ctfmon.exe Application Error & security & printing disabled

Please Help,

Hardware Profile & HijackThis attached below.

Description of problem follows:

On power up, XP boots but I get ctfmon.exe Application Error. The application failed to initialize properly (0xc0000033).

Then I get "View Mgr has encountered a problem and needs to close".

Followed by "Dell Support has encountered a problem and needs to close".

Followed by "Windows Defender User Interface has encountered a problem and needs to close".

Then Norton AntiVirus gives me a warning saying that my protection is out of date even though I have been updating it. Also the last scan date shown does not reflect my recent scans so maybe something is stoping this.

XP now finishes booting up but my printers are disabled and I can't reinstall them.

I have installed and run, in both accounts, Spybot Search and Destroy, Ad-Aware SE, Norton AntiVirus 2005, SpywareBlaster, and several other programs. CoolWWWSearch has been found and removed I think?


~ INLINE LOGS REMOVED ~ SPD Do not copy and paste logs into your posts. It may be acceptable on other forums, but not this one.

Any help that you can give me will be greatly appreciated.

Thanks,

Skier0370

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

 

Please Help,

Sorry about previous post but I have now followed all the directions. I was not able to load or run Windows Defender and I did not install or run Counter Spy otherwise everything was done. When attempting to run Windows Defender I got "Windows Defender User Interface has encountered a problem and needs to close.

Ad-Aware SE and Spybot S&D did not find anything but I had previously scaned extensively with them before generating this information.

The bdscan file found Adware.Wheaterbug.A, Trojan.Downloader.3746.A, Win32.VBMalware, and Trojan. Dropper.Small.NJ

The Panda Active Scan is attached. After this scan completed I got the following message:
"Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of the files.
The network locations from which the files should be copied, C:\Windows\ServicePackFiles\i386/gdiplus.man, is not available."
I did not have a hard copy on hand so I hit cancel and I kept the bad files.

On power up, XP boots but I still get the ctfmon.exe Application Error. The application failed to initialize properly (0xc0000033).

Followed by "Windows Defender User Interface has encountered a problem and needs to close".

Followed by "Dell Support has encountered a problem and needs to close".

I didn't retry to boot Norton or reinstall my printers yet. Last time. before this procedure, I had the following:

Norton AntiVirus gives me a warning saying that my protection is out of date even though I have been updating it. Also the last scan date shown does not reflect my recent scans so maybe something is stoping this.

XP now finishes booting up but my printers are disabled and I can't reinstall them.

Any assistance will be greatly appreciated.

Skier0370

 

Uninstall anything related to MyWay, MyWay Websearch, Funweb Products, My WebSearch; using Add or Remove Programs in the Control Panel.

Do the following:

about:Blank and HSA Hijacker - Simplified Removal
Look2Me VX2 Removal
Virtumonde aka Trojan Vundo Fix w/ Tool

Download DelDomains and unzip it to your desktop.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

Afterwards run Spybot and make sure you re-Immunize immediately. Then run a full system scan. If you get any reported problems, attach the log from Spybot.

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the Logs from the about:blank, Look2Me and Vundo procedures; and post a fresh HijackThis log.

 

I followed the directions stated.

I did not find any programs with MyWay etc in the add/remove program section although I see a reference to it in the R1 listing of hijackthis.

I ran your simplified version of about:Blank

In safe mode I could not run Look2Me-Destroyer or VundoFix but they both ran when I booted to normal mode. VundoFix had a message that said "no affected files were found ..." so I din not get a log of that.

I ran DelDomains and I didn't see anything happen I ssume that was fine.

I ran Spybot - S&D, and it found "Windows Security Center. AntiVirusDisableNotify" and told it to fix it and went on.

I was not able to manually delete the Folders identified as C:\WINDOWS\Downloaded Program Files\CONFLICT.1 or CONFLICT.2 but I was able to delete the file in them called "HDPlugin1019.dll"

On final reboot I have the same problems as before, which are:

On power up, XP boots but I get ctfmon.exe Application Error. The application failed to initialize properly (0xc0000033).

Followed by "Dell Support has encountered a problem and needs to close".

Followed by "Windows Defender User Interface has encountered a problem and needs to close".

Note, the real date is 4/27 but my computer is saying 4/21 so the files have the wrong date, off by 6 days, I will correct the date after I send this post out. Maybe this is why I got the Norton messages previously.

See attached files as requested.

Your help is greatly appreciated.

Skier0370

 

If someone could review this last log I would appreciate it>

Thanks,

Skier0370

 

Since Windows Defender isn't running properly lets unistall it by doing the following:
Start -> Run
MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9} (Copy and Paste this command)
OK

Uninstall the i-Search.us Toolbar
Start -> Run
C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\isearch2.dll",DllUninstall (Copy and Paste this command)
OK

Run ExplorerXP, navigate to and delete the following:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Zxowqebq.dll
C:\WINDOWS\System32\ibho2.dll

Scan with HijackThis and fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

The copy of ctfmon.exe on your system may not be the legit file from MS. Do teh following: (You may need your Windows XP CD)
Start -> Run
type SFC /scannow
OK

REBOOT

Follow the directions for Using GetRunKey

Post runkey.txt and a fresh HijackThis log.

 

I ran what you said with these results:

Windows Defender was removed

C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\isearch2.dll",DllUninstall was not found.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
I was not allowed to delete the above two folders. Option not available in drop down menu nor wuold the keyboard work, The folders indicate zero bytes.

I was not able to find the following:
C:\WINDOWS\Zxowqebq.dll
C:\WINDOWS\System32\ibho2.dll

Then I searched for isearch2.dll and Zxowqebq.dll and ibho2.dll with subfolders and hidden system files enabled but found nothing in regular mode.

I ran HijackThis and removed the R0 line as requested.

I ran SFC/scannow. It ran but at the end I did not see anything happen, no messages at ll.

After I rebooted I got the following messages:
"Dell Support has encountered a problem and needs to close".

and I also got Norton Antivirus in not turned on but it should have been.

The following message was no longer present - ctfmon.exe Application Error. The application failed to initialize properly (0xc0000033).

I have attached the requested log files.

Thanks for the continued help with this.

Skier0370

 

This is in addition to the above post.

My printers now work again.

I have noticed that itunes also generates the "itunes has encountered a problem and needs to close" error message.

Thanks for the help with this.

Skier0370

 

Your logs show no signs of a malware infection now.

You may have to uninstall and re-install programs that are not working correctly.

If you have any further problems, start a thread in Software; as this no longer appears to be a malware issue.