Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URL HiJack in Microsoft Outlook

Started by mparham2001 , May 09 2005 08:33 PM

  • Please log in to reply

#1
mparham2001
Posted 09 May 2005 - 08:33 PM

mparham2001

    New Member

  • Member
  • Pip
  • 1 posts
I have a Win2K server running IE6 and Terminal Services desktops. One of the desktop apps is Microsoft Outlook connecting to exchange. I have a reoccuring problem where the url links won't work in the e-mail messages. The only way I can temporaily fix is to go to the Internet Properties, Programs, and reset web settings. As soon as I log out and back in, the problem returns. I can't help but think that this is a form of hijacking taking place. Please review this log and let me know if something jumps out at you. I've run Trend Micro online as well as a scheduled MS Spyware removal on daily basis, but this won't go away.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:39 PM, on 5/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\smss.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\services.exe
M:\WINNT\system32\lsass.exe
M:\WINNT\System32\termsrv.exe
M:\WINNT\system32\svchost.exe
M:\WINNT\system32\spoolsv.exe
M:\WINNT\System32\msdtc.exe
M:\PROGRA~1\NAV\DefWatch.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\System32\cba\pds.exe
M:\WINNT\System32\llssrv.exe
M:\WINNT\system32\regsvc.exe
M:\WINNT\system32\MSTask.exe
M:\PROGRA~1\NAV\Rtvscan.exe
M:\WINNT\System32\WBEM\WinMgmt.exe
M:\WINNT\system32\svchost.exe
M:\WINNT\system32\Dfssvc.exe
M:\WINNT\System32\encsvc.exe
M:\WINNT\System32\Citrix\IMA\imasrv.exe
M:\WINNT\system32\mfcom.exe
M:\WINNT\System32\cdmsvc.exe
M:\WINNT\System32\ctxxmlss.exe
M:\WINNT\System32\SCardSvr.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\system32\logon.scr
M:\WINNT\system32\winlogon.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\inetsrv\inetinfo.exe
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\ops\EXE\MAINNG.EXE
M:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
M:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
M:\Program Files\Microsoft Office\Office\WINWORD.EXE
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
M:\WINNT\System32\ssflwbox.scr
M:\WINNT\system32\winlogon.exe
M:\ops\EXE\MAINNG.EXE
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\rdpclip.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Downloads\SRC\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = M:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = M:\WINNT\system32\blank.htm
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
F2 - REG:system.ini: UserInit=M:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - M:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - M:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "M:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [vptray] M:\PROGRA~1\NAV\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "M:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = M:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = M:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = M:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - M:\Documents and Settings\Administrator.OANDP\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - M:\Documents and Settings\Administrator.OANDP\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'm:\documents and settings\administrator.oandp\windows\system32\rnr20.dll' missing
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25E369D-B80A-4361-A361-E96BEA139F47}: NameServer = 192.168.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O20 - AppInit_DLLs: mfaphook.dll
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O20 - Winlogon Notify: NavLogon - M:\WINNT\system32\NavLogon.dll
O23 - Service: Alerter - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Client Network (CdmService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: Citrix WMI Service (CitrixWMIService) - Citrix Systems, Inc. - M:\WINNT\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Citrix XML Service (CtxHttp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - M:\PROGRA~1\NAV\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Encryption Service - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\encsvc.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax Service (Fax) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\faxsvc.exe (file missing)
O23 - Service: Independent Management Architecture (IMAService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\Citrix\IMA\imasrv.exe (file missing)
O23 - Service: Intel PDS - Intel® Corporation - M:\WINNT\System32\cba\pds.exe
O23 - Service: Server (lanmanserver) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: License Logging Service (LicenseService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Messenger - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - M:\WINNT\system32\mfcom.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - M:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: File Replication (NtFrs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - M:\Documents.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\MSTask.exe (file missing)
O23 - Service: RunAs Service (seclogon) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - M:\PROGRA~1\NAV\Rtvscan.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: Telnet (TlntSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\UtilMan.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\Services.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)

Thanks in advance for all your assistance.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP