <DIR>      d--------      C:\Program Files\QuickTime
2008-02-01 10:13 . 2008-02-01 10:12      281,562      -r-hs----      C:\h.cmd
2008-01-31 06:37 . 2008-02-05 11:42      54,156      --ah-----      C:\WINDOWS\QTFont.qfn
2008-01-31 06:37 . 2008-01-31 06:37      1,409      --a------      C:\WINDOWS\QTFont.for
2008-01-22 16:44 . 2008-02-02 09:02      <DIR>      d--------      C:\Program Files\iTunes
2008-01-22 16:41 . 2008-01-22 16:41      <DIR>      d----c---      C:\WINDOWS\system32\DRVSTORE
2008-01-22 16:41 . 2008-01-22 16:41      <DIR>      d--------      C:\Program Files\Common Files\Apple
2008-01-22 16:41 . 2008-01-22 16:41      <DIR>      d--------      C:\Program Files\Apple Software Update
2008-01-22 16:41 . 2008-01-22 16:41      <DIR>      d--------      C:\Documents and Settings\All Users\Application Data\Apple
2008-01-22 16:41 . 2007-10-31 14:09      30,464      --a------      C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-21 06:55 . 2006-07-14 15:03      539,944,960      --a------      C:\Fight Club (DivX).avi
2008-01-21 06:54 . 2006-07-23 16:01      733,630,464      --a------      C:\DVD-Good Will Hunting.avi
2008-01-21 06:53 . 2006-08-05 13:44      766,092,800      --a------      C:\What Lies Beneath (DivX DVD).avi
2008-01-21 06:29 . 2006-07-27 05:50      489,606,376      --a------      C:\four brothers (whole movie).mpg
2008-01-21 06:29 . 2007-12-15 03:25      303,058      -r-hs----      C:\nideiect.com
2008-01-11 14:19 . 2008-01-11 14:19      <DIR>      d--------      C:\Documents and Settings\moiz\Application Data\Helios
2008-01-10 15:27 . 2008-01-10 15:27      90,112      --a------      C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27      57,344      --a------      C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:43      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-24 19:31      ---------      d-----w      C:\Program Files\AnchorFree
2007-12-22 16:49      ---------      d-----w      C:\Program Files\Web Publish
2007-12-18 09:55      ---------      d-----w      C:\Program Files\Shareaza
2007-12-18 09:54      ---------      d-----w      C:\Documents and Settings\moiz\Application Data\Shareaza
2007-12-18 08:57      ---------      d-----w      C:\Documents and Settings\moiz\Application Data\Skype
2007-12-16 11:05      ---------      d-----w      C:\Documents and Settings\moiz\Application Data\Aim
2007-12-16 01:59      ---------      d-----w      C:\Program Files\Hotspot Shield
2007-12-15 12:19      ---------      d-----w      C:\Program Files\EditPlus 2
2007-12-15 12:17      ---------      d-----w      C:\Program Files\iTunes(2)
2007-12-15 12:17      ---------      d-----w      C:\Program Files\iPod(2)
2007-12-15 12:17      ---------      d-----w      C:\Program Files\imeem
2007-12-15 12:16      ---------      d-----w      C:\Program Files\TextPad 5
2007-12-15 12:16      ---------      d-----w      C:\Program Files\Common Files\Skype
2007-12-15 12:16      ---------      d-----w      C:\Program Files\Beyond Compare 2
2007-12-15 12:15      ---------      d-----w      C:\Program Files\DivX
2007-12-15 12:14      ---------      d--h--w      C:\Program Files\InstallShield Installation Information
2007-12-15 12:14      ---------      d-----w      C:\Program Files\CyberLink
2007-12-15 11:59      ---------      d-----w      C:\Program Files\Need2Find
2007-12-15 11:59      ---------      d-----w      C:\Program Files\LimeWire
2007-12-15 11:59      ---------      d-----w      C:\Program Files\Kazaa
2007-12-15 11:59      ---------      d-----w      C:\Program Files\AWS
2007-12-15 11:59      ---------      d-----w      C:\Program Files\Altnet
2007-12-15 11:52      ---------      d-----w      C:\Program Files\Dell Photo AIO Printer 922
2007-12-15 11:51      ---------      d-----w      C:\Program Files\Common Files\aolshare
2007-12-15 11:51      ---------      d-----w      C:\Program Files\Common Files\aolback
2007-12-15 11:51      ---------      d-----w      C:\Program Files\Common Files\AOL
2007-12-15 11:51      ---------      d-----w      C:\Program Files\AOL 9.0
2007-12-15 11:51      ---------      d-----w      C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-12-15 11:51      ---------      d-----w      C:\Documents and Settings\All Users\Application Data\AOL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
2005-03-07 15:57      552960      --a------      C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
                  C:\Program Files\RXToolBar\sfcont.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-06-07 14:53 239064]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1845208]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-12-01 18:30 4855258]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:37 2677210]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 521694]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 230876]
"P2P Networking"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" [2007-02-23 18:33 646108]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22 3917270]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 17:06 395740]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 01:14 15651288 C:\WINDOWS\RTHDCPL.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Trickler"="c:\documents and settings\m\local settings\temp\~vis0000\fsg_4104.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\moiz\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-02-23 12:37:45 502742]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 05:05:56 247252]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 06:00]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-07-23 03:44]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d961092-c028-11db-8077-00a0d137de9e}]
\Shell\AutoRun\command - E:\i.cmd
\Shell\explore\Command - E:\i.cmd
\Shell\open\Command - E:\i.cmd

.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 04:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 06:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-02 15:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-02 16:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 17:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-02 18:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-04 19:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-04 20:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-04 21:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-04 22:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-04 23:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 00:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-27 07:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 01:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 02:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 03:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 04:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 05:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-21 22:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-23 09:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-26 10:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-29 11:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-01-27 12:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-01 13:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-01 14:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\JcP2CY72.exe
"2008-02-05 17:39:35 C:\WINDOWS\Tasks\ex. sysdll.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 11:42:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-02-05 11:44:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-05 17:44:02

ASKER CERTIFIED SOLUTION

Member_2_49692

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Member_2_49692

sorry add this too into that section
C:\WINDOWS\system32\JcP2CY72.exe

so it should look like this

--------------------------------------------------------------------------------------------------------

File::
C:\188qsm.bat
C:\2ifetri.cmd
C:\i.cmd
C:\h.cmd
C:\nideiect.com
C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
C:\Program Files\RXToolBar\sfcont.dll
C:\WINDOWS\system32\JcP2CY72.exe
c:\documents and settings\m\local settings\temp\~vis0000\fsg_4104.exe

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

---------------------------------------------------------------------------------------------------------------

Computer101

Forced accept.

Computer101
EE Admin