 |  |  |  |  |  |  |  |
Cannot Find Server or DNS Error
 |
Dear guys,
I have this problem "Server not found or DNS Error" which I couldn't resolve even though I have tried the methods suggested by many. I have to refresh my IE6 constantly for the webpages to show up.
I believe depending on the HijackThis log, every individual needs different way of fixing this problem.
Please advise. My HijackThis log is available upon request.
Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:24:00 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8216.2922569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
I have this problem "Server not found or DNS Error" which I couldn't resolve even though I have tried the methods suggested by many. I have to refresh my IE6 constantly for the webpages to show up.
I believe depending on the HijackThis log, every individual needs different way of fixing this problem.
Please advise. My HijackThis log is available upon request.
Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:24:00 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8216.2922569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Last edited by crunchie; Aug 19th, 2004 at 7:09 am. Reason: Added logfile from other thread.
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 753
Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Reboot and post a new log from the updated hijackthis.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Reboot and post a new log from the updated hijackthis.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hi crunchie,
I have carried out your recommendations to scan my pc through the first link that you have provided. The second link has a little error loading.
Through the online virus scan, 8 infected files were detected, of which 3 files could not be deleted as they were in use. These are:
1)TROJ AGENT.BN C:\Program Files\WindUpdates\Comm.dll
2)TROJ AGENT.BN C:\Program Files\WindUpdates\WinKA.exe
3)TROJ AGENT.BF C:\Program Files\WindUpdates\WinUpdt.exe
Below is my new HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 1:02:50 AM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\quicktime.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Please advise. Thank you.
I have carried out your recommendations to scan my pc through the first link that you have provided. The second link has a little error loading.
Through the online virus scan, 8 infected files were detected, of which 3 files could not be deleted as they were in use. These are:
1)TROJ AGENT.BN C:\Program Files\WindUpdates\Comm.dll
2)TROJ AGENT.BN C:\Program Files\WindUpdates\WinKA.exe
3)TROJ AGENT.BF C:\Program Files\WindUpdates\WinUpdt.exe
Below is my new HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 1:02:50 AM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\quicktime.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Please advise. Thank you.
Have you run full anti-virus, Ad Aware, and Spybot scans yet using the most current updates to those programs? If not, please do so and then post a fresh log. Links to Ad Aware and Spybot are in my sig below, and instructions on using those utilities are posted in many of the other threads here; please read and follow those instructions befre scanning.
Last edited by DMR; Aug 19th, 2004 at 6:14 pm.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Dear experts,
I have carried out thorough anti-virus, Adaware and Spybot scans with the latest updates to each program.
Here's my latest HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 6:35:46 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Please advise. Thank you.
I have carried out thorough anti-virus, Adaware and Spybot scans with the latest updates to each program.
Here's my latest HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 6:35:46 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Please advise. Thank you.
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Okay, let's go!!
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...96f4329c216c9b6
-Blazefind Windupdates Adware
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\twzn.exe-file
Run a search for all those other 04 entries listed above & delete them too. They will likely be in either the Windows folder or the system32 folder.
I cannot find any reference to the following:
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
Do you know what it is?
Reboot normally after doing the above then with all browser windows closed, scan with hijackthis and post a fresh log please.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...96f4329c216c9b6
-Blazefind Windupdates Adware
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\twzn.exe-file
Run a search for all those other 04 entries listed above & delete them too. They will likely be in either the Windows folder or the system32 folder.
I cannot find any reference to the following:
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
Do you know what it is?
Reboot normally after doing the above then with all browser windows closed, scan with hijackthis and post a fresh log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
TLVenus,
We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.
I've split your post here into it own thread, which is at the following location:
http://www.daniweb.com/techtalkforum...ead.php?t=9651
For a full description of our posting guidelines and general rules of conduct, please see this page:
http://www.daniweb.com/techtalkforu...b_faq#faq_rules
Thanks.
We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.
I've split your post here into it own thread, which is at the following location:
http://www.daniweb.com/techtalkforum...ead.php?t=9651
For a full description of our posting guidelines and general rules of conduct, please see this page:
http://www.daniweb.com/techtalkforu...b_faq#faq_rules
Thanks.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Ignore my above post; I see you've already started a fresh thread of your own- thanks.
(I've deleted the post that I split from here, as it is now redundant)
(I've deleted the post that I split from here, as it is now redundant)
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Hi crunchie,
I have carried out all your recommendations. Please advise on the latest HijackThis log.
The following, as far as I can remember, belongs to either my scanner or handphone software. I did not fix/delete it.
04 - HKLM\..\Run:[zzzCamInSuiteIII] E:\SETUP.EXE 246***
All the 04 entries, except for twzn.exe, could not be found in my harddisk drives.
Here's my fresh HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 12:51:08 AM, on 8/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Looking forward to your further instructions. Thank you.
I have carried out all your recommendations. Please advise on the latest HijackThis log.
The following, as far as I can remember, belongs to either my scanner or handphone software. I did not fix/delete it.
04 - HKLM\..\Run:[zzzCamInSuiteIII] E:\SETUP.EXE 246***
All the 04 entries, except for twzn.exe, could not be found in my harddisk drives.
Here's my fresh HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 12:51:08 AM, on 8/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Looking forward to your further instructions. Thank you.
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Do you have QuickTime installed on your computer & if so, was it running at the time of your scan?
Also, do you know what the following is?
C:\WINDOWS\Screen Scapes Task.exe
Please go here and have these files scanned.
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe
Also, do you know what the following is?
C:\WINDOWS\Screen Scapes Task.exe
Please go here and have these files scanned.
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- cannot find server or DNS error (Web Browsers)
- Cannot Find Server or DNS Error - Secure Sites Pls Review HiJacks Log (Viruses, Spyware and other Nasties)
- Cannot find server or DNS error (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Viruses, Spyware and other Nasties)
- Cannot Find Server or DNS Error (Viruses, Spyware and other Nasties)
- Cannot find server or DNS error - please help!!!! (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Error loading C:\WINDOWS\Downloaded Program Files\bridge.dll
- Next Thread: Help! Can't browse, use control panel or Explorer
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet botnets censorship commercial commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
