HighJackThis Log

[AoS810]

Hi, my computer was experiencing wierd crashing. My roommates were playing Fallout 3, and I assume my graphic card (Sapphire HD 3850 Ultimate *passive cooling*) probably overheated. I got one error message, and a blue screen of death. Now, just to be sure that heat was the only issue I booted into safe mode and scanned with Antivir, malwareantibytes, superantispyware and spybot search and destroy. I ran highjackthis and there are some entries that I honestly have no clue whether or not they are safe. I'd greatly appreciate expert opinion on this! Thanks a lot. *also, I really want my computer to be using the least amount of resources possible, so if there's anything that is totally unnecessary in the entries, please enlighten me too! Thanks again.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:13 AM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = D:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

[MadAmos]

You have traces of both mcafee and antivir you should remove one of them completely. I recommend Mcafee be the one removed, they have a removal tool you can download at their site. You will have a lot of issues running two antiVirus products at the same time and antivir is the better choice of the two. I don't see any other obvious problems, but I would download update and run the free version of superantispyware and see what is comes up with.

 

[Sam25]

Originally posted by: MadAmos
You have traces of both mcafee and antivir you should remove one of them completely. I recommend Mcafee be the one removed, they have a removal tool you can download at their site. You will have a lot of issues running two antiVirus products at the same time and antivir is the better choice of the two. I don't see any other obvious problems, but I would download update and run the free version of superantispyware and see what is comes up with.

Yes, absolutely agreed. Running 2 AV's can cause problems on your computer. Other than that the log posted seems to be clean.

 

[AoS810]

Thanks for your input! I forgot to mention that yes, I do have two antivirus products installed; however I only have one of them running, and of course it is antivir! Unfortunately my university requires us to have antivirus software installed.. but it ONLY detects Mcafee.. which from my research is inferior. Thus to get around "CleanAccessAgent's" checking of Mcafee, I just installed Mcafee to its barebones *no real-time scanning, no console etc*, so I only have antivir running in the background. Again, thanks for your input I greatly appreciated both of them.

 

[MadAmos]

In my experience even a not fully enabled second a/v product can and will cause problems. In your case there is enough of Macafee running (see the 023 entries) to defiantly cause at the very least slowing of your system if not outright crashes.