Reply

Join Date: Oct 2004
Posts: 9
Reputation: aulakh is an unknown quantity at this point 
Solved Threads: 0
aulakh aulakh is offline Offline
Newbie Poster

Dns Error

 
0
  #1
Oct 9th, 2004
I have the exact same problem as CST does http://www.daniweb.com/techtalkforum...ead.php?t=5212 and heres my log from hijackthis, can someone plz help me I have been having this problem for over 2 weeks now. Thanks

Logfile of HijackThis v1.98.2
Scan saved at 10:12:46, on 09/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\muamgrd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wind32.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\win32usb.exe
C:\WINDOWS\System32\winssv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\wvsvc.exe
C:\windows\system32\winrpx.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\System32\lssrv.exe
C:\WINDOWS\System32\winmplayer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ms32cfg.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Printer] C:\windows\system32\winrpx.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fachkibx.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [msconfig] wins.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Windows Update] winupupdate1.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{00EC9413-4953-4ECC-8AE6-9EAEBB815EC0}: NameServer = 194.72.9.34 194.74.65.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{00EC9413-4953-4ECC-8AE6-9EAEBB815EC0}: NameServer = 194.72.9.34 194.74.65.68
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 209
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Dns Error

 
1
  #2
Oct 9th, 2004
Hey aulakh, welcome to DaniWeb! I hate to be the one to tell you this, but there is a notice at the top of this forum requesting that all hijackthis logs be posted in the Security forum as this is where the malware guru's hang out.

Before you post a log there, HJT should not be run from your desktop, it should be in a permanent folder (like c:\hjt\hijackthis.exe). Also, close all windows before scanning with HJT (you had IE open in your last scan).

Good luck!
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 364
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Dns Error

 
0
  #3
Oct 9th, 2004
Moving to the Security forum now...
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Aug 2003
Posts: 9,541
Reputation: caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold caperjack is a splendid one to behold 
Solved Threads: 492
Team Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Prodigy

Re: Dns Error

 
1
  #4
Oct 9th, 2004
Time to run a online virus scan..http://housecall.trendmicro.com/
and or this one also ...http://www.pandasoftware.com/actives..._principal.htm

and Trojan hunter fully working demo here ...
http://www.trojanhunter.com/
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 9
Reputation: aulakh is an unknown quantity at this point 
Solved Threads: 0
aulakh aulakh is offline Offline
Newbie Poster

Re: Dns Error

 
0
  #5
Oct 9th, 2004
ok sorry abot that, I ran hijackthis again heres the log

Logfile of HijackThis v1.98.2
Scan saved at 21:10:04, on 09/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wind32.exe
C:\WINDOWS\System32\removeme.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\cfachub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\winssv.exe
C:\Documents and Settings\sunny\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft Update] cfachub.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [zonealarm] removeme.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qzcthn.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] cfachub.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [zonealarm] removeme.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [zonealarm] removeme.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Microsoft Update] cfachub.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [zonealarm] removeme.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{370FCF97-A1E0-4DA2-88D1-B6796231BF42}: NameServer = 194.72.9.34 194.74.65.68
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 9
Reputation: aulakh is an unknown quantity at this point 
Solved Threads: 0
aulakh aulakh is offline Offline
Newbie Poster

Re: Dns Error

 
0
  #6
Oct 10th, 2004
Can someone plz help me out, also I got another problem a box appears with a timer of 60 secs then it restarts the comp.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,982
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 754
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Dns Error

 
0
  #7
Oct 10th, 2004
Open Task Manager & end process on the following:
wind32.exe
removeme.exe
cfachub.exe
winssv.exe

Then go to C:\WINDOWS\System32 & delete those files manually.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O4 - HKLM\..\Run: [Microsoft Update] cfachub.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [zonealarm] removeme.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qzcthn.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] cfachub.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [zonealarm] removeme.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [zonealarm] removeme.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Microsoft Update] cfachub.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [zonealarm] removeme.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\System32\qzcthn.exe-file

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 9
Reputation: aulakh is an unknown quantity at this point 
Solved Threads: 0
aulakh aulakh is offline Offline
Newbie Poster

Re: Dns Error

 
0
  #8
Oct 10th, 2004
Logfile of HijackThis v1.98.2
Scan saved at 15:38:50, on 10/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchosting.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\tres32.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Documents and Settings\sunny\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [OEM Tools 32] tres32.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [OEM Tools 32] tres32.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 364
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Dns Error

 
0
  #9
Oct 10th, 2004
The HJT entries which crunchie asked you to fix (and which seem to have reappeared) indicate that you are infected with a couple of different worms. HJT alone isn't going to be able to remove them for you.

Your HJT log also indicates that you have no anti-virus program running, which means you're just asking for trouble. If you can't immediately purchase and install a good anti-virus program like Norton or McAfee, use the links that caperjack posted and get a free online scan at those sites.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC