Sponsored By

culinfl

Members
  • Content Count

    4
  • Joined

  • Last visited

About culinfl

  • Rank
    Member
  1. Also whenever I try to run the virus scan www.trendmicro.com IE crashes, see attached.
  2. I did as you suggested and found a few problems. I found gqkrs.dll and deleted it. I also cleaned the machine using HJT. How ever I still have the "about" home page problem. Here is the new log: Logfile of HijackThis v1.99.1 Scan saved at 3:01:24 PM, on 5/4/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\addvq32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe c:\insight\tools\AICLIENT.EXE C:\WINNT\System32\Ati2evxx.exe c:\interSOC\ids\blackd.exe C:\WINNT\system32\CRYPSERV.EXE C:\PROGRA~1\NavNT\DefWatch.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe C:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe C:\Program Files\JavaSoft\JRE\1.3.0_01\bin\javaw.exe C:\WINNT\system32\LxrJD31s.exe C:\Program Files\Panasonic\MeiWDS\MeiWds.exe C:\PROGRA~1\NavNT\rtvscan.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINNT\system32\regsvc.exe C:\PROGRA~1\NavNT\savroam.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\fpapli.exe C:\WINNT\System32\hkeyman.exe C:\WINNT\system32\Tprbtn.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINNT\system32\PRPCUI.exe C:\PROGRA~1\NavNT\vptray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\addfy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Panasonic\MEISKB\MeiSKB.exe C:\PROGRA~1\Webshots\webshots.scr C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy.geps.ge.com:3128;gopher=http-proxy.geps.ge.com:3128;http=http-proxy.geps.ge.com:3128;https=https-proxy.geps.ge.com:3128;socks=http-proxy.geps.ge.com:3128 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5F15F26C-81EE-4FFA-8B9A-39913016CD37} - C:\WINNT\system32\netra.dll O2 - BHO: (no name) - {D287B913-740E-605C-9967-D4EEFBA2E464} - C:\WINNT\system32\ntgw.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [scroller] fpapli.exe O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [addfy.exe] C:\WINNT\system32\addfy.exe O4 - HKLM\..\Run: [sdkpn.exe] C:\WINNT\system32\sdkpn.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Software Keyboard.lnk = C:\Program Files\Panasonic\MEISKB\MeiSKB.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\addvq32.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Asset Insight Client (AICLIENT) - Tangram® Enterprise Solutions, Inc - c:\insight\tools\AICLIENT.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - c:\interSOC\ids\blackd.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\CRYPSERV.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe O23 - Service: LogServerShell - Unknown owner - C:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe O23 - Service: WDS Server (meiwds) - Unknown owner - C:\Program Files\Panasonic\MeiWDS\MeiWds.exe" -service (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SAVRoam - symantec - C:\PROGRA~1\NavNT\savroam.exe O23 - Service: TaskManagerShell - Unknown owner - C:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe Again thanks for your help.
  3. I will be doing all this tonite. Thanks for teh help. I'll post results. C.
  4. I keep getting this about.blank web page when I open IE. I also get pop ups advertising spyware removers!!!! I ran Hijackthis and here is the log: Logfile of HijackThis v1.99.1 Scan saved at 10:02:17 AM, on 4/28/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe c:\insight\tools\AICLIENT.EXE C:\WINNT\System32\Ati2evxx.exe c:\interSOC\ids\blackd.exe C:\WINNT\system32\CRYPSERV.EXE C:\PROGRA~1\NavNT\DefWatch.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe C:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe C:\Program Files\JavaSoft\JRE\1.3.0_01\bin\javaw.exe C:\WINNT\system32\LxrJD31s.exe C:\Program Files\Panasonic\MeiWDS\MeiWds.exe C:\PROGRA~1\NavNT\rtvscan.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINNT\system32\regsvc.exe C:\PROGRA~1\NavNT\savroam.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\fpapli.exe C:\WINNT\System32\hkeyman.exe C:\WINNT\system32\Tprbtn.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINNT\system32\PRPCUI.exe C:\PROGRA~1\NavNT\vptray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\system32\winsn.exe C:\WINNT\system32\syssg32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Entropia\Entropia Client\bin\entropia.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Panasonic\MEISKB\MeiSKB.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\System32\wisptis.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\peraleju\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gqkrs.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy.geps.ge.com:3128;gopher=http-proxy.geps.ge.com:3128;http=http-proxy.geps.ge.com:3128;https=https-proxy.geps.ge.com:3128;socks=http-proxy.geps.ge.com:3128 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {402791F6-FBDB-0DE4-9CCF-B2B6F4AD32B2} - C:\WINNT\iplq.dll O2 - BHO: GetPostLog module - {C9B0D3DC-DC2B-4a17-8E34-02CD4C1E573F} - C:\WINNT\gpl.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [scroller] fpapli.exe O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [RUNCIS] C:\Program Files\1E\CIS\\RUNCIS.EXE O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Entropia Client] C:\Program Files\Entropia\Entropia Client\bin\Launcher.exe -Startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [winsn.exe] C:\WINNT\system32\winsn.exe O4 - HKLM\..\RunOnce: [syssg32.exe] C:\WINNT\system32\syssg32.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Software Keyboard.lnk = C:\Program Files\Panasonic\MEISKB\MeiSKB.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15b531c1828480...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\winwg32.exe (file missing) O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Asset Insight Client (AICLIENT) - Tangram® Enterprise Solutions, Inc - c:\insight\tools\AICLIENT.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - c:\interSOC\ids\blackd.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\CRYPSERV.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe O23 - Service: LogServerShell - Unknown owner - C:\Program Files\Entropia\Entropia Client\Bin\LogServerShell.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe O23 - Service: WDS Server (meiwds) - Unknown owner - C:\Program Files\Panasonic\MeiWDS\MeiWds.exe" -service (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SAVRoam - symantec - C:\PROGRA~1\NavNT\savroam.exe O23 - Service: TaskManagerShell - Unknown owner - C:\Program Files\Entropia\Entropia Client\Bin\TaskManagerShell.exe Please advise...any help will be greatly appreciated! J.