Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help


  • Please log in to reply

#1
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
This is one of my school's computers. See what happens when I don't manage their systems ?!

Logfile of HijackThis v1.98.2
Scan saved at 1:12:27 PM, on 9/9/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\NavNT\defwatch.exe
d:\faircom\ctntserv.exe
D:\FAIRCOM\CTSRVR.EXE
C:\WINNT\System32\llssrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\ZipToA.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\DispCtrl\vi_grm.exe
C:\WINNT\System32\loadwc.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Iomega\Tools_NT\IMGICON.EXE
D:\Microsoft Office\Office\OSA.EXE
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\Common Files\GMT\GMT.exe
D:\Microsoft Office\Office\MSOFFICE.EXE
D:\Follett\CC40\WCIRC\cccirc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
D:\Follett\CC40\WOPAC\ccopac.exe
C:\WINNT\System32\ddhelp.exe
C:\WINNT\Profiles\hibbsc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.twrds.com/...w...YES- To Set
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.ebookcity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.netscape...nsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} -
C:\Program Files\DashBar\DashBar15.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Display Control Panel] C:\DispCtrl\vi_grm.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common
Files\CMEII\CMESys.exe"
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = D:\Microsoft
Office\Office\MSOFFICE.EXE
O4 - Global Startup: Iomega Icons.lnk = C:\Program
Files\Iomega\Tools_NT\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program
Files\Iomega\Tools_NT\STARTNT.EXE
O4 - Global Startup: Office Startup.lnk = D:\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program
Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Refresh.lnk = C:\Program
Files\Iomega\Tools_NT\refresh.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.ebookcity.com/
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://198.213.58.15...sCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shinerisd.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shinerisd.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.18.2.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shinerisd.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 10.18.2.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.18.2.8
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Looks like fun! <_<

-=jonnyrotten=-
  • 0

#3
Smokey

Smokey

    Member 1K

  • Topic Starter
  • Retired Staff
  • 1,423 posts
What do you suggest?
  • 0

#4
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
hey nathan

i also manage my schools computers and find them so AHH sometimes, you can try to fix this with the log, but what i found helped the best was to wipe them clean and start fresh basically, all the information is already on the network so you dont have to worry about backing up information and puttting it back on the network is pretty simple...good luck
  • 0

#5
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
I would say use normal procedure, and make sure the 017 entries are removed and reset the hosts file. Unless I'm missing something big in there?

-=jonnyrotten=- <_<
  • 0

#6
Smokey

Smokey

    Member 1K

  • Topic Starter
  • Retired Staff
  • 1,423 posts
Why the 017s?
  • 0

#7
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Domain Hijacks.

-=jonnyrotten=- <_<
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe <- Gator Spyware

O4 - Global Startup: PrecisionTime.lnk = C:\Program
Files\PrecisionTime\PrecisionTime.exe <- Spyware

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm <- spyware
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm <- spyware

Ad-aware should remove all of these. The O17's look normal to me for a computer hooked to your schools network. <_<
  • 0

#9
Smokey

Smokey

    Member 1K

  • Topic Starter
  • Retired Staff
  • 1,423 posts
Yes, you're right admin, 017s are for the network. Look at the IE version, 5.00 <_<! I can't even log into my gmail account with it, minimum is IE 5.5! The OS is poorly outdated as well :D. Thanks a lot for your help. :D

P.S. This looks like it's unwanted as well:

C:\Program Files\DashBar\ and the http://www.ebookcity.com/ lines

Also Hemal, I don't want to wipe this one clean as it is the library's pc with all the students information on it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP