ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Explorer.exe accessing google? (https://www.scoobynet.com/computer-and-technology-related-34/399318-explorer-exe-accessing-google.html)

Jiggerypokery 31 January 2005 04:30 PM
Explorer.exe accessing google?
 
Hello folks,

I recently installed Sygate's Personal Firewall, which has caught explorer.exe trying to access www.google.com.

It doesn't use the same IP every time, it has tried at least three IP addresses (all destination = www.google.com).

Any thoughts on where I should start looking? The process list looks OK, here's the hijackthis log:

Originally Posted by hijackthis
Logfile of HijackThis v1.99.0
Scan saved at 20:49:07, on 29/01/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {03EA853F-12E4-450F-B9D8-94144C60C315} - C:\WINNT\system32\ffpo.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {657BA09C-3AB7-45FC-9146-841ADCFBFC67} - (no file)
O2 - BHO: (no name) - {7B75CA51-5C4B-46B5-8D90-E5232B6F3AFE} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O21 - SSODL: ceSfmsMc - {688671FB-C22C-DB51-273F-75E67DD93BCF} - C:\WINNT\system32\hnk.dll
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
And another thing - why can't I preview posts when Sygate's security level is set to normal?

richs2891 31 January 2005 05:26 PM
the message explorer.exe trying to access www.google.com is you trying to access google web page. (explorer being the application, goole the page on theweb want to visit) You want to click yes and put a tick in the remember these setting box.
Google has quite a few differnt ip addresses which all resolve to the name google.com

Richard

Jiggerypokery 31 January 2005 05:31 PM
I'm not trying to access google!

It happens randomly, usually on startup, and when not surfing.

richs2891 31 January 2005 05:38 PM
i will have a look tonight at home tonight as run sygate on one of my pc's.
I presume you have run the normal ad aware, spybot, virus scanners to be sure nothing nasty in your pc

Richard

Jiggerypokery 31 January 2005 05:48 PM
Originally Posted by rsarjantson
i will have a look tonight at home tonight as run sygate on one of my pc's.
I presume you have run the normal ad aware, spybot, virus scanners to be sure nothing nasty in your pc

Richard
I run ad-aware personal, Microsoft AntiSpyware and NAV, all up-to-date and clean.

I did have a proxy-agent last week, which kept getting into the temp directory, but the firewall has stopped that reappearing.

Jiggerypokery 31 January 2005 05:57 PM
I have also removed all references to google in the registry, and references and files relating to gtoolbar from the enormous amount of crap which Real Player put on my system.
I have never had a google toolbar installed on IE or any other program (apart from the above, which I wasn't aware of, with Real Player)


All times are GMT +1. The time now is 07:05 PM.


© 2024 MH Sub I, LLC dba Internet Brands