|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Hopefully nothing wrong in here, just checking(Click here to view the original thread with full colors/images)Posted by: WildRose There ya go :) And if you could please direct me to how to learn to fix problems myself (websites, tutorials, anything) it would really be great. I'm willing to study! Thank you in advance! Logfile of HijackThis v1.99.1 Scan saved at 7:13:57 PM, on 7/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\LightSurf\Common\IconMgr.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Chameleon Clock\ChamClock.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe c:\program files\softwin\bitdefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\owner\Desktop\Y! Amp M6 v3.6.exe c:\Program Files\Trend Micro\Tmas\tmas.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - C:\Program Files\Crack\untitled.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: XBTB00429 - {CDC978C0-9630-42bf-90B1-500A800293E6} - C:\PROGRA~1\Crack\untitled.dll (file missing) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\PROGRA~1\Accoona\atoolbar.dll (file missing) O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - C:\Program Files\Crack\untitled.dll (file missing) O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Fortune Cookies.lnk = C:\Program Files\Catfood Software\Fortune Cookies\Fortune.exe O4 - Global Startup: Lightsurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe O4 - Global Startup: palstart.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\Program Files\BT2Net\bt2plugin.dll (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Program Files\BT2Net\bt2plugin.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Posted by: Warez Monster O2 - BHO: XBTB00429 - {CDC978C0-9630-42bf-90B1-500A800293E6} - C:\PROGRA~1\Crack\untitled.dll (file missing) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\PROGRA~1\Accoona\atoolbar.dll (file missing) O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - C:\Program Files\Crack\untitled.dll (file missing) O4 - Global Startup: Fortune Cookies.lnk = C:\Program Files\Catfood Software\Fortune Cookies\Fortune.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab[/url] Posted by: MicroBell Please be advised you have more entrys then what Warez Monster listed for removal. Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. [list] [*] [URL=http://www.lavasoftusa.com/support/download/][B][COLOR=Purple]Ad-Aware® SE Personal Edition[/COLOR][/B][/URL] [*] [URL=http://www.majorgeeks.com/download2471.html][B][COLOR=Purple]Spybot Search & Destroy[/COLOR][/B][/URL] [*] [URL=http://www.trendmicro.com/cwshredder/][B][COLOR=Purple]CWShredder[/COLOR][/B][/URL][/list] Also make sure you are using the the latest version (1.99.1) of [URL=http://www.majorgeeks.com/download3155.html][B][COLOR=Purple]HijackThis[/COLOR][/B][/URL] and it's installed in it's own folder on the root drive. [B](C:\HJT)[/B] Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s [b]NOT[/b] checked. We want system restore [b]ON[/b] and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed. [b]SafeGuard (Any and ALL) Cram Toolbar IeHelper Accoona Toolbar PCShield[/b] Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) [b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - C:\Program Files\Crack\untitled.dll (file missing) O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: XBTB00429 - {CDC978C0-9630-42bf-90B1-500A800293E6} - C:\PROGRA~1\Crack\untitled.dll (file missing) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\PROGRA~1\Accoona\atoolbar.dll (file missing) O3 - Toolbar: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - C:\Program Files\Crack\untitled.dll (file missing) O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab[/url][/b] Delete the following Files/Folders in [color=red][b]RED[/color][/b] (delete folders if no filename is specified or if they are highlighted in [b][color=red]RED[/b][/color]) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS) [b]C:\Program Files\[color=red]Crack\untitled.dll[/color] C:\WINDOWS\system32\[color=red]sfg.dll[/color] C:\WINDOWS\system32\[color=red]smiehlp.dll[/color] C:\PROGRA~1\[color=red]Accoona\atoolbar.dll[/b] [/color] Reboot back to normal windows.. Please run an online scan at [url]http://www.pandasoftware.com/activescan/com/activescan_principal.htm[/url] Select the “Autofix/Clean” option and save the activescan log. Then post that log in your next post along with a new hijackthis log. *note* This entry.... [b]O4 - Global Startup: Fortune Cookies.lnk = C:\Program Files\Catfood Software\Fortune Cookies\Fortune.exe[/b] Displays a fortune everytime windows starts. If you installed this and want to keep it don't remove it's entry. If you do want it removed...add it to be fixed by hijackthis and uninstall it via add/remove programs. Please visit this website - [url]http://virusscan.jotti.org/[/url] Submit these file(s) for a comprehensive scan & then post the results back here [b]palstart.exe[/b] <--locate that file and upload it. Posted by: WildRose First of all, thank you for your help. I checked my sistem with the programs you said, i already had them (maybe i should use them more often). Anyway, i found some problems with those and fixed everything, but it doesn't seem to help. Second of all, here is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 3:36:32 PM, on 7/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Chameleon Clock\ChamClock.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe c:\program files\softwin\bitdefender8\bdmcon.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Fortune Cookies.lnk = C:\Program Files\Catfood Software\Fortune Cookies\Fortune.exe O4 - Global Startup: palstart.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\Program Files\BT2Net\bt2plugin.dll (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Program Files\BT2Net\bt2plugin.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) And the log from Panda software online scan: Incident Status Location Spyware:spyware/marketscore No disinfected C:\WINDOWS\SYSTEM32\rk.bin Adware:adware/gator No disinfected C:\WINDOWS\GatorPatch.log Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys Adware:adware/funweb No disinfected HKEY_CURRENT_USER\SOFTWARE\FUN WEB PRODUCTS Spyware:spyware/rxtoolbar No disinfected HKEY_CURRENT_USER\SOFTWARE\RX TOOLBAR Adware:adware/need2find No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} Adware:adware/looksmart No disinfected HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971} Adware:adware/powerstrip No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C} Spyware:spyware/altnet No disinfected HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496} Adware:adware/myway No disinfected HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179} Virus:Trj/MadCow.A Disinfected C:\Documents and Settings\owner\My Documents\cool stuff\chestii haioase si(sau)interesante\Chestii haioase\Exe&MPG\MADCOW.EXE As you can see for youself, there were some (most) problems wich couldn't be solved. And i'm not sure what the problem is, but my computer seems to work worse and worse (slower and slower). Anyway, thank you and please work with me on this :) Oh, and the file "palstart.exe" is from a dumb program a friend of mine told me to instal, it's Paltalk messenger, i got rid of it (or so i think). Posted by: MicroBell You never stated what problem your haveing. Please describe in detail Anyway...reboot into safe mode. Open taskmanger and KILL this process. [b]C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe[/b] Open add/remove programs and remove [B]WildTangent[/B] if listed. Run hijackthis. Check each of the entrys...and click the FIX button. [b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll O4 - Global Startup: palstart.exe[/b] Delete the following Files/Folders in [color=red][b]RED[/color][/b] (delete folders if no filename is specified or if they are highlighted in [b][color=red]RED[/b][/color]) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS) [b]C:\WINDOWS\system32\[color=red]sfg.dll[/color] C:\Program Files\[color=red]WildTangent\Apps\CDA\GameDrvr.exe[/color] C:\WINDOWS\SYSTEM32\[color=red]rk.bin[/color] C:\WINDOWS\[color=red]GatorPatch.log [/color] C:\WINDOWS\[color=red]smdat32a.sys[/color] C:\Documents and Settings\owner\My Documents\cool stuff\chestii haioase si(sau)interesante\Chestii haioase\Exe&MPG\[color=red]MADCOW.EXE[/b][/color] Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in [b][color=red]RED[/b][/color]. [b]HKEY_CURRENT_USER\SOFTWARE\[color=red]FUN WEB PRODUCTS[/color] HKEY_CURRENT_USER\SOFTWARE\[color=red]RX TOOLBAR[/color] HKEY_LOCAL_MACHINE\SOFTWARE\[color=red]NEED2FIND[/color] HKEY_CLASSES_ROOT\CLSID\[color=red]{147A976E-EEE1-4377-8EA7-4716E4CDD239}[/color] HKEY_CLASSES_ROOT\TypeLib\[color=red]{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}[/color] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\[color=red]{669695B C-A811-4A9D-8CDF-BA8C795F261C} [/color] HKEY_CLASSES_ROOT\Interface\[color=red]{582AB125-1403-42FB-9EFB-198690BA1496}[/color] HKEY_LOCAL_MACHINE\software\classes\CLSID\[color=r ed]{9AFB8248-617F-460d-9366-D71CDEDA3179}[/b][/color] Reboot back to normal mode and run another Panda scan. Post it's log along with a new hijackthis log. Posted by: WildRose I must apologize for my long absence. Thank you very much for your assistance regarding this matter, but all is well (i hope) and I don't need any more help for now. Thanks again! vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |