DNSerror and HijackThis log attached!

  1. 24-05-2005  #1
    mrglbtalk
    mrglbtalk is offline Newbie

    DNSerror and HijackThis log attached!

    Hello, my IE and Mozilla function intermittently, frequently facing dnserrors for 3-6 minute blocks of downtime when some sites fail to turn up. Both updated versions of AdAware and SpyBot have found nothing. I attach my HijackThis log file for your perusal and assistance please. Thank you.

    ############################

    Logfile of HijackThis v1.99.1
    Scan saved at 1:12:10 PM, on 24/05/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\system32\CTSvcCDA.EXE
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\ZipToA.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINNT\system32\atiptaxx.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\wfxsnt40.exe
    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe
    C:\Program Files\USB Media\shwicon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Software\Utilities\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/r/m1
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ShowIcon_Vosonic_USB Media Device Driver v1.19r003] "C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM95\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\moo.mht!http://www.rarsoft.co.uk//M.CHM::/ISASS.EXE
    O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://ec112.ecicorp.com/netagent/objects/emagic.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1071dc576e185ee...zip/RdxIE6.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/engli...er5.2AxWin.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

  3. 24-05-2005  #2
    HJThis
    HJThis is offline Senior Member
    Hello,mrglbtalk & Welcome

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

    O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\moo.mht!http://www.rarsoft.co.uk//M.CHM::/ISASS.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1071dc576e185e...tzip/RdxIE6.cab

    then reboot see how it is lit us know not sure this will help
    with your problem but they will be off the PC

    also do this here

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/hou.../start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    & may i ask are you running 2 Virus scanners if so not a good idea
    you should pick one & just keep it updated

    HGD
  4. 25-05-2005  #3
    mrglbtalk
    mrglbtalk is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Hello, thanks for the quick response! I did remove those 5 entries via HijackThis, but they probably were not the problem since the issue remains unresolved. Both IE and FireFox still face shdock.dll/dnserror.htm problems, especially so via hyperlinks.

    I left my CPU to Panda for hours, and it came up with about 30 infected files, but there wasn't an option to remove the infections. I am pasting the Panda logfile here, do you think anything is amiss?

    Incident Status Location

    Adware:Adware/SaveNow No disinfected Windows Registry
    Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\vx0.nls
    Spyware:Spyware/BetterInet No disinfected C:\WINNT\system32\in10b6s.dll
    Adware:Adware/CWS No disinfected C:\Documents and Settings\Administrator\Favorites\Health
    Adware:Adware/StatBlaster No disinfected Windows Registry
    Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Administrator\Application Data\tvm*.dll
    Adware:Adware/WUpd No disinfected Windows Registry
    Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Administrator\Application Data\tvmuknwrd.dll
    Virus:Trj/Citifraud.A Disinfected C:\Program Files\BackUp Buddy\BackUp\b50.net\backup-11.30.2004_23-24-35_mresell2.tar.gz[backup-11.30.2004_23-24-35_mresell2.tar][inbox][~000061.@x@]
    Virus:Trj/Citifraud.A Disinfected C:\Program Files\BackUp Buddy\BackUp\b50.net\backup-11.30.2004_23-24-35_mresell2.tar.gz[backup-11.30.2004_23-24-35_mresell2.tar][inbox][~000096.@x@]
    Virus:Trj/Citifraud.A Disinfected C:\Program Files\BackUp Buddy\BackUp\b50.net\backup-11.30.2004_23-24-35_mresell2.tar.gz[backup-11.30.2004_23-24-35_mresell2.tar][inbox][~000098.@x@]
    Virus:W32/Bagle.AA.worm Disinfected C:\Program Files\BackUp Buddy\BackUp\b50.net\backup-11.30.2004_23-24-35_mresell2.tar.gz[backup-11.30.2004_23-24-35_mresell2.tar][inbox][MoreInfo.vbs]
    Virus:W32/Sober.I.worm Renamed C:\Program Files\BackUp Buddy\BackUp\b50.net\backup-11.30.2004_23-24-35_mresell2.tar.gz[backup-11.30.2004_23-24-35_mresell2.tar][inbox][~000132.@x@][re_mail.1134.pif]
    Adware:Adware/eZula No disinfected C:\WINNT\system32\in10b6s.dll
    Adware:Adware/FindWhatever No disinfected C:\WINNT\system32\unregister.exe
    Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\vx0.nls
    Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\vx1.nls
    Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\vx1x.nls
    Virus:Trj/Citifraud.A Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][inbox][~000002.@x@]
    Virus:W32/Bagle.pwdzip Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][inbox][Readme.zip]
    Virus:W32/Sober.I.worm Renamed E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][inbox][aadvantage5303.zip][message_text.txt .pif]
    Virus:Trj/Citifraud.A Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][inbox][~000328.@x@]
    Virus:Trj/Citifraud.A Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][backup-12.10.2004_07-59-21_mresell2.tar.gz][backup-12.10.2004_07-59-21_mresell2.tar][inbox][~000002.@x@]
    Virus:W32/Bagle.pwdzip Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][backup-12.10.2004_07-59-21_mresell2.tar.gz][backup-12.10.2004_07-59-21_mresell2.tar][inbox][Readme.zip]
    Virus:W32/Sober.I.worm Renamed E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][backup-12.10.2004_07-59-21_mresell2.tar.gz][backup-12.10.2004_07-59-21_mresell2.tar][inbox][aadvantage5303.zip][message_text.txt
    Virus:Trj/Citifraud.A Disinfected E:\Documents\Websites\backups\backup-b50.net-12-10-2004.tar.gz[backup-b50.net-12-10-2004.tar][backup-12.10.2004_07-59-21_mresell2.tar.gz][backup-12.10.2004_07-59-21_mresell2.tar][inbox][~000328.@x@]
+ Reply to Thread
« New Hijack This Log | Please help, everything disappeared on my desktop. »