•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 456,588 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,582 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 6667 | Replies: 18
 |
•
•
Join Date: Aug 2004
Posts: 10
Reputation: 
Rep Power: 5
Solved Threads: 0
Newbie Poster
Dear guys,
I have this problem "Server not found or DNS Error" which I couldn't resolve even though I have tried the methods suggested by many. I have to refresh my IE6 constantly for the webpages to show up.
I believe depending on the HijackThis log, every individual needs different way of fixing this problem.
Please advise. My HijackThis log is available upon request.
Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:24:00 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8216.2922569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
I have this problem "Server not found or DNS Error" which I couldn't resolve even though I have tried the methods suggested by many. I have to refresh my IE6 constantly for the webpages to show up.
I believe depending on the HijackThis log, every individual needs different way of fixing this problem.
Please advise. My HijackThis log is available upon request.
Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 2:24:00 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8216.2922569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Last edited by crunchie : Aug 19th, 2004 at 7:09 am. Reason: Added logfile from other thread.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 456
Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Reboot and post a new log from the updated hijackthis.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Reboot and post a new log from the updated hijackthis.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Aug 2004
Posts: 10
Reputation:
Rep Power: 5
Solved Threads: 0
Newbie Poster
Hi crunchie,
I have carried out your recommendations to scan my pc through the first link that you have provided. The second link has a little error loading.
Through the online virus scan, 8 infected files were detected, of which 3 files could not be deleted as they were in use. These are:
1)TROJ AGENT.BN C:\Program Files\WindUpdates\Comm.dll
2)TROJ AGENT.BN C:\Program Files\WindUpdates\WinKA.exe
3)TROJ AGENT.BF C:\Program Files\WindUpdates\WinUpdt.exe
Below is my new HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 1:02:50 AM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\quicktime.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Please advise. Thank you.
I have carried out your recommendations to scan my pc through the first link that you have provided. The second link has a little error loading.
Through the online virus scan, 8 infected files were detected, of which 3 files could not be deleted as they were in use. These are:
1)TROJ AGENT.BN C:\Program Files\WindUpdates\Comm.dll
2)TROJ AGENT.BN C:\Program Files\WindUpdates\WinKA.exe
3)TROJ AGENT.BF C:\Program Files\WindUpdates\WinUpdt.exe
Below is my new HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 1:02:50 AM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\quicktime.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
Please advise. Thank you.
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 339
Have you run full anti-virus, Ad Aware, and Spybot scans yet using the most current updates to those programs? If not, please do so and then post a fresh log. Links to Ad Aware and Spybot are in my sig below, and instructions on using those utilities are posted in many of the other threads here; please read and follow those instructions befre scanning.
Last edited by DMR : Aug 19th, 2004 at 6:14 pm.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Aug 2004
Posts: 10
Reputation:
Rep Power: 5
Solved Threads: 0
Newbie Poster
Dear experts,
I have carried out thorough anti-virus, Adaware and Spybot scans with the latest updates to each program.
Here's my latest HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 6:35:46 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Please advise. Thank you.
I have carried out thorough anti-virus, Adaware and Spybot scans with the latest updates to each program.
Here's my latest HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 6:35:46 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...6f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Please advise. Thank you.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 456
Okay, let's go!!
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...96f4329c216c9b6
-Blazefind Windupdates Adware
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\twzn.exe-file
Run a search for all those other 04 entries listed above & delete them too. They will likely be in either the Windows folder or the system32 folder.
I cannot find any reference to the following:
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
Do you know what it is?
Reboot normally after doing the above then with all browser windows closed, scan with hijackthis and post a fresh log please.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...96f4329c216c9b6
-Blazefind Windupdates Adware
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\WINDOWS\System32\twzn.exe-file
Run a search for all those other 04 entries listed above & delete them too. They will likely be in either the Windows folder or the system32 folder.
I cannot find any reference to the following:
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
Do you know what it is?
Reboot normally after doing the above then with all browser windows closed, scan with hijackthis and post a fresh log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 339
TLVenus,
We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.
I've split your post here into it own thread, which is at the following location:
http://www.daniweb.com/techtalkforum...ead.php?t=9651
For a full description of our posting guidelines and general rules of conduct, please see this page:
http://www.daniweb.com/techtalkforu...b_faq#faq_rules
Thanks.
We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.
I've split your post here into it own thread, which is at the following location:
http://www.daniweb.com/techtalkforum...ead.php?t=9651
For a full description of our posting guidelines and general rules of conduct, please see this page:
http://www.daniweb.com/techtalkforu...b_faq#faq_rules
Thanks.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 339
Ignore my above post; I see you've already started a fresh thread of your own- thanks.
(I've deleted the post that I split from here, as it is now redundant)
(I've deleted the post that I split from here, as it is now redundant)
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Aug 2004
Posts: 10
Reputation:
Rep Power: 5
Solved Threads: 0
Newbie Poster
Hi crunchie,
I have carried out all your recommendations. Please advise on the latest HijackThis log.
The following, as far as I can remember, belongs to either my scanner or handphone software. I did not fix/delete it.
04 - HKLM\..\Run:[zzzCamInSuiteIII] E:\SETUP.EXE 246***
All the 04 entries, except for twzn.exe, could not be found in my harddisk drives.
Here's my fresh HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 12:51:08 AM, on 8/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Looking forward to your further instructions. Thank you.
I have carried out all your recommendations. Please advise on the latest HijackThis log.
The following, as far as I can remember, belongs to either my scanner or handphone software. I did not fix/delete it.
04 - HKLM\..\Run:[zzzCamInSuiteIII] E:\SETUP.EXE 246***
All the 04 entries, except for twzn.exe, could not be found in my harddisk drives.
Here's my fresh HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 12:51:08 AM, on 8/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
Looking forward to your further instructions. Thank you.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 456
Do you have QuickTime installed on your computer & if so, was it running at the time of your scan?
Also, do you know what the following is?
C:\WINDOWS\Screen Scapes Task.exe
Please go here and have these files scanned.
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe
Also, do you know what the following is?
C:\WINDOWS\Screen Scapes Task.exe
Please go here and have these files scanned.
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
•
•
•
•
adware algos architecture backup business centro complete information crash daniweb database defender dell development dns fortitude hope internet ip legal linux mail malware mcafee microsoft mmorpg new folder new viruses news nhatquanglan novell qmail reliability rhel search security server smtp software spyware struggle survey suse svchost terrorism trial-and-error victory virus viruses vista windows
- cannot find server or DNS error (Web Browsers)
- Cannot Find Server or DNS Error - Secure Sites Pls Review HiJacks Log (Viruses, Spyware and other Nasties)
- Cannot find server or DNS error (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Viruses, Spyware and other Nasties)
- Cannot Find Server or DNS Error (Viruses, Spyware and other Nasties)
- Cannot find server or DNS error - please help!!!! (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Viruses, Spyware and other Nasties)
- "Cannot find server or DNS Error" (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Error loading C:\WINDOWS\Downloaded Program Files\bridge.dll
- Next Thread: Help! Can't browse, use control panel or Explorer
