could someone please take a peak...

Discussion in 'adware, spyware & hijack cleaning' started by Will44, Dec 3, 2003.

Thread Status:
Not open for further replies.
  1. Will44

    Will44 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    7
    hello,

    could someone please take a peak at the following log and let me know what you think

    thanks in advance,
    /will
     
  2. Will44

    Will44 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    7
    oops...

    Logfile of HijackThis v1.97.7
    Scan saved at 4:34:26 PM, on 12/3/03
    Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\RpcSs.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolss.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\mgasc.exe
    C:\WINNT\System32\mgactrl.exe
    c:\PROGRA~1\Symantec\LIVEUP~1\NAVRoam.exe
    C:\Apps\NETFINITY\NFNTSVC.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\Apps\NETFINITY\netfbase.exe
    C:\NAgent\NSCAGENT.EXE
    C:\Apps\NETFINITY\pfab.exe
    c:\winnt\system32\pstores.exe
    C:\WINNT\system32\MSTask.exe
    C:\DTG\BIN\SUSS.EXE
    C:\Apps\NETFINITY\alertmgr.exe
    C:\Apps\NETFINITY\monbase.exe
    C:\Apps\NETFINITY\CMBASE.EXE
    C:\WINNT\System32\MsgSys.EXE
    C:\WINNT\System32\nddeagnt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\CWB3DSnd.exe
    C:\WINNT\System32\SysTray.exe
    C:\WINNT\System32\MGAHOOK.EXE
    C:\WINNT\System32\loadwc.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINNT\Profiles\lanadmin\Desktop\My Doc's\Wilders.org\HijackThis.exe
    C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.verizon.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CW3DSound] CWB3DSnd.exe
    O4 - HKLM\..\Run: [System Tray] SysTray.exe
    O4 - HKLM\..\Run: [MGA Hook] "C:\WINNT\System32\MGAHOOK.EXE"
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) - http://cmisweb.tel.gte.com:8080/plugin/1.4/j2re-1_4_1_02-windows-i586.exe
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = verizon.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = verizon.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 161.128.136.111 161.128.8.111
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 161.128.136.111 161.128.8.111
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi Will44,

    Check this item in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe

    Then reboot and delete:
    C:\Program Files\Srng <= the entire folder (if still present)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.