Cannot Find Server or DNS Error

Question

alantanel 0 Newbie Poster

19 Years Ago

Dear guys,

I have this problem "Server not found or DNS Error" which I couldn't resolve even though I have tried the methods suggested by many. I have to refresh my IE6 constantly for the webpages to show up.

I believe depending on the HijackThis log, every individual needs different way of fixing this problem.

Please advise. My HijackThis log is available upon request.

Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 2:24:00 AM, on 8/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SVX Control Service] svxhost.exe
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [SVX Control Service] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8216.2922569444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab

windows-virus

3 Contributors
18 Replies
286 Views
1 Week Discussion Span
Latest Post 19 Years Ago Latest Post by DMR

All 18 Replies

crunchie 990 Most Valuable Poster

19 Years Ago

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.

Go here for an on-line scan & set it to autoclean for you.

Try this scan as well.

Reboot and post a new log from the updated hijackthis.

DMR 152 Wombat At Large

19 Years Ago

Have you run full anti-virus, Ad Aware, and Spybot scans yet using the most current updates to those programs? If not, please do so and then post a fresh log. Links to Ad Aware and Spybot are in my sig below, and instructions on using those utilities are posted in many of the other threads here; please read and follow those instructions befre scanning.

crunchie 990 Most Valuable Poster

19 Years Ago

Okay, let's go!!

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)

O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe

O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...96f4329c216c9b6
-Blazefind Windupdates Adware

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\System32\twzn.exe-file

Run a search for all those other 04 entries listed above & delete them too. They will likely be in either the Windows folder or the system32 folder.

I cannot find any reference to the following:
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
Do you know what it is?

Reboot normally after doing the above then with all browser windows closed, scan with hijackthis and post a fresh log please.

DMR 152 Wombat At Large

19 Years Ago

TLVenus,

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

I've split your post here into it own thread, which is at the following location:

http://www.daniweb.com/techtalkforums/showthread.php?t=9651

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks.

DMR 152 Wombat At Large

19 Years Ago

Ignore my above post; I see you've already started a fresh thread of your own- thanks.

(I've deleted the post that I split from here, as it is now redundant)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

alantanel 0 Newbie Poster · Answer 1 · 2004-08-19T22:58:11+00:00

Hi crunchie,

I have carried out your recommendations to scan my pc through the first link that you have provided. The second link has a little error loading.

Through the online virus scan, 8 infected files were detected, of which 3 files could not be deleted as they were in use. These are:
1)TROJ AGENT.BN C:\Program Files\WindUpdates\Comm.dll
2)TROJ AGENT.BN C:\Program Files\WindUpdates\WinKA.exe
3)TROJ AGENT.BF C:\Program Files\WindUpdates\WinUpdt.exe

Below is my new HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 1:02:50 AM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\sysprx.exe
C:\WINDOWS\System32\quicktime.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [iyus] C:\WINDOWS\System32\iyus\dledhakc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=6e91e8689eeda545a9d5e5ab736ce4e832197eea9d0c15f643334ba859f2d9a6e14fe2b3e5912a02963b6226dc70faa6ff12ff83:a04459e0e495a8bf096f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab

Please advise. Thank you. :)

alantanel 0 Newbie Poster · Answer 2 · 2004-08-20T16:26:09+00:00

Dear experts,

I have carried out thorough anti-virus, Adaware and Spybot scans with the latest updates to each program.

Here's my latest HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 6:35:46 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\cmsrg.exe
C:\WINDOWS\System32\aypqzg.exe
C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\twzn.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AAD655E-B667-52CA-8250-125508AD2D6D} - C:\WINDOWS\System32\jpgut.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [Microsoft System32 Update] cmsrg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] aypqzg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSlti32.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] sysprx.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVX Control Service] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update Loader] aypqzg.exe
O4 - HKCU\..\Run: [Microsoft Update] MSlti32.exe
O4 - HKCU\..\Run: [Drnsuzym] C:\WINDOWS\System32\twzn.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_66036_5402 (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=6e91e8689eeda545a9d5e5ab736ce4e832197eea9d0c15f643334ba859f2d9a6e14fe2b3e5912a02963b6226dc70faa6ff12ff83:a04459e0e495a8bf096f4329c216c9b6
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

Please advise. Thank you. :D

alantanel 0 Newbie Poster · Answer 3 · 2004-08-22T22:44:24+00:00

Hi crunchie,

I have carried out all your recommendations. Please advise on the latest HijackThis log.

The following, as far as I can remember, belongs to either my scanner or handphone software. I did not fix/delete it.
04 - HKLM\..\Run:[zzzCamInSuiteIII] E:\SETUP.EXE 246***

All the 04 entries, except for twzn.exe, could not be found in my harddisk drives.

Here's my fresh HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 12:51:08 AM, on 8/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svspack2.exe
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

Looking forward to your further instructions. Thank you. :)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2004-08-23T17:54:05+00:00

Do you have QuickTime installed on your computer & if so, was it running at the time of your scan?
Also, do you know what the following is?
C:\WINDOWS\Screen Scapes Task.exe
Please go here and have these files scanned.
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe

DMR 152 Wombat At Large Team Colleague · Answer 5 · 2004-08-24T00:41:30+00:00

O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe

I think that pretty much answers the QuickTime question, eh? :mrgreen:

alantanel 0 Newbie Poster · Answer 6 · 2004-08-24T10:03:35+00:00

Hi crunchie,

Thanks for your advice to date.

I do have QuickTime installed in my pc. Everything was closed before I carried out the scan, including disconnecting from the network.

C:\WINDOWS\Screen Scapes Task.exe is a screen saver. I doubt it's causing me any troubles as I have that installed more than a year ago.

I could not locate these 2 files in my harddrives:
C:\WINDOWS\System32\quicktime.exe
C:\WINDOWS\System32\svspack2.exe
What can I do to flush them out?

I have just installed ZoneAlarm firewall. These 2 files are always trying to "call Home" (Access the internet), but are blocked by the firewall. I believe they are the root problems. From the Task Manager, I could find these 2 files running under Application.

After carrying out your recommendations, my internet access worked well for 2 hours before the problem returned.

What other suggestions do you have for me? Please advise. Thank you. :eek:

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 7 · 2004-08-24T17:12:50+00:00

O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
I think that pretty much answers the QuickTime question, eh? :mrgreen:

..............OOPS :o

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2004-08-24T17:20:45+00:00

I think it is safe to delete those files going on what you have said.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\System32\svspack2.exe-file
C:\WINDOWS\System32\quicktime.exe-file

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Reboot normally after doing the above then post a fresh log please.

alantanel 0 Newbie Poster · Answer 9 · 2004-08-25T12:22:41+00:00

Hi crunchie,

I have fixed the following using HijackThis as advised:

O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe

I could find no trace of them in my latest HijackThis log shown below:

Logfile of HijackThis v1.98.2
Scan saved at 12:17:54 AM, on 8/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Alan\My Documents\Miscellaneous\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 246***
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

Since installing ZoneAlarm, my internet connection has, so far, being working normally. Furthermore, after removing those 2 suspicious entries, I guess, and hopefully so, my problem has been solved. :D

Thank you once again. :cheesy:

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2004-08-25T17:58:04+00:00

Cool. You managed to delete them manually, yes? If so, you look all clear.

DMR 152 Wombat At Large Team Colleague · Answer 11 · 2004-08-26T05:08:36+00:00

Cool. You managed to delete them manually, yes? If so, you look all clear.

Hmm, we might want to take a closer look at the actual response and just confirm that:

" I have fixed the following using HijackThis as advised:

O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe

I could find no trace of them in my latest HijackThis log..."

alantanel,

(As crunchie got me hip to some time ago; credit where credit is due): once you had HJT fix those entries, you still need to search your system for those files and delete them manually. HJT fixes the Registry entries which reference the files, but HJT does not delete the files themselves. In order to see/find the files, you might have to set Windows Explorer's Tools->Folder Options->View settings to ""Show hidden files and folders"

alantanel 0 Newbie Poster · Answer 12 · 2004-08-26T11:22:11+00:00

Harlow DMR & crunchie,

I made a very thorough search of my system for the existence of those two files (svspack2.exe & quicktime.exe), but I was not able to locate them.

The messages that I received from ZoneAlarm firewall led me to believe that these two files are activated from somewhere in the network, not from my system. They were caught and blocked from accessing the internet by the firewall.

Before fixing these two entries using HJT, they could be seen running under PROCESSES of the TASK MANAGER. This probably explains why I could not remove them in my first Scan & Fix using HJT.

Hence, I ended these two processes and then carried out the second HJT Scan & Fix. The result? They are no longer in my registry as you can see from my latest HJT log.

To date, my internet access has been working normally.

Thank you very much to everyone who has offered your help in one way or another. I will remember which forum to look to if any pc-related problems should arise in future. :cheesy:

DMR 152 Wombat At Large Team Colleague · Answer 13 · 2004-08-26T20:17:29+00:00

You're welcome, we're alwways glad to help!

I made a very thorough search of my system for the existence of those two files (svspack2.exe & quicktime.exe), but I was not able to locate them.

You're not the first member to report that happening, but not having being able to physically sit at anyone's machine, I've never found an explanation for that.

The messages that I received from ZoneAlarm firewall led me to believe that these two files are activated from somewhere in the network, not from my system. They were caught and blocked from accessing the internet by the firewall.

If you had entries for the files in the Run section of your Registry and HJT reported them as processes running from a local directory, they were definitely running from your machine.

Before fixing these two entries using HJT, they could be seen running under PROCESSES of the TASK MANAGER. This probably explains why I could not remove them in my first Scan & Fix using HJT.
Hence, I ended these two processes and then carried out the second HJT Scan & Fix. The result? They are no longer in my registry as you can see from my latest HJT log.

Right- HJT removes the run entries in the registry, which keeps the programs from loading on subsequent bootups. However, if the malicious programs are already loaded when you run detection/removal utiities, they can be harder to "kill".

Cannot Find Server or DNS Error

Recommended Answers Collapse Answers

All 18 Replies

Recommended Answers