Tech Support Forum - View Single Post

sunsettseeker · 08-25-2005, 01:31 PM

Hi all,
I am new to all of this. I have lurked a little trying to get it solved on my own but no luck.

So far I have tried:

Symantecs fixes
rdrivrem
run Ewido
run cleanup
run trendmicro and pandascan

Here is my hjt file it was analyzed with HijackThis Analyzer:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:12:34 PM, on 8/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\Hummbird\inetd32.exe
C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Exceed.nt\exceed.exe
C:\Program Files\pgt\imix\daemons\pgtprintd.exe
C:\Program Files\pgt\imix\daemons\shutdown.exe
C:\Program Files\Python\command-center.exe
C:\Program Files\Python\file-chooser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu/
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - Global Startup: exceed.lnk = C:\Program Files\Exceed.nt\exceed.exe
O4 - Global Startup: pgtprintd.lnk = C:\Program Files\pgt\imix\daemons\pgtprintd.exe
O4 - Global Startup: shutdown.lnk = C:\Program Files\pgt\imix\daemons\shutdown.exe
O4 - Global Startup: command-center.lnk = C:\Program Files\Python\command-center.exe
O4 - Global Startup: file-chooser.lnk = C:\Program Files\Python\file-chooser.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124743471203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: Domain = bmb.psu.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: NameServer = 130.204.1.4,128.118.25.3
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINNT\System32\Hummbird\inetd32.exe
O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINNT\win32dev.exe

End of KRC HijackThis Analyzer Log.
====================================================================

Thank you in advance for your help.

08-25-2005, 01:31 PM	#1 (permalink)
sunsettseeker Registered User Join Date: Aug 2005 Posts: 4 OS: 2000	cachecachekit problem Hi all, I am new to all of this. I have lurked a little trying to get it solved on my own but no luck. So far I have tried: Symantecs fixes rdrivrem run Ewido run cleanup run trendmicro and pandascan Here is my hjt file it was analyzed with HijackThis Analyzer: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:12:34 PM, on 8/25/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\System32\Hummbird\inetd32.exe C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE C:\Program Files\Exceed.nt\exceed.exe C:\Program Files\pgt\imix\daemons\pgtprintd.exe C:\Program Files\pgt\imix\daemons\shutdown.exe C:\Program Files\Python\command-center.exe C:\Program Files\Python\file-chooser.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu/ O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe O4 - Global Startup: exceed.lnk = C:\Program Files\Exceed.nt\exceed.exe O4 - Global Startup: pgtprintd.lnk = C:\Program Files\pgt\imix\daemons\pgtprintd.exe O4 - Global Startup: shutdown.lnk = C:\Program Files\pgt\imix\daemons\shutdown.exe O4 - Global Startup: command-center.lnk = C:\Program Files\Python\command-center.exe O4 - Global Startup: file-chooser.lnk = C:\Program Files\Python\file-chooser.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124743471203 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: Domain = bmb.psu.edu O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: NameServer = 130.204.1.4,128.118.25.3 O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINNT\System32\Hummbird\inetd32.exe O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINNT\win32dev.exe End of KRC HijackThis Analyzer Log. ==================================================================== Thank you in advance for your help.