System integrity scan wizard
Hi,
1) I get this message "Suspicious entries have been found in your log. They might be spyware/malware." in Help2Go Detective.
2) I ran Panda Activescan, Housecall, HijackThis and I'm still getting the "System integrity scan wizard" popup. I tried to find the exe files in ..\Local Settings\Application Data\ and in C:\WINNT\system32 but I did not found anything suspicious!
This my log:
--------------
Logfile of HijackThis v1.99.1
Scan saved at 15:58:13, on 17-08-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESOE\ELogSrv.exe
c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe
C:\WINNT\system32\MSTask.exe
c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
C:\WINNT\system32\FLRSERV.EXE
C:\Program Files\Common Files\PnpManager\upnpmngr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ESOE\EDMS\ECIS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ESOE\ECC.exe
C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
C:\Program Files\ESOE\EDMS\ECP.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\msconfig.exe
C:\Program Files\ESOE\ELaunch.exe
c:\Program Files\Hewlett-Packard\eWorkplace\eWLaunch.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internal.ericsson.se/iberia
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-proxy.ericsson.se:3132/ac...d_pac_base.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LidPolicy] C:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [NetManageImport] "C:\PROGRA~1\NETMAN~1\setup\nmcpdata.exe" I
O4 - HKLM\..\Run: [NetManage LaunchNow Init] RunDLL32 C:\Progra~1\NETMAN~1\common\nmgoinn.dll,VerifyStartMenu
O4 - HKLM\..\Run: [StoreCleanup] RunDLL32 c:\progra~1\NETMAN~1\common\nmconfig.dll,StoreCleanup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [IE5MSI] "C:\WINNT\system32\IE5MSI.EXE" /3
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Ericsson Corporate Templates check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\eCorpTemplates2003.exe
O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe
O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe
O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe
O4 - Global Startup: eWorkplace Control Center.lnk = C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
O4 - Global Startup: UCFUPDATE.lnk = C:\Program Files\UCF\UCFUPDATE.exe
O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe
O4 - Global Startup: VN User Update.lnk = C:\Documents and Settings\qpaujor\Application Data\NetManage\Data\VN User Update.exe
O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: WinEvents - C:\WINNT\SYSTEM32\WinEvents.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe
O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe
O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetManage NFS Client (InterDrive) Helper (InterDrive) - NetManage, Inc. - C:\WINNT\System32\idr3hlpr.exe
O23 - Service: eWorkplace Inventory (Inventory) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
O23 - Service: eWorkplace Log (LogSvc) - TODO: - C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
O23 - Service: NetManage LPD Service (LPD Server) - NetManage, Inc. - C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
O23 - Service: NetManage FTP Server - NetManage, Inc. - C:\Program Files\NETMAN~1\apps\ftpd\ftpd.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAPSprint - SAP AG, Walldorf - C:\Program Files\SAP\SAPSprint\sapsprint.exe
O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe
O23 - Service: eWorkplace Scheduler (Scheduler) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
O23 - Service: Shared Folders Server (SFOLDER) - NetManage. - C:\WINNT\system32\FLRSERV.EXE
O23 - Service: UPnPDevService - Unknown owner - C:\Program Files\Common Files\PnpManager\upnpmngr.exe
I'm using Windows 2000 Professional.
If you can, please help me.
Thanks in Advance,
Paulo.
No sign of System integrity scan wizard, on this PC
The Detective did not like these:
O4 - HKLM\..\RunOnce: [IE5MSI] \"C:\WINNT\system32\IE5MSI.EXE\" /3
(Why the detective caught it: A program running from the Windows\System32 folder. Very few legitimate programs run from this folder.
O4 - Global Startup: VN User Update.lnk = C:\Documents and Settings\qpaujor\Application Data\NetManage\Data\VN User Update.exe
(Why the detective caught it: This program is running from your Application Data folder. Very few legitimate programs run from this folder.
This appears to a work PC, suggest that you contact your IT support.
BG