kilmandan

Hi,
everytime I open an internet related program (icq,emule,firefox...) , a few seconds after, an error box opens such as this one : "Outlook Express(or any other program I open) has encountered a problem and needs to close. We are sorry for the inconvenience."

now if i choose to ignore this box and put it aside I can continue working with the program, if I press debug or close It closes the application.

before posting this post I tried what was advised at the "Basic Malware Removal" and encountered the following problems:
1) Spybot crashes a few seconds after I open it and than it will not open until I reboot
2) Adware Se found no significant spyware
3) I could not enter panda active scan and housecall scan sites because of an internet connection problem (site's not responding) (which i believe is related to my problem because I never had this problem before either)

below is my HijackThis Log :

Logfile of HijackThis v1.99.1
Scan saved at 9:31:24 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\windows\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\dwwin.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ldr64 - C:\windows\SYSTEM32\ldr64.dll
O20 - Winlogon Notify: mloader32 - C:\windows\SYSTEM32\mloader32.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

Buzz1927

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O20 - Winlogon Notify: ldr64 - C:\windows\SYSTEM32\ldr64.dll
O20 - Winlogon Notify: mloader32 - C:\windows\SYSTEM32\mloader32.dll
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

Close all open windows and browsers, and hit "Fix Checked".

Delete these files.

C:\windows\SYSTEM32\ldr64.dll
C:\windows\SYSTEM32\mloader32.dll
C:\WINDOWS\System32\msdtc.exe

Reboot and post a new Hijackthis log.

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

kilmandan

1) I could't find none of the files mentioned
2) "O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)" is returning every time i scan.
3) It now occurs to me that the problem is probably already solved (firefox hasn't crashed yet, and it's been open for a few minutes now). thanks.

tell me if there's anything else wrong with my log

Logfile of HijackThis v1.99.1
Scan saved at 11:24:29 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\windows\system32\CTHELPER.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\windows\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

Buzz1927

Hit Start >Run, type services.msc.
Scroll down until you find the service Distributed Transaction Coordinator, and double-click on it.
Hit "Stop" and change the "Startup Type" to "Disabled".
Hit "Apply", then "Ok".

Run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type MSDTC and press OK. OK any prompts, close HijackThis, and restart your computer.

Then your log's clean.

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

kilmandan

thank you very much!!

Buzz1927

Welcome.

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!