Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 4 posts
Okay. I'm at a computer at my job and it has a program on it that makes it delete everything once you restart it.
I want to deactivate this program, but I don't know where to find it.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:11:34 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\staff\Desktop\Yeah\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broward.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broward.edu
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.broward.edu
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171661765296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171661753078
O17 - HKLM\Software\..\Telephony: DomainName = broward.edu
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

End of file - 7448 bytes

Please help.
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I got a different question.
I figured it out, but I don't know the password to the deepfreeze.
Help me out.
Is there anyway around that?
  • 0




  • Member
  • PipPip
  • 36 posts
I'm sorry but I nor anyone else here (I think) will be able (or willing) to help you,
unless you run into a hacker :whistling:
1.The computer does not seem to be yours (it's at your workplace)
2.If it were, you would have know the program and password
3.If found out you will lose your job,be charged or both.

If you need to save something that is valuable,contact the Administrator or
the person who installed Deep Freeze.
They obviously had a reason to install it :blink:
(Possibly to protect the system from people like you :help: )

If I got this all wrong,sorry,but that's how I see it.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks, but I figured it out.
  • 0




  • Member
  • PipPip
  • 36 posts
You're welcome.
I'm not sure what you figured out,
but if you somehow deleted DeepFreeze it will be detected at some point.

If your company has a System Audit in place,
the next scan of all computers on the system will reveal the discrepancy.
It could be a few hours from now or tomorrow,
it all depends how often they scan.

All I can say is that it's your hide that's on the line :whistling:
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
removed innapropriate link

Edited by starjax, 15 June 2007 - 06:55 AM.

  • 0




  • Member
  • PipPip
  • 36 posts
Hi Thanks for the feedback.
This is obviously a (illegal ?) hack.

My previous caution still stands.
Hope your last days on the job will be enjoyable :whistling:
  • 0



    Global Moderator

  • Global Moderator
  • 6,585 posts

You are in violation of our ToS. We do not assist in hacking or illegally modifying programs. I have notted the info and refered to an administrator for further review.

DiggerP, in the future please notify a staff member so we can nip these kind of issues in the bud.

If you have any questions please feel free to contact any mod/admin.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP