Tech Support Forum - View Single Post - Got quite a mess today

krikori · 04-20-2005, 09:16 AM

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:14:08 AM, on 4/20/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
C:\Program Files\JavaSoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\WINNT\system32\PDesk\PDesk.exe
c:\winnt\system32\rsodrrv.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mygene.ne.ge.com/portal/mypag....asp?UserID=2&
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Energy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http-proxy.geps.ge.com:80;https=http-proxy.geps.ge.com:80;ftp=http-proxy.geps.ge.com:80;gopher=http-proxy.geps.ge.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [RUNCIS] C:\Program Files\1E\CIS\\RUNCIS.EXE
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [Asset Insight SUM] C:\INSIGHT\TOOLS\AISOFTMN.EXE -B
O4 - HKLM\..\Run: [VerifyStartMenu] RunDLL32 C:\NETMANAG.32\NMGOINN.DLL,VerifyStartMenu
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:English
O4 - HKLM\..\Run: [amrbiuo] c:\winnt\system32\rsodrrv.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_01) - http://thor.ne.ge.com:7001/ematrix/a...1_01-win-i.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ne.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ne.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ne.ge.com
O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:\INSIGHT\TOOLS\Aiclient.EXE
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SAVRoam - symantec - C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe

End of KRC HijackThis Analyzer Log.
====================================================================

04-20-2005, 09:16 AM	#3 (permalink)
krikori Registered User Join Date: Aug 2004 Posts: 22 OS: WinXP	Followup KRC Log ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 8:14:08 AM, on 4/20/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE C:\WINNT\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe C:\Program Files\JavaSoft\JRE\1.3.1\bin\javaw.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe C:\WINNT\system32\PDesk\PDesk.exe c:\winnt\system32\rsodrrv.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mygene.ne.ge.com/portal/mypag....asp?UserID=2& R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Energy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http-proxy.geps.ge.com:80;https=http-proxy.geps.ge.com:80;ftp=http-proxy.geps.ge.com:80;gopher=http-proxy.geps.ge.com:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js) O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [RUNCIS] C:\Program Files\1E\CIS\\RUNCIS.EXE O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE O4 - HKLM\..\Run: [Asset Insight SUM] C:\INSIGHT\TOOLS\AISOFTMN.EXE -B O4 - HKLM\..\Run: [VerifyStartMenu] RunDLL32 C:\NETMANAG.32\NMGOINN.DLL,VerifyStartMenu O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [MGA_CD_Install] E:\mgasetup.exe /No_Welcome /Lang:English O4 - HKLM\..\Run: [amrbiuo] c:\winnt\system32\rsodrrv.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_01) - http://thor.ne.ge.com:7001/ematrix/a...1_01-win-i.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ne.ge.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ne.ge.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ne.ge.com O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:\INSIGHT\TOOLS\Aiclient.EXE O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: SAVRoam - symantec - C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe End of KRC HijackThis Analyzer Log. ====================================================================