Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    1
    Points
    0

    Default System integrity scan wizard

    Hi,

    1) I get this message "Suspicious entries have been found in your log. They might be spyware/malware." in Help2Go Detective.

    2) I ran Panda Activescan, Housecall, HijackThis and I'm still getting the "System integrity scan wizard" popup. I tried to find the exe files in ..\Local Settings\Application Data\ and in C:\WINNT\system32 but I did not found anything suspicious!

    This my log:
    --------------
    Logfile of HijackThis v1.99.1
    Scan saved at 15:58:13, on 17-08-2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ESOE\ELogSrv.exe
    c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
    C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
    C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
    C:\WINNT\system32\FLRSERV.EXE
    C:\Program Files\Common Files\PnpManager\upnpmngr.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ESOE\EDMS\ECIS.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINNT\AGRSMMSG.exe
    C:\WINNT\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ESOE\ECC.exe
    C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
    C:\Program Files\ESOE\EDMS\ECP.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\ORL\VNC\WinVNC.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\msconfig.exe
    C:\Program Files\ESOE\ELaunch.exe
    c:\Program Files\Hewlett-Packard\eWorkplace\eWLaunch.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internal.ericsson.se/iberia
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-proxy.ericsson.se:3132/ac...d_pac_base.pac
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LidPolicy] C:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [NetManageImport] "C:\PROGRA~1\NETMAN~1\setup\nmcpdata.exe" I
    O4 - HKLM\..\Run: [NetManage LaunchNow Init] RunDLL32 C:\Progra~1\NETMAN~1\common\nmgoinn.dll,VerifyStartMenu
    O4 - HKLM\..\Run: [StoreCleanup] RunDLL32 c:\progra~1\NETMAN~1\common\nmconfig.dll,StoreCleanup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [IE5MSI] "C:\WINNT\system32\IE5MSI.EXE" /3
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O4 - Global Startup: Ericsson Corporate Templates check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\eCorpTemplates2003.exe
    O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe
    O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe
    O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe
    O4 - Global Startup: eWorkplace Control Center.lnk = C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
    O4 - Global Startup: UCFUPDATE.lnk = C:\Program Files\UCF\UCFUPDATE.exe
    O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe
    O4 - Global Startup: VN User Update.lnk = C:\Documents and Settings\qpaujor\Application Data\NetManage\Data\VN User Update.exe
    O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
    O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O20 - Winlogon Notify: WinEvents - C:\WINNT\SYSTEM32\WinEvents.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe
    O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe
    O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NetManage NFS Client (InterDrive) Helper (InterDrive) - NetManage, Inc. - C:\WINNT\System32\idr3hlpr.exe
    O23 - Service: eWorkplace Inventory (Inventory) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
    O23 - Service: eWorkplace Log (LogSvc) - TODO: - C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
    O23 - Service: NetManage LPD Service (LPD Server) - NetManage, Inc. - C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
    O23 - Service: NetManage FTP Server - NetManage, Inc. - C:\Program Files\NETMAN~1\apps\ftpd\ftpd.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAPSprint - SAP AG, Walldorf - C:\Program Files\SAP\SAPSprint\sapsprint.exe
    O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe
    O23 - Service: eWorkplace Scheduler (Scheduler) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
    O23 - Service: Shared Folders Server (SFOLDER) - NetManage. - C:\WINNT\system32\FLRSERV.EXE
    O23 - Service: UPnPDevService - Unknown owner - C:\Program Files\Common Files\PnpManager\upnpmngr.exe


    I'm using Windows 2000 Professional.



    If you can, please help me.

    Thanks in Advance,

    Paulo.

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    No sign of System integrity scan wizard, on this PC

    The Detective did not like these:

    O4 - HKLM\..\RunOnce: [IE5MSI] \"C:\WINNT\system32\IE5MSI.EXE\" /3
    (Why the detective caught it: A program running from the Windows\System32 folder. Very few legitimate programs run from this folder.

    O4 - Global Startup: VN User Update.lnk = C:\Documents and Settings\qpaujor\Application Data\NetManage\Data\VN User Update.exe
    (Why the detective caught it: This program is running from your Application Data folder. Very few legitimate programs run from this folder.

    This appears to a work PC, suggest that you contact your IT support.

    BG