MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HiJackThis Log - Review Request
April 06, 2020, 12:06:25 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 06, 2020, 12:06:25 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: HiJackThis Log - Review Request  (Read 1400 times)
digger36
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 46


Bookmark and Share

View Profile
« on: September 03, 2005, 10:12:16 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Win/XP-Pro SP-2
Problem Application Name & Version: HiJackThis Log
Problem Hardware Make & Model:
Error Messages:




Believe that all of the suggested pre-processes have been run.
Tried to attach this as a file but the attempt was rejected withOUT any clear explanation as to the reason; have therefore included it as imbedded text; hope this is OK.

Comments appreciated..
Thanks,,,


Logfile of HijackThis v1.99.1
Scan saved at 12:07:56 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\NEROUL6F\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\GRIAVG7A\avgamsvr.exe
D:\GRIAVG7A\avgupsvc.exe
D:\VCOM\FixIt\mxtask.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
F:\WINFAX\WFXMOD32.EXE
D:\VCOM\FixIt\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\kmw_run.exe
D:\GRIAVG7A\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
D:\HP7550\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
D:\QUIKTIM5\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\HP7550\HP Share-to-Web\hpgs2wnf.exe
G:\CAERE\OmPro8A\opware32.exe
D:\NEROUL6F\InCD\InCD.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\WINDOWS\System32\rundll32.exe
F:\WINFAX\WFXCTL32.EXE
C:\Program Files\PDF-XChange SDK EndUser\PDFSaver.exe
G:\corel8a\Programs\MFIndexer.exe
D:\UMAXSCAN\vsaccess.exe
C:\WINDOWS\system32\wuauclt.exe
F:\NETSCP72\NETSCP.EXE
D:\CLIPMATE\ClipMa51\ClipMt51.exe
D:\HIJACKTS\HijackT3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
F3 - REG:win.ini: run= D:\WD2000E\WD2000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\ADOBE\ACRBTRD6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SDHelper.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [RCScheduleCheck] D:\VCOM\RecovCmd\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\GRIAVG7A\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\HP7550\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUIKTIM5\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\COREL12B\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091605 serial=dr12wex-1504435-fce lang=EN
O4 - HKLM\..\Run: [OmniPage] G:\CAERE\OmPro8A\opware32.exe
O4 - HKLM\..\Run: [InCD] D:\NEROUL6F\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [Ilru] C:\Documents and Settings\MAIN222\Application Data\loro.exe
O4 - HKCU\..\Run: [Psat] C:\Documents and Settings\MAIN222\Application Data\tasr.exe
O4 - HKCU\..\Run: [NBJ] "D:\NEROUL6F\Nero BackItUp\NBJ.exe"
O4 - Startup: SUBST01.BAT
O4 - Startup: UMAX VistaAccess.lnk = D:\UMAXSCAN\vsaccess.exe
O4 - Global Startup: Controller.LNK = F:\WINFAX\WFXCTL32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChange SDK EndUser\PDFSaver.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = G:\corel8a\Programs\MFIndexer.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\GRIAVG7A\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\GRIAVG7A\avgupsvc.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - D:\VCOM\FixIt\mxtask.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\NEROUL6F\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

« Last Edit: September 03, 2005, 11:00:50 PM by Geekgirl » Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: September 03, 2005, 10:58:55 PM »

You have 3 antivirus programs running, please uninstall 2 of them to avoid conflicts and system slow downs.

After uninstalling those please post a fresh HJT log
« Last Edit: September 03, 2005, 11:01:17 PM by Geekgirl » Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
digger36
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 46


Bookmark and Share

View Profile
« Reply #2 on: September 03, 2005, 11:33:57 PM »

Hello:
I only know of two A-V progs and believe one of them is DISabled.

Pls advise which three that you are seeing and recommend the one that should survive.

Thanks,,
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #3 on: September 03, 2005, 11:38:59 PM »

I see AVG, Norton and McAfee
« Last Edit: September 03, 2005, 11:39:16 PM by Geekgirl » Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
digger36
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 46


Bookmark and Share

View Profile
« Reply #4 on: September 04, 2005, 09:17:13 PM »

Believe that Norton AntiVirus was NOT active, and that McAfee'sd only feature was AntiSpy.
Anyway have UNinstalled AVG/GRI and Norton momentarily to get a "cleaner" HJT log.
There are two(2) logs following: From SAFE mode and Normal mode.
Advice appreciated.


---- Following is from the system in SAFE mode ..............................
Logfile of HijackThis v1.99.1
Scan saved at 2:01:24 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\HIJACKTS\HijackT3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
F3 - REG:win.ini: run= D:\WD2000E\WD2000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\ADOBE\ACRBTRD6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SDHelper.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [RCScheduleCheck] D:\VCOM\RecovCmd\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\HP7550\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUIKTIM5\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\COREL12B\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091605 serial=dr12wex-1504435-fce lang=EN
O4 - HKLM\..\Run: [OmniPage] G:\CAERE\OmPro8A\opware32.exe
O4 - HKLM\..\Run: [InCD] D:\NEROUL6F\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [Ilru] C:\Documents and Settings\MAIN222\Application Data\loro.exe
O4 - HKCU\..\Run: [Psat] C:\Documents and Settings\MAIN222\Application Data\tasr.exe
O4 - HKCU\..\Run: [NBJ] "D:\NEROUL6F\Nero BackItUp\NBJ.exe"
O4 - Startup: SUBST01.BAT
O4 - Startup: UMAX VistaAccess.lnk = D:\UMAXSCAN\vsaccess.exe
O4 - Global Startup: Controller.LNK = F:\WINFAX\WFXCTL32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChange SDK EndUser\PDFSaver.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = G:\corel8a\Programs\MFIndexer.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - D:\VCOM\FixIt\mxtask.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\NEROUL6F\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
==================================================================================================

---- Following is from the system in Normal mode ..............................
Logfile of HijackThis v1.99.1
Scan saved at 2:05:01 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\NEROUL6F\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\VCOM\FixIt\mxtask.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
F:\WINFAX\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
D:\VCOM\FixIt\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
D:\HP7550\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
D:\QUIKTIM5\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
G:\CAERE\OmPro8A\opware32.exe
D:\HP7550\HP Share-to-Web\hpgs2wnf.exe
D:\NEROUL6F\InCD\InCD.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\WINDOWS\System32\rundll32.exe
F:\WINFAX\WFXCTL32.EXE
C:\Program Files\PDF-XChange SDK EndUser\PDFSaver.exe
G:\corel8a\Programs\MFIndexer.exe
D:\UMAXSCAN\vsaccess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\HIJACKTS\HijackT3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
F3 - REG:win.ini: run= D:\WD2000E\WD2000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\ADOBE\ACRBTRD6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\spybot\SDHelper.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [RCScheduleCheck] D:\VCOM\RecovCmd\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\HP7550\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUIKTIM5\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\COREL12B\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091605 serial=dr12wex-1504435-fce lang=EN
O4 - HKLM\..\Run: [OmniPage] G:\CAERE\OmPro8A\opware32.exe
O4 - HKLM\..\Run: [InCD] D:\NEROUL6F\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [Ilru] C:\Documents and Settings\MAIN222\Application Data\loro.exe
O4 - HKCU\..\Run: [Psat] C:\Documents and Settings\MAIN222\Application Data\tasr.exe
O4 - HKCU\..\Run: [NBJ] "D:\NEROUL6F\Nero BackItUp\NBJ.exe"
O4 - Startup: SUBST01.BAT
O4 - Startup: UMAX VistaAccess.lnk = D:\UMAXSCAN\vsaccess.exe
O4 - Global Startup: Controller.LNK = F:\WINFAX\WFXCTL32.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChange SDK EndUser\PDFSaver.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = G:\corel8a\Programs\MFIndexer.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - D:\VCOM\FixIt\mxtask.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\NEROUL6F\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE



Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #5 on: September 05, 2005, 04:40:57 PM »

I dont see anything malicious other than
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Remove that from Add/Remove Programs

What kind of issues are you having?
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
digger36
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 46


Bookmark and Share

View Profile
« Reply #6 on: September 05, 2005, 10:46:41 PM »

GeekGirl:
Appreciate your advice in combing HJT's log.
Had NO idea that ViewPoint was installed or what it did, but based on your advice and after reading about it in a few links from google, I decided that I did not need/want it, so I UNinstalled it.

I had no "issues" as you asked, only wanted a checkup.

As an side issue - it concerns me that after I install any anti-virus program, then I seem to need to explicitly trust it to be in place and doing its job.

 Q. Are you aware of any pseudo-virus files which should be detected by virus routines but which have been rendered harmless by simply never executing the ungood portions of the program code?

If we all could have a few of these around, then we could be assured that our AV progs are in place by trying to send the files to each other and/or invoking them.

Thanks,,

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #7 on: September 05, 2005, 11:00:41 PM »

Your request to have me look at your HJT log is perfectly fine, I am glad you are aware of the destuction that can be invoked on your system.

A note about antivirus programs....there is no 1 program that can detect everything. I do know that some are better than others. Norton is at the bottom of my list and NOD32 is at the top. I personally scan a system with 3 antivirus scanners if I feel the system is in need. And most of them are using either Norton or McAfee. I never had a system infected with a virus that was using NOD32 or Panda. Maybe I just have never came across it yet but this is my experience.

 
quote:
Q. Are you aware of any pseudo-virus files which should be detected by virus routines but which have been rendered harmless by simply never executing the ungood portions of the program code?


I have no idea what you are asking, sorry
 Maybe word it differently Embarrassed
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
digger36
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 46


Bookmark and Share

View Profile
« Reply #8 on: September 05, 2005, 11:19:17 PM »

Will try rewording..

After I install any AV program, then I must trust that it is in place and operating; there seems to be NO WAY to test any of them. If they are inherently faulty or if something else has come along and cleverly made them INoperative, then there is NO way to really tell.

What I was seeking is some way of testing to verify that the AV progs are actually INplace and doing what they should.

My vision of performing this test is that there would be several reasonably well-known virus code chunks imbedded in some test files in such a way that the AV progs should find the bad code when inspecting it but that the code could not actually be executed if the file were invoked (e.g., a branch/return at the entry point to the file).
Sorta analagous to a plastic toy handgrenade that could be seen but still be harmless even if the pin were pulled and the handle released.
This would be somewhat akin to testing an airport baggage screening system.

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #9 on: September 12, 2005, 10:47:12 PM »

quote:
After I install any AV program, then I must trust that it is in place and operating; there seems to be NO WAY to test any of them. If they are inherently faulty or if something else has come along and cleverly made them INoperative, then there is NO way to really tell.

This is correct, only knowledge of a good antivirus program can you avoid this.

Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 10, 2017, 05:32:00 AM