Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Highjackthis - kevlamh


  • This topic is locked This topic is locked
3 replies to this topic

#1 kevlamh

kevlamh

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:Durban, South Africa
  • Local time:06:52 AM

Posted 03 January 2005 - 12:30 PM

Hi all,

Herewith my HJT log. This has been submitted on the recommendation of PHAWGG who thinks that it may help to resolve my problem with installing Symantec' Firewall free.

As a memory jog: whenever I install the FW and everything appears to be ok, I receive a message that the Symantec Firewall "Has encountered a problem and needs to close", this from DR Watson.

I don't know if there is a problem that may arise in my using F-Secure 5.4 Anti-virus

Logfile of HijackThis v1.99.0
Scan saved at 19:13:24, on 2005/01/03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\fswsclds.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\TimeUp\TimeUp.exe
C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xsinet.co.za/
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [TimeUp] C:\Program Files\TimeUp\TimeUp.exe /T
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Star Downloader] C:\Program Files\Star Downloader\stardown.exe
O4 - Startup: Proxomitron.exe.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\FMRMD32.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096824588378
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

As you can see, I have uninstalled Symantec and reverted back to Outpost until I have a resolution. As a matter of interest, there is also a problem with installing ZA Free (latest version) - this time, I also get a message that F-Secure AV has been detected and the installation will be aborted. I have approached Zone Labs in regards this. and am awaiting a reply from them. F-Secure do not ahve a patch for this problem, I have already checked with their support Web Page

Thanks,

Kev' :flowers: :thumbsup:

Edited by kevlamh, 03 January 2005 - 12:33 PM.

Posted Image

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:52 PM

Posted 03 January 2005 - 03:33 PM

I'm checking on details. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:52 PM

Posted 03 January 2005 - 11:22 PM

No indications of problems involving malware are present in your HJT log, kevlamh.
Next step is to check the processes running at this time, for clues to reasons for conflicts.

Results of that research are documented with links to the data sources.
A file is available.

F-Secure is the system your company has chosen for Internet Security. http://www.f-secure.com
Symantec/Norton is a different company. http://www.symantec.com/index.htm

It's reasonable to assume that the exact methods each employ to provide "Internet Security" differ
somewhat and are not necessarily compatible.

Agnitum Outpost provides a free firewall, an element of "Internet Security" also. http://www.agnitum.com/.
It would seem the methods used by it's software present no conflicts with F-Secure.

Sygate does also. http://www.sygate.com/.
Zone Alarm has a free firewall. http://www.zonelabs.com/store/content/home.jsp
Kerio is yet another. http://www.kerio.com/kerio.html.

Trial & error would reveal strenghs and weaknesses in these products when placed in conjunction with F-Secure.

All of the companies claim world leadership in the field.

Several other companies offer more specialized products also aimed at the problems involving security.
Legitimatly so. A firewall does not necessarily stop a downloaded trojan.
A downloaded trojan isn't necessarily going to be identified by an anti-virus software program.
A keylogger or hijacked browser page may not be "seen" by one or more of these programs.

My conclusion is this:
  • Due to the everchanging factors dealt with involving internet security,
    companies are developing new methods and trying them out in their products.
  • Some work, some work for a while, perhaps.
  • Some that might work don't work as well as others.
  • Some that work well may not do so in the presence of other software.
Therefore issues such as yours will come up.
The answer is to understand the situation as well as possible.
To the extent you can or desire to.

I've heard the axiom "If it works, don't fix it".
Some truth to it, but what worked in 2002 may not in 2005.

In your case the F-Secure is in place.
The operating system is Windows XP.
It is fully updated.

Those are your "cornerstones",
and I might add they are fine.
All other software running on your machine should
be of a kind that those allow to run properly.

Edited by phawgg, 04 January 2005 - 12:42 AM.

patiently patrolling, plenty of persisant pests n' problems ...

#4 kevlamh

kevlamh
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:Durban, South Africa
  • Local time:06:52 AM

Posted 04 January 2005 - 12:08 PM

:flowers: :thumbsup: Thanks, phawgg,

I appreciate your effort and feedback. I think that I will stick to what I am using and stop being adventurous.

All the best and every success,

Kev'
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users