|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
06-09-2004, 05:46 PM
|
#1 |
|
Mechanical Guru
Join Date: Jul 2000
Location: Husker Country
Posts: 1,472
|
Hijack Log
This log is from a friends computer who keeps getting an error from Zone Alarm that Internet Explorer is attempting to send an illegal email and asks him to accept or deny.
Logfile of HijackThis v1.97.7 Scan saved at 2:50:30 PM, on 6/9/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\gearsec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\CloneCD\CloneCDTray.exe C:\PROGRA~1\POP-UP~1\dpps2.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe D:\ZoneAlarm\ZoneAlarm\zlclient.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\BuzMe\RingCentral\BuzMe\RCUI.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Installed Software\Hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find4u.net/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find4u.net/sp.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=35 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/h.php?aid=35 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=35 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find4u.net/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find4u.net/sp.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=35 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [WinApp32] msapp.exe O4 - HKLM\..\Run: [Windows Management Instrumentation] C:\WINNT\system32\mwd.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKLM\..\Run: [iTunesHelper] E:\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "D:\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Startup: REMIND32.lnk = C:\Program Files\REMINDER\remind32.exe O4 - Startup: TCLOCKEX.lnk = C:\Program Files\TClockEX\TCLOCKEX.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BuzMe.lnk = C:\Program Files\BuzMe\RingCentral\BuzMe\RCUI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: winlogon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Wallpaper (HKLM) O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/game...ts/y/vtm_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...864.5788541667 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/9890/toolbar/2020Search.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E89725-5AA0-4657-AE3D-51BB9F4D4C35}: NameServer = 166.102.165.13 166.102.165.11 I was going to suggest to fix all the Find4U and t.rack.cc entries. Any other opinions? Additions? Also, he gets a winlogon.exe error upon boot up. He has in the line O4 "Global Startup: winlogon.exe" which I do not have - should he do a fix on it as well? Thanks ahead for your replies.
__________________
If you really want to understand - try changing it. Sys specs: NZXT Lexa_Asus P5E_E6750 2.66Ghz_GSkill 2GB PC6400_Mushkin 2GB PC6400_WD SE16 250GB_Pioneer 16x slot dvd_Pioneer 16x dvdrw Mitsumi 1.44_ATI x1600pro 512mb_Linksys WRT54GS_Samsung R237W LCD_Altec Lansing 641_WinXP PRO SP2 |
|
|
|
06-09-2004, 09:24 PM
|
#2 |
|
Lest we forget
Join Date: Jun 2003
Location: Ontario, Canada
Posts: 1,870
|
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
here is how to fully remove it: http://www.doxdesk.com/parasite/ShopNav.html
__________________
redqueen: Antec Sonata, Pentium-D 2.5GHz, MSI G31M3-L, 2GB ram, 320 GB HDD, OpenBSD hal9000: Lenovo T61, 2GB ram, 120 GB HDD, FreeBSD |
|
|
|
|
06-10-2004, 12:49 AM
|
#3 |
|
Mechanical Guru
Join Date: Jul 2000
Location: Husker Country
Posts: 1,472
|
Thanks - is that the only one that appears to be a problem? The other things I mentioned are ok then?
Thanks again. |
|
|
|
|
06-13-2004, 02:26 PM
|
#4 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 36,460
|
The ones you have in red with sp.htm look like a tough one.
http://www.techsupportforum.com/show...784&forumid=50 Do all you can with CWShredder, Spybot, and Ad-Aware first. |
|
|
|
|
06-14-2004, 12:53 AM
|
#5 |
|
Mechanical Guru
Join Date: Jul 2000
Location: Husker Country
Posts: 1,472
|
Thanks glc, I'll check that out. He has ran all the sw's you listed above, he's pretty religious about it.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
