Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 2000 new user problems


  • Please log in to reply
1 reply to this topic

#1 TheSunDevil

TheSunDevil

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 01 June 2005 - 06:40 PM

Hi everyone,

I'm having trouble with a computer at work. It seems to run OK when I use the administrator account, but whenever I create a new account I have trouble. Things like the History in IE not showing up in the browser, not being able to open up the recycle bin, not being to make the language tool-bar go away, and lots of other fun little annoyances occur. So, after running ad-aware and spybot I've decided to give Hijackthis a try.

The computer runs windows 2000. Thanks for the help!


Logfile of HijackThis v1.99.1
Scan saved at 3:18:06 PM, on 6/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:Program FilesIntelASF AgentASFAgent.exe
C:WINNTSystem32svchost.exe
C:Program FilesDellOpenManageClientIap.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINNTsystem32
egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:PROGRA~1WINZIPwzqkpick.exe
C:Documents and SettingsOfficeDesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:PROGRA~1COMMON~1WinToolsWToolsT.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [IgfxTray] C:WINNTsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINNTsystem32hkcmd.exe
O4 - HKLM..Run: [DVDSentry] C:WINNTSystem32DSentry.exe
O4 - HKLM..Run: [owm] C:documents and settings odd vanhouteghenlocal settings empowm.exe
O4 - HKLM..Run: [*tcpanti] C:WINNT
epair cpanti.exe
O4 - HKLM..Run: [Jotybpy] C:Program FilesPvbeqvNehqiq.exe
O4 - HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pp...stemsoappro.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50205/QDow_AS2.cab
O20 - Winlogon Notify: igfxcui - C:WINNTSYSTEM32igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:Program FilesIntelASF AgentASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:Program FilesDellOpenManageClientIap.exe
O23 - Service: ISEXEng - Unknown owner - C:WINNTSystem32angelex.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:WINNTSystem32NMSSvc.exe


P.S. Does anyone have any experience with the HijackThis Analyzers? Are they good at filtering out the problems from a HijackThis log file?

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:45 PM

Posted 02 June 2005 - 08:06 PM

Hello TheSunDevil and welcome to the BC forums. Yes there are some problems here but I need to have you run a new HijackThis log. The one that is posted here has no formatting in it. To run a scan and post a log please do the following:

We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. Start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users