why is so? how can I let them to shut up?

it's spyware.
there's about 10,000,000,000 threads on the subject here...just look around

Originally posted by Sparsely@5 July 2004 - 22:24
it's spyware.
there's about 10,000,000,000 threads on the subject here...just look around
i know its a silly question but i couldn't find any after searching and I used ad-aware 6.0, it didn't help, any suggestion? thanks.

ffs..

http://www.spysweper.com

Originally posted by muchspl2@5 July 2004 - 23:46
ffs..

http://www.spysweper.com
thanks, its better than ad-adware, it could detect spyware application in memory. it swept away an application called "twain tech" and deleted a file "twaintec.dll", and later I check the website www.twain-tech.com(the spyware company) I found out I need to delete the file "mxtarget.dll", everything's done, but I am still getting pop up windows! Help!

I think adaware is losing its effectiveness =\

hi,
can you post a hijack this log?


http://www.net-integration.net/tools/hijackthis.html

unzip the program and scan, save a log. copy and paste the contents here.

good luck.

Originally posted by dopey@6 July 2004 - 06:04
hi,
can you post a hijack this log?


http://www.net-integration.net/tools/hijackthis.html

unzip the program and scan, save a log. copy and paste the contents here.

good luck.
sure, here it is

Logfile of HijackThis v1.98.0
Scan saved at 2:09:54 AM, on 7/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\jmcyrcmm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
d:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
d:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ging\LOCALS~1\Temp\Rar$EX00.323\HijackThis.exe

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {6BF86B06-CB3A-73BA-D152-17550FA22E14} - C:\WINDOWS\System32\yvoqzcgb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dbzcmgbmh] C:\WINDOWS\System32\zukcasmc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "d:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall....html?c=cnet_3D (https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.05.04&http://www.smb.compaq.com/dstore/html/interactive/n410/evo410.html?c=cnet_3D)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.city.north-bay.on.ca/scripts/AxisCamControl.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab)

this program is interesting, and I noticed the two files I mentioned come back again! what's happening

please do not run the program out of the zip file. unzip the program into it's own folder. otherwise, the backups can be easily erased.

rescan with hijack this and check the following items:
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {6BF86B06-CB3A-73BA-D152-17550FA22E14} - C:\WINDOWS\System32\yvoqzcgb.dll

O4 - HKLM\..\Run: [dbzcmgbmh] C:\WINDOWS\System32\zukcasmc.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

these two are just annoyances, and aren't necessary at startup:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

close all browser windows and hit fix checked.

reboot in safe mode (hit f8 during boot) and delete
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\zukcasmc.exe

reboot into regular mode and post a new log.

here is the new one by following your instruction:

Logfile of HijackThis v1.98.0
Scan saved at 3:02:45 AM, on 7/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
d:\Program Files\Kazaa Lite K++\KazaaLite.kpp
E:\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "d:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall....html?c=cnet_3D (https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.05.04&http://www.smb.compaq.com/dstore/html/interactive/n410/evo410.html?c=cnet_3D)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.city.north-bay.on.ca/scripts/AxisCamControl.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab)

this file C:\WINDOWS\System32\zukcasmc.exe was already gone, so I couldn't find and delete it under safe mode. everything all right now?

it seems not, I use the www.papa-roach.com as a test website coz everytime I open it, several windows pop up, will it be the same on your computer?

looking much better. :)

did you try fixing the 013 items?
you should try fixing them again, and also this one:
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

the viewpoint media player is considered spyware by many people. (if you have aol, then it may regenerate the program upon reboot) read here and make up your own mind:

http://www.kephyr.com/spywarescanner/library/viewpointmediaplayer/index.phtml

if you decide to remove it, fix it with hjt, then after a reboot, use the control panel's add/remove programs to uninstall.

cheers

its much better, less windows

I just found out www.papa-roach.com is not the official website, so many windows,I think I will fix the rest

Thanks a lot!

Cheers

Ad-aware 6.2 Is coming out soon I think and you there is a feature that you can scan the file before you open it, if there is spyware or not. This feature is like an AV.