Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 4th, 2008, 2:46pm
   Mischel Internet Security Forum
   Other
   Test Board
   scan log		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: scan log  (Read 2606 times)
ferg
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 3
scan log
« on: Aug 11th, 2003, 10:16am »		 Quote Quote  Modify Modify
Any trojans?
IP Logged
ferg
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 3
Re: scan log
« Reply #1 on: Aug 11th, 2003, 10:21am »		 Quote Quote  Modify Modify
Logfile of HijackThis v1.95.0
Scan saved at 1:04:02 AM, on 8/11/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\winnt\system32\serv-u.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 3.5\THGuard.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINNT\System32\mdm.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Temp\New Folder\HijackThis.exe
IP Logged
ferg
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 3
Re: scan log
« Reply #2 on: Aug 11th, 2003, 10:22am »		 Quote Quote  Modify Modify
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://i-lookup.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: GL AD Free - {20E5DE3E-3D2C-4E4F-969E-6C3F00354BC7} - C:\WINNT\system32\GLAd.dll
O2 - BHO: ineb Helper - {61D029AC-972B-49FE-A155-962DFA0A37BB} - C:\WINNT\System32\ineb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINNT\System32\ineb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg  "Office 2000 Server Extensions"  
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.5\THGuard.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\SURECL~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Popup Terminator.lnk = C:\Program Files\GleanerSoftPopupTerminator\GLADManager.exe
O9 - Extra button: Popup Terminator (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/098ba2f8dd76cafc6218/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://hanky-panky-college.com/live.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37798.57 04513889
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371} (Inst Class) - http://toolbar2.i-lookup.com/toolbar/ineb.cab
 
IP Logged
acheton
Original Gangster
******





   


Gender: male
 Posts: 1162
Re: scan log
« Reply #3 on: Aug 11th, 2003, 10:25am »		 Quote Quote  Modify Modify
Welcome to the board ferg, no idea about whether there is anything to worry about. You might be better off posting to the Software or Ten Forward forums to get a response. Or perhaps post a link...
 
Ach Wink
IP Logged
"What success a man builds from his gifting can be destoyed in a moment because of his character."
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2038
Re: scan log
« Reply #4 on: Aug 11th, 2003, 10:48am »		 Quote Quote  Modify Modify
Quote:
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"  
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\SURECL~1\PopUpStopperProfessional.exe

 
Not sure why you are running both of these PopUp Stoppers?  You have a quite a bit of things running on there that are taking up your resources without doing much for you.  A better forum than this would probably be Computer Cops. However, nothing stands right out that is a trojan but you are running some adware and some programs that track your internet downloads.  I am a little reluctant to tell you which ones without knowing more about your level of computer ability, cause I don't want you to crash your computer with a paniced removal.  Nothing that you have is really critically bad, but it looks like a computer where someone downloads too many things without questioning do I really need this or not.  I hope you take this as I mean it, which is you are not doing anything that a thousand other people do, but if your interested there are a few websites that you could check to improve your downloading habits.
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: scan log
« Reply #5 on: Aug 11th, 2003, 11:21am »		 Quote Quote  Modify Modify
Still looking.
 
However, make sure you're blocking Distibuted COM services (DCOM and RPCSS) in your firewall - those Lexmark printer drivers try to communicate your 'usage' to Lexmark (LexBCE and it's derivatives are the main problem).
 
Unless you absolutely need it, allowing DCOM out to play can leave your PC open to attack. It's okay running locally, and the only reason you might want to run it over any network is if your printer is a network-enabled version and you connect via ethernet to it, rather than USB or LPT ports.
 
Have a look in the following Registry locations:
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc - there should only be a few entries (I have 3 on this PC; ClientProtocols, SecurityServices and ServerProtocols with 4, 3 and 2 entries respectively)
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE - make sure the EnableRemoteConnect key is set to 'N' (it's default value). AND unless you have a need to run remote services over a network, you can also set EnableDCOM to 'N'.
IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register