Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wrap32.exe


  • Please log in to reply
1 reply to this topic

#1 Brenda13

Brenda13

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 07 July 2005 - 10:13 AM

I was getting messages that wrap32.exe was trying to access the internet from my Zone Alarm Firewall. I searched for that online & found a suggestion that I use HijackThis and send in my log. So here it is!

Logfile of HijackThis v1.99.1
Scan saved at 10:58:46 AM, on 07/07/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\spoolss.exe
D:\WINNT\System32\drmon\smartagt\smartagt.exe
D:\WINNT\system32\RpcSs.exe
C:\Program Files\navapsvc.exe
d:\winnt\system32\pstores.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\nddeagnt.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\DACONFIG.EXE
D:\WINNT\loadqm.exe
D:\WINNT\System32\MSWHEEL.EXE
C:\PROGRAM FILES\PrecisionScan\hpsjbmgr.exe
D:\WINNT\System32\qttask.exe
C:\PROGRA~1\navapw32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\directcd\DIRECTCD.EXE
C:\PROGRA~1\POP-UP~2\dpps2.exe
C:\BBPROG~1\FDF\FAST2.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINNT\system32\HPRtry07.exe
C:\Program Files\PrecisionScan\hpppt.exe
D:\Program Files\Microsoft Office\Office\1033\msoffice.exe
D:\WINNT\system32\tapisrv.exe
C:\BB Programs\Hijack This\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\BB Programs\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [TIPS] D:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] D:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [PCDRealtime] D:\WINNT\realtime.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hpsjbmgr] C:\PROGRAM FILES\PrecisionScan\hpsjbmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\navapw32.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] c:\PROGRA~1\directcd\DIRECTCD.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\POP-UP~2\dpps2.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC 1Click Daily Scan] C:\BB Programs\pc1click\pc1click.exe /background
O4 - HKCU\..\Run: [ScrabbleSetup.exe] D:\WINNT\Profiles\ADMINI~1\Desktop\SCRABB~1.EXE /r
O4 - HKCU\..\Run: [BigSmileys] "C:\BB Programs\BigSmileys\bigsmileys.exe" startup
O4 - HKCU\..\Run: [Pixbyte AntiSpam Professional] C:\Program Files\Pixbyte\AntiSpam\AntiSpam.exe
O4 - HKCU\..\Run: [FAST Defrag] C:\BBPROG~1\FDF\FAST2.EXE -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\BBPROG~1\POP-UP~1\PSFree.exe"
O4 - Startup: Outlook.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O4 - Startup: Iexplore.exe.lnk = D:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
O4 - Global Startup: HP 2000C Taskbar Icon.lnk = system32\HPRtry07.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Parallel Port Test.lnk = C:\Program Files\PrecisionScan\hpppt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.2005seniorgames.org
O15 - Trusted Zone: http://www.yahoo.americangreetings.com
O15 - Trusted Zone: http://symantec.atgnow.com
O15 - Trusted Zone: http://www.brookviewcottage.com
O15 - Trusted Zone: http://i.euniverse.com
O15 - Trusted Zone: http://www.flowgo.com
O15 - Trusted Zone: http://www.ichhabkeininternet.de
O15 - Trusted Zone: http://www.brl.ntt.co.jp
O15 - Trusted Zone: http://news.pittsburghregion.org
O15 - Trusted Zone: http://www.ripleys.com
O15 - Trusted Zone: http://www.riversongs.com
O15 - Trusted Zone: http://www.spotlight.tv
O15 - Trusted Zone: http://www.talk.sprintpcs.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: http://www.symantecstore.com
O15 - Trusted Zone: http://*.weather.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 151.201.0.39 151.201.0.38
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 151.201.0.39 151.201.0.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 151.201.0.39 151.201.0.38
O23 - Service: 3Com dRMON SmartAgent PC Software (dRMON SmartAgent) - 3Com Corp. - D:\WINNT\System32\drmon\smartagt\smartagt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINNT\system32\ZONELABS\vsmon.exe

Am I in trouble? Can someone help?

Also, I'm tring to install NAV2005 and got this error message:

"The procedure entry point GetLongPathNameA could not be located in the dynamic link library KERNEL32.dll."

What's up with that????

Thanks so much!

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:35 AM

Posted 08 July 2005 - 07:48 PM

If you still need help, could you post a fresh log please?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users