1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Home work computer - Hijackthis log....

Discussion in 'Virus & Other Malware Removal' started by wendy67, Feb 8, 2005.

Thread Status:
Not open for further replies.
  1. wendy67

    wendy67 Thread Starter

    Joined:
    Jan 7, 2005
    Messages:
    12
    Hi guys,
    well this is my home work computer and I not exactly sure what happend, but I tried to turn the computer on and it would not allow me to access. So, I managed to login in safe mode and change the password. However, when I finnally was able to log in, everything was reset, including my e-mail account in outlook. I haven't tried logging into my work server yet I figured I better get this under control. I ran (in safe mode) Ad-aware and Search and destroy, only because it wouldn't work in normal mode, then I rebooted, ran Panda, tried to run housecall but that one did not work, then I downloaded F-Prot antivirus, only because I could not install the firewall it keep giving me an error about my K drive (strange because I don't have a k dive. Then I ran the about buster. So, here is the highjackthis log, can anyone help??? I keep getting this message from the F-Prot thing regarding ieor32.exe, don't know what it is but I thing it's doing something.....

    Logfile of HijackThis v1.99.0
    Scan saved at 5:25:04 PM, on 2005-01-23
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\etlisrv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\FSI\F-Prot\fpavupdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\crqr.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINNT\system32\ieor32.exe
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\WINNT\system32\internat.exe
    C:\WINNT\system32\etlitr50.exe
    C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\trwga.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\trwga.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\trwga.dll/sp.html#29126
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hc-sc.gc.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {15F25929-50E6-C44B-FE20-C1A8F6032FA3} - C:\WINNT\crxy.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [outpost_uninst] C:\WINNT\Temp\_uninstop.exe /u
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ieor32.exe] C:\WINNT\system32\ieor32.exe
    O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\system32\dxdllreg.exe
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://downloads.netscape.com/searc...ar/netscape.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Entrust Login Interface - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
    O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Workstation NetLogon Service - Unknown - C:\WINNT\system32\ipep32.exe (file missing)
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hello Wendy.......

    Can you please run AboutBuster once more and post the log,along with a fresh hijackthis log.

    ;)
     
  3. wendy67

    wendy67 Thread Starter

    Joined:
    Jan 7, 2005
    Messages:
    12
    Thank you steve. I ran AboutBuster and here is the fresh hijackthis log.

    Logfile of HijackThis v1.99.0
    Scan saved at 12:42:22 PM, on 2005-02-12
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\etlisrv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\FSI\F-Prot\fpavupdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\etlitr50.exe
    C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hc-sc.gc.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://downloads.netscape.com/search/toolbar/netscape.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O17 - HKLM\System\CS3\Services\Tcpip\..\{2097F5F7-551B-4F72-A576-2B4844FA7935}: Domain = hc-sc.gc.ca
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Entrust Login Interface - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
    O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

    Thanks again.... I look forward to finding out if this can fixed...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328128

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice