MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: WebsiteViewer, Dialer & 124714.exe
December 13, 2019, 03:51:17 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 13, 2019, 03:51:17 AM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: WebsiteViewer, Dialer & 124714.exe  (Read 3263 times)
rw
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: October 18, 2004, 03:54:58 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP Home
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Here is my hjt.log info and websiteViewer keeps on run on my PC even I've tried to delete it in the Safe Mode

Logfile of HijackThis v1.98.2
Scan saved at #19979;#21320; 11:47:51, on 2004.10.18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\systime.exe
C:\WINNT\System32\IdnMail.exe
C:\WINNT\System32\capp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\systime.exe
C:\Program Files\HGuard\Guard.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WebSiteViewer\124714.dlr
C:\Program Files\ICQ\ICQ.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: mapisvub - {CDE13995-E61A-F5D3-1636-824DFD15FDD5} - C:\WINNT\System32\mapisvub.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: #25910;#38899;#27231;(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKLM\..\Run: [conscorr] C:\WINNT\conscorr.exe
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\System32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINNT\System32\capp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKCU\..\Run: [Orpa] C:\Documents and Settings\River Wong\Application Data\srls.exe
O4 - HKCU\..\Run: [Homepage Guard] "C:\Program Files\HGuard\Guard.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: #20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: #20840;#37096;#20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: #21295;#20986;#33267; Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra 'Tools' menuitem: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl) - http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006
O16 - DPF: {31177F43-706C-11D5-8717-0050DA87DD66} (psinet.proxy_conf) - http://www.oxygen-hongkong.com/ActiveX/psinet.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_tw.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.shenzhentour.com/szmap/mgaxctrl.cab
O16 - DPF: {73160BC1-6B76-377B-9EFC-36BD1B33ABE6} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (#36264;#21218;#31185;#25216;#32218;#19978;#25475;#27602;#31243;#24335;) - http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A345F9D-011F-4BFC-9AF7-933D4A2B78E4} (HanGamePluginHk15 Class) - http://download.game.netvigator.com/dist/activex/HanGamePluginHk15.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D6EB3D82-0DF2-11D5-A04B-00C04FCF6F3E} (SysCheck.UserControl1) - http://pctv.netvigator.com/package/SysCheck.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF4D-595F-40F7-A518-FD436E5E52D5}: NameServer = 218.102.62.71 205.252.144.118

Thanks for your help

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: October 25, 2004, 04:35:44 AM »

Sorry we missed your topic, if you still need a hand could you please post a fresh hijackthis log, thanks
Logged

 
rw
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: October 26, 2004, 04:27:05 PM »

Logfile of HijackThis v1.98.2
Scan saved at #19978;#21320; 12:26:08, on 2004.10.27
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\systime.exe
C:\WINNT\System32\IdnMail.exe
C:\WINNT\System32\capp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\systime.exe
C:\Program Files\HGuard\Guard.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ\Icq.exe
C:\Program Files\WebSiteViewer\124714.dlr
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: mapisvub - {CDE13995-E61A-F5D3-1636-824DFD15FDD5} - C:\WINNT\System32\mapisvub.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: #25910;#38899;#27231;(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKLM\..\Run: [conscorr] C:\WINNT\conscorr.exe
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\System32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINNT\System32\capp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKCU\..\Run: [Orpa] C:\Documents and Settings\River Wong\Application Data\srls.exe
O4 - HKCU\..\Run: [Homepage Guard] "C:\Program Files\HGuard\Guard.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: #20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: #20840;#37096;#20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: #21295;#20986;#33267; Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra 'Tools' menuitem: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl) - http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006
O16 - DPF: {31177F43-706C-11D5-8717-0050DA87DD66} (psinet.proxy_conf) - http://www.oxygen-hongkong.com/ActiveX/psinet.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_tw.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.shenzhentour.com/szmap/mgaxctrl.cab
O16 - DPF: {73160BC1-6B76-377B-9EFC-36BD1B33ABE6} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (#36264;#21218;#31185;#25216;#32218;#19978;#25475;#27602;#31243;#24335;) - http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A345F9D-011F-4BFC-9AF7-933D4A2B78E4} (HanGamePluginHk15 Class) - http://download.game.netvigator.com/dist/activex/HanGamePluginHk15.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D6EB3D82-0DF2-11D5-A04B-00C04FCF6F3E} (SysCheck.UserControl1) - http://pctv.netvigator.com/package/SysCheck.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF4D-595F-40F7-A518-FD436E5E52D5}: NameServer = 218.102.62.71 205.252.144.118

Thanks for your help.
rw
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: October 27, 2004, 06:04:28 AM »

Hi again rw, I haven't had that much time to post tonight, so I will make this quick Smiley

I want to ensure that you have these 2 spyware removers, and that they are right up to date
There both yours to keep and hold on to for free

First---Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

After you have restarted
Download and Install Spybot S&D 1.3
After installation--SEARCH FOR UPDATES
Download All updates
Check for Problems---FIX everything in RED

RESTART your computer again to finish the cleaning

Post back with a fresh hijackthis log, I'll make sure I look at it right away when I am free Smiley
Logged

 
rw
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: October 27, 2004, 04:59:46 PM »

Logfile of HijackThis v1.98.2
Scan saved at #19978;#21320; 12:56:07, on 2004.10.28
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\ICQ\NDetect.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\System32\IdnMail.exe
C:\WINNT\System32\capp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HGuard\Guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: mapisvub - {CDE13995-E61A-F5D3-1636-824DFD15FDD5} - C:\WINNT\System32\mapisvub.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: #25910;#38899;#27231;(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\System32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINNT\System32\capp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orpa] C:\Documents and Settings\River Wong\Application Data\srls.exe
O4 - HKCU\..\Run: [Homepage Guard] "C:\Program Files\HGuard\Guard.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: #20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: #20840;#37096;#20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: #21295;#20986;#33267; Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra 'Tools' menuitem: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl) - http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {31177F43-706C-11D5-8717-0050DA87DD66} (psinet.proxy_conf) - http://www.oxygen-hongkong.com/ActiveX/psinet.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_tw.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.shenzhentour.com/szmap/mgaxctrl.cab
O16 - DPF: {73160BC1-6B76-377B-9EFC-36BD1B33ABE6} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (#36264;#21218;#31185;#25216;#32218;#19978;#25475;#27602;#31243;#24335;) - http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A345F9D-011F-4BFC-9AF7-933D4A2B78E4} (HanGamePluginHk15 Class) - http://download.game.netvigator.com/dist/activex/HanGamePluginHk15.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D6EB3D82-0DF2-11D5-A04B-00C04FCF6F3E} (SysCheck.UserControl1) - http://pctv.netvigator.com/package/SysCheck.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab

here is my updated hjt.log info.
Thanks for your help , rw
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: October 27, 2004, 05:55:55 PM »

Can you disable Homepageguard for now

Set Windows to Show Hidden Files and Folders

RESTART your Computer in SAFE MODE

Find and delete these files or folders if they exist
C:\Documents and Settings\River Wong\Application Data\srls.exe <-file
C:\WINNT\System32\systime.exe <--file

Stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O2 - BHO: mapisvub - {CDE13995-E61A-F5D3-1636-824DFD15FDD5} - C:\WINNT\System32\mapisvub.dll (file missing)

O4 - HKLM\..\Run: [SysTime] C:\WINNT\System32\systime.exe
O4 - HKCU\..\Run: [Orpa] C:\Documents and Settings\River Wong\Application Data\srls.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The above 2 may have been set by Homepage guard, you can reset them later

O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com

O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl) - http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_tw.cab


RESTART back into Normal Mode
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Can you do me a favor, Navigate to these 2 files
C:\WINNT\System32\IdnMail.exe
C:\WINNT\System32\capp.exe

Right click on them---left click properites---Version
Let me know what you can find out about them including Date created
Could you also Upload them to the following link
http://virusscan.jotti.dhs.org/
Simply use the Browse button to navigate to the file
Right click on it-----Select---Submit

If the service is busy try using this scanner
http://www.kaspersky.com/scanforvirus

I can't find that much info on them
I don't speak Chinese Smiley
Maybe you can interpet the findings from Google
http://www.google.ca/search?hl=en&q=C%3A%5CWINNT%5CSystem32%5Ccapp.exe&btnG=Google+Search&meta=
http://www.google.ca/search?hl=en&q=O4+-+HKLM%5C..%5CRun%3A+%5BIdnMail%5D+C%3A%5CWindows%5CSystem32%5CIdnMail.exe&btnG=Google+Search&meta=

Post back a fresh hijackthis log and let me know what you find out about those files
Logged

 
rw
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: October 28, 2004, 12:52:43 PM »

Here is my fresh HJT.log file

Logfile of HijackThis v1.98.2
Scan saved at #19979;#21320; 08:48:36, on 2004.10.28
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\IdnMail.exe
C:\WINNT\System32\capp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\conime.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: #25910;#38899;#27231;(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\NETVIGATOR\NETVIGATOR BROADBAND\driver\cFosDNT.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\System32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINNT\System32\capp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Homepage Guard] "C:\Program Files\HGuard\Guard.exe"
O8 - Extra context menu item: #20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: #20840;#37096;#20351;#29992; FlashGet #19979;#36617; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: #21295;#20986;#33267; Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra 'Tools' menuitem: #20013;#25991;#22495;#21517; - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\System32\CdnIEHlp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://powe45.vwh.net/downloads/upgradefinder.cab
O16 - DPF: {31177F43-706C-11D5-8717-0050DA87DD66} (psinet.proxy_conf) - http://www.oxygen-hongkong.com/ActiveX/psinet.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.shenzhentour.com/szmap/mgaxctrl.cab
O16 - DPF: {73160BC1-6B76-377B-9EFC-36BD1B33ABE6} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (#36264;#21218;#31185;#25216;#32218;#19978;#25475;#27602;#31243;#24335;) - http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8A345F9D-011F-4BFC-9AF7-933D4A2B78E4} (HanGamePluginHk15 Class) - http://download.game.netvigator.com/dist/activex/HanGamePluginHk15.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D6EB3D82-0DF2-11D5-A04B-00C04FCF6F3E} (SysCheck.UserControl1) - http://pctv.netvigator.com/package/SysCheck.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4288/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF4D-595F-40F7-A518-FD436E5E52D5}: NameServer = 218.102.62.71 205.252.144.118

Here is OnineMalWare info shown for that 2 files:
Service load:     
0%              100%
File:    IdnMail.exe
Status:    
OK
Packers detected:    
None
 
AntiVir    
No viruses found (2.64 seconds taken)
Avast    
No viruses found (2.55 seconds taken)
BitDefender    
No viruses found (5.96 seconds taken)
ClamAV    
No viruses found (6.28 seconds taken)
Dr.Web    
No viruses found (9.50 seconds taken)
F-Prot Antivirus    
No viruses found (0.88 seconds taken)
Kaspersky Anti-Virus    
No viruses found (9.24 seconds taken)
mks_vir    
No viruses found (5.34 seconds taken)
NOD32    
No viruses found (5.26 seconds taken)
Norman Virus Control    
No viruses found (10.85 seconds taken)


 Service load:     
0%              100%
File:    capp.exe
Status:    
OK
Packers detected:    
None
 
AntiVir    
No viruses found (1.42 seconds taken)
Avast    
No viruses found (4.59 seconds taken)
BitDefender    
No viruses found (3.76 seconds taken)
ClamAV    
No viruses found (2.93 seconds taken)
Dr.Web    
No viruses found (4.74 seconds taken)
F-Prot Antivirus    
No viruses found (0.37 seconds taken)
Kaspersky Anti-Virus    
No viruses found (4.63 seconds taken)
mks_vir    
No viruses found (1.96 seconds taken)
NOD32    
No viruses found (2.33 seconds taken)
Norman Virus Control    
No viruses found (4.29 seconds taken)

Actually that 2 files are also software which I download for delete WebsiteViewer, obviously it didn't work.

Thanks for your help and look forward to receiving your further assist.

rw
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: October 28, 2004, 05:28:52 PM »

That looks better rw

To do some cleanup, you can have hijackthis fix these entries

O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)

You can fix the next ones also, they show file missing, Hold on to the backups that hijackthis makes, let's make sure it's not a bug in the program

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\ICQ\Translator.lnk (file missing)


Optionally, you can have hijackthis fix the next ones too, they're not threats, but Not needed on startup, programs work fine without them
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


Additionally, you can open RealPlayer
Tools -> Preferences >>> Automatic services in the Categories pane>> Uncheck unneeded options and then OK

RESTART your computer
You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link==Download link
Scroll down and click on IE-SPYAD.EXE Free!

With both, Check for updates every couple of weeks

Those 2 entries
O4 - HKLM\..\Run: [IdnMail] C:\WINNT\System32\IdnMail.exe
O4 - HKLM\..\Run: [CApp] C:\WINNT\System32\capp.exe

I'm not sure what removal program they belong too,
If it doesn't appear reliable I would fix those entries too
and then after restart go and Uninstall the program
Can you let me know what program it's related too, possibly even a link, thanks
I'll assume that Spybot and Ad-Aware together will do a much better job
SpywareBlaster and IE-Spyad will help to prevent it from getting on your computer
Additionally, Ensure you keep Spybot updated--Search for updates
along with Ad-Aware and run scans every couple of weeks
Spybot also has an Immunization feature
Simply click Immunize---OK--Immunize at the top

Let me know how everythings running
Logged

 
rw
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #8 on: October 30, 2004, 03:43:22 PM »

Thanks for your help.

The problems is fixed.

And I unstalled that 2 program which you dont familiar with.

Seems everything is okay now.

Thanks again
RW
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: October 30, 2004, 06:30:56 PM »

Thanks for posting back rw, if you find this folder you can delete it also
C:\Program Files\WebSiteViewer <--folder

As your problems appear to be resolved, I'll lock this topic, if you need it reopened please PM a Mod or Admin and supply a link to this thread
Stay Safe Smiley
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 26, 2018, 03:53:13 AM