C:\Windows\System32\qeshrv.exe?

[Kalinomalino84]

I don't really have a problem, I just wanted to identify the selected object. I've searched on google b ut couldn't find any info. Can someone tell me what it is, and if it's malicious what are the steps for removal?

P.S. - I've scanned my computer in Safe Mode with AVG Free, AVG ANti Spyware, Lavasoft Ad-Aware 2006, and Spy Bot Search and Destry 1.4, and with Windows Malicious Software Removal Tool V1.3. They didn't find anything suspicious.

Thanx

[jholland1964]

First of all, printscreens are not the correct way to request information. We sometimes ask for them yes but when we do it is for examining a specific error or icon or something like that. I believe this has been mentioned to you on other threads you have begun here. Policy has not changed.

You should have posted this using the text entry from HJT.

O23 - Service: QuickEye Harvester Service (geshrv) - Maxapt - C:\WINDOWS\System32\geshrv.exe

Anyway, here is requested information:
QuickEye Harvester Service: software tracking program. The software helps company managers to control their employees' work efficiency. Company can take control of how much time employees are spending on actually working, and how much time they are wasting on secondary tasks. It will show exactly which programs were used, and for how long. I would assume it could also be used by somebody in a home to track computer usage also of members of a household. I don't know.

It is free to try for 15 days but to continue using then it must be purchased for $14.95. Don't know if this is a business or home computer but this did not get on the computer by accident it had to be installed.

[Kalinomalino84]

Thanx for the info about posting, and sorry for my mistake.

I know I didn't install any of such programs, ever. I did, however, established a network trough crossover cable with my friend at my home two days ago, but I know he didn't have the acess to install programs on my computer. And there is no info in Add/Remove about the program. Is it safe to delete, or I should disable it loading from Services? Thanx.

[jholland1964]

It would really help me make a determination if I could see the entire HJT log....NOT a print screen but an actual FULL HJT log. Not just part of it.
I need to see this log as a text file. Save the log as a text file and post it here. If you didn't have a problem then why were you running HJT in the first place?

[Kalinomalino84]

jholland1964 said:
If you didn't have a problem then why were you running HJT in the first place?

As I stated before in my earlier messages, I use HJT from time to time to see if any unknown processes are run on my computer. Now, maybe I've mistaken about its usage but I've never deleted any of the unknown file, I'm just using it purely as an info tool. I've attached the log in the message and I would be grateful if you could tell me which of these processes if any could be malicious, because some things I don't recognize.

Code:

Logfile of HJScan v1.99.1
Scan saved at 3:02:29 AM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
G:\Program Files\TuneUp Utilities 2007\RegistryCleaner.exe
C:\WINDOWS\system32\qeshrv.exe *** Can I safely delete this one?
C:\WINDOWS\system32\wscntfy.exe *** Whats this?
G:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) *** Whats this?
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup *** (1) Can I turn this of from startup and how?
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start  (1) *** Can I turn this of from startup and how?
O4 - HKLM\..\Run: [DiskeeperSystray] "G:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" *** Can I turn this of from startup and how?
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://g:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://g:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://g:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe *** Can I turn this of from startup and how?
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe *** Can I turn this of from startup and how?
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickEye Harvester Service (qeshrv) - Maxapt - C:\WINDOWS\system32\qeshrv.exe *** - I wanted to know could it be deleted
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

(1) I've installed Sensible Soccer 2006 and with it a program was installed, it's
called Update Manager. Now I didn't want this program but now I cannot deinstall it, because it's nowhere to be found in Add/Remove section. It's located on this path C:\Program Files\Common Files\InstallShield\UpdateService. How can I and should I remove it?

I apologize for such a long message but I wanted to fill you in as much as possible so you can help me better. Thanx in advance for you effort.

[Kalinomalino84]

I've forgot the log. Here it is.

[jholland1964]

This tool found here
is supposed to uninstall the Update Manager..2nd choice down.

[Kalinomalino84]

Thanks for the uninstaller but can you tell me something about the other issues I've stated in my message?

Today I've experienced an unusual thing for the first time in my life, my computer, after 10 minutes of work, restarted itself! In the moment of restarting I wasn't doing anything, it justa happend. Can someone give me some explanation why this could have happen? Thanx

[jholland1964]

Too hot possibly. Did you run ALL the steps in this Sticky?

[Kalinomalino84]

I didn't run the ATF cleaner, and online scans. What do you think? Can I delete
C:\WINDOWS\system32\qeshrv.exe? Thnx.