Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Two worms got me [RESOLVED]

Started by elirarey , Sep 25 2005 05:00 PM

  • This topic is locked This topic is locked

#1
elirarey
Posted 25 September 2005 - 05:00 PM

elirarey

    Member

  • Member
  • PipPip
  • 16 posts
I scanned wuth Ad-Aware and was notified of Win32-Worm.Alcan.a, but even after I had supposedly quarantined it, every time I ran Ad-Aware it would find the same worm. (This is still true.) I then found your site and went through the steps on your Start Here page. Every program claimed to find some SpyWare or viruses, and most claimed to clean them as well. Only in the last steps - Panda ActiveScan and Trend Housecall - did both programs find viruses and Spyware that thery could not clean. Housecall gave an error message "Clean failed on WORM.MUGLY.I" and Panda counted 3 viruses and 20 Spyware but only disinfected 2 of the viruses and none of the Spyware after an 8-hour :tazz: online scan. I am currently using AVG as my virus protection, though the computer may have become infected when I temporarily and ill-advisedly :) uninstalled this software.

My computer is now running very slowly, with jittery audio playback of CDs and even the welcome chime when Windows boots up sounds fragmented. Ad-Aware no longer, however, finds the Alcan.a worm, but I don't believe my computer is really cleaned up.

:)

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:35 PM, on 9/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



Please help. :)
  • 0

Advertisements

#2
Buckeye_Sam
Posted 29 September 2005 - 05:02 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
elirarey
Posted 29 September 2005 - 05:19 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:tazz: Here's another one. I don't knwo how much has changed since last time -- still the computer is very slow and the problems are intermittent. AUdio playback is the most obvious symptom.



Logfile of HijackThis v1.99.1
Scan saved at 7:17:56 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#4
Buckeye_Sam
Posted 30 September 2005 - 06:26 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
For more info on how to show hidden files click here.



Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\Program Files\winupdates


Reboot your computer to go back to normal mode and post a new log.
  • 0

#5
elirarey
Posted 30 September 2005 - 07:05 AM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
There was no winupdates when I restarted in Safe Mode -- though those two fixed HijackThis lines are gone for good.

Unfortunately I think my computer is just as slow as before -- if not slower? :tazz: What else could be wrong?

Logfile of HijackThis v1.99.1
Scan saved at 9:01:19 AM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#6
Buckeye_Sam
Posted 30 September 2005 - 07:52 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
There's nothing else that shows up in your log, but you did say that Panda found some spyware that it didn't remove. You don't happen to have the log saved from that scan do you? It would be helpful to know what those files were.

We can thin out your startup programs.
Here are some optional fixes you can make with Hijackthis. They are not malware. These are programs that run automatically at startup. They are not necessary to be run at every startup and hog your computer's resources. Fixing these will improve boot up time and performance.

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


Additionally, since you have Ewido running, I would uninstall Trojan Hunter.


Please download the trial version of WebRoot SpySweeper
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#7
elirarey
Posted 30 September 2005 - 12:04 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
My computer is much faster now! :tazz:

SpySweeper nixed some leftover cookies but found no actual spyware. Now I'm going to get Firefox to make sure this NEVER HAPPENS AGAIN.


********
1:26 PM: |··· Start of Session, Friday, September 30, 2005 ···|
1:26 PM: Spy Sweeper started
1:26 PM: Sweep initiated using definitions version 546
1:26 PM: Starting Memory Sweep
1:37 PM: Memory Sweep Complete, Elapsed Time: 00:11:09
1:37 PM: Starting Registry Sweep
1:38 PM: Registry Sweep Complete, Elapsed Time:00:00:26
1:38 PM: Starting Cookie Sweep
1:38 PM: Found Spy Cookie: 2o7.net cookie
1:38 PM: adam44@2o7[1].txt (ID = 1957)
1:38 PM: Found Spy Cookie: yieldmanager cookie
1:38 PM: [email protected][2].txt (ID = 3751)
1:38 PM: Found Spy Cookie: adknowledge cookie
1:38 PM: adam44@adknowledge[1].txt (ID = 2072)
1:38 PM: Found Spy Cookie: addynamix cookie
1:38 PM: [email protected][2].txt (ID = 2062)
1:38 PM: Found Spy Cookie: pointroll cookie
1:38 PM: [email protected][1].txt (ID = 3148)
1:38 PM: Found Spy Cookie: falkag cookie
1:38 PM: [email protected][1].txt (ID = 2650)
1:38 PM: Found Spy Cookie: ask cookie
1:38 PM: adam44@ask[1].txt (ID = 2245)
1:38 PM: Found Spy Cookie: atwola cookie
1:38 PM: adam44@atwola[1].txt (ID = 2255)
1:38 PM: Found Spy Cookie: bannerspace cookie
1:38 PM: adam44@bannerspace[2].txt (ID = 2284)
1:38 PM: Found Spy Cookie: belnk cookie
1:38 PM: adam44@belnk[1].txt (ID = 2292)
1:38 PM: Found Spy Cookie: bluestreak cookie
1:38 PM: adam44@bluestreak[1].txt (ID = 2314)
1:38 PM: Found Spy Cookie: com.com cookie
1:38 PM: adam44@com[2].txt (ID = 2445)
1:38 PM: [email protected][2].txt (ID = 2293)
1:38 PM: Found Spy Cookie: ru4 cookie
1:38 PM: [email protected][1].txt (ID = 3269)
1:38 PM: Found Spy Cookie: maxserving cookie
1:38 PM: adam44@maxserving[1].txt (ID = 2966)
1:38 PM: [email protected][2].txt (ID = 1958)
1:38 PM: Found Spy Cookie: questionmarket cookie
1:38 PM: adam44@questionmarket[1].txt (ID = 3217)
1:38 PM: Found Spy Cookie: tribalfusion cookie
1:38 PM: adam44@tribalfusion[1].txt (ID = 3589)
1:38 PM: Found Spy Cookie: adserver cookie
1:38 PM: [email protected][1].txt (ID = 2142)
1:38 PM: Found Spy Cookie: zedo cookie
1:38 PM: adam44@zedo[1].txt (ID = 3762)
1:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
1:38 PM: Starting File Sweep
1:38 PM: Warning: Failed to read ADS-MFT entry 60336
1:39 PM: Warning: Failed to read ADS-MFT entry 59607
1:39 PM: Warning: Failed to read ADS-MFT entry 59616
1:39 PM: Warning: Failed to read ADS-MFT entry 59609
1:39 PM: Warning: Failed to read ADS-MFT entry 59612
1:39 PM: Warning: Failed to read ADS-MFT entry 59613
1:39 PM: Warning: Failed to read ADS-MFT entry 59614
1:39 PM: Warning: Failed to read ADS-MFT entry 59615
1:39 PM: Warning: Failed to read ADS-MFT entry 59617
1:39 PM: Warning: Failed to read ADS-MFT entry 59618
1:39 PM: File Sweep Complete, Elapsed Time: 00:01:14
1:39 PM: Full Sweep has completed. Elapsed time 00:13:05
1:39 PM: Traces Found: 20
1:56 PM: Removal process initiated
1:57 PM: Quarantining All Traces: 2o7.net cookie
1:57 PM: Quarantining All Traces: yieldmanager cookie
1:57 PM: Quarantining All Traces: adknowledge cookie
1:57 PM: Quarantining All Traces: addynamix cookie
1:57 PM: Quarantining All Traces: pointroll cookie
1:57 PM: Quarantining All Traces: falkag cookie
1:57 PM: Quarantining All Traces: ask cookie
1:57 PM: Quarantining All Traces: atwola cookie
1:57 PM: Quarantining All Traces: bannerspace cookie
1:57 PM: Quarantining All Traces: belnk cookie
1:57 PM: Quarantining All Traces: bluestreak cookie
1:57 PM: Quarantining All Traces: com.com cookie
1:57 PM: Quarantining All Traces: ru4 cookie
1:57 PM: Quarantining All Traces: maxserving cookie
1:57 PM: Quarantining All Traces: questionmarket cookie
1:57 PM: Quarantining All Traces: tribalfusion cookie
1:57 PM: Quarantining All Traces: adserver cookie
1:57 PM: Quarantining All Traces: zedo cookie
1:57 PM: Removal process completed. Elapsed time 00:00:23
********
1:01 PM: |··· Start of Session, Friday, September 30, 2005 ···|
1:01 PM: Spy Sweeper started
1:25 PM: Updating spyware definitions
1:25 PM: Your spyware definitions have been updated.
1:26 PM: Only Sweep Folders Where Threats Are Known to Reside
1:26 PM: |··· End of Session, Friday, September 30, 2005 ···|


What are all those WARNINGs about? Should I be concerned?
  • 0

#8
Buckeye_Sam
Posted 30 September 2005 - 07:59 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

What are all those WARNINGs about? Should I be concerned?

To be honest with you I'm not sure. I haven't seen those error before in a log from Spysweeper. But it didn't seem to find anything other than cookies and as long as everything is working well for you I don't think they're anything to worry about.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0

#9
elirarey
Posted 01 October 2005 - 08:49 AM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm in trouble again. :tazz: Back to the same old problems. And now my network is running very slowly as well. I'm using Firefox now, which at first was much faster, but now almost doesn't work. Once I had to restart my computer because it was running so slowly that the mouse cursor could barely move. All these problems are somewhat intermittent.

I'm going to look into the links you specified for anything I'm not doing. But I have a few questions.

If I am using AVG, do I alos need ewido? Or should I choose one? Is AVG acceptable protection?

If I have antivirus software is that the same as Windows Firewall? Windows Security Options? I know that having more than one antivirus option is worse than having just one, but I'm not sure where one option begins and the other ends.
  • 0

#10
elirarey
Posted 01 October 2005 - 03:37 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ran TrendMicro Housecall and found two infected files -- uncleanable.

TROJ STARTPAGE.A in C:\RECYCLER\S-1-5-21-17296...
TROJ STARTPAGE.A in C:\RECYCLER\S-1-5-21-17296...

I deleted them both.

Am I doing something wrong that I get infected again so quickly?

I'm trying Panda ActiveScan next, though last time it took 8 hours.
  • 0

Advertisements

#11
Buckeye_Sam
Posted 01 October 2005 - 04:45 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

If I am using AVG, do I alos need ewido? Or should I choose one? Is AVG acceptable protection?

AVG is a very good antivirus program. Ewido is not a true antivirus program, it also finds adware and spyware. It's ok to run them both.

If I have antivirus software is that the same as Windows Firewall? Windows Security Options? I know that having more than one antivirus option is worse than having just one, but I'm not sure where one option begins and the other ends.

A firewall is much different than an antivirus. Think of it this way. A firewall is like a good alarm system on your house. It will go off if someone tries to get in. An antivirus is like having an armed guard in your house. If someone does get in they will be terminated. :tazz:


Don't worry about the two files in your recycle bin. They shouldn't be causing you any trouble. Can you post a new hijackthis log and I'll look it over while you are running Panda. Make sure to save the report from Panda and post it here once the scan is done. There should be some important info there.
  • 0

#12
elirarey
Posted 01 October 2005 - 07:23 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
So RECYCLER is my Recycle Bin! I wasn't sure.

Here is the Panda ActiveScan report. I'll run HijackThis now.

Also: when I try to run CWShredder or WinSockFix I get an error message that it is "not a valid Win32 application." What do these programs do? Do I need them?


Incident Status Location

Adware:adware/block-checker No disinfected Windows Registry
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\desktop files\Downloads\aaw6.exe
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\desktop files\Downloads\cute4032.exe
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\desktop files\Downloads\pcdj.exe
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\My Deliveries\cnet\aadcb_setup.exe
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\My Deliveries\cnet\WinMPG_VideoConvert\WinMPG_VideoConvert_Setup.EXE
Possible Virus. No disinfected C:\Documents and Settings\Adam44\My Documents\My Deliveries\cnet\WinMPG_VideoConvert.zip[WinMPG_VideoConvert_Setup.EXE]
Possible Virus. No disinfected C:\I386\ACSPECFC.DL_[acspecfc.dll]
Possible Virus. No disinfected C:\I386\CMMON32.EX_[cmmon32.exe]
Possible Virus. No disinfected C:\I386\DRIVER.CAB[el656se5.sys]
Possible Virus. No disinfected C:\I386\DRIVER.CAB[sonync.sys]
Possible Virus. No disinfected C:\I386\DRIVER.CAB[sonypi.sys]
Possible Virus. No disinfected C:\I386\DRIVER.CAB[xrxftplt.exe]
Possible Virus. No disinfected C:\I386\FP40EXT.CAB[fp4Areg.dll]
Possible Virus. No disinfected C:\I386\GRPCONV.EX_[grpconv.exe]
Possible Virus. No disinfected C:\I386\INETCFG.DL_[inetcfg.dll]
Possible Virus. No disinfected C:\I386\LIGHTS.EX_[lights.exe]
Possible Virus. No disinfected C:\I386\MANAGER.CAB[mwcpyrt.exe]
Possible Virus. No disinfected C:\I386\MODEM.CAB[mwmpw32.dll]
Possible Virus. No disinfected C:\I386\MSGR3EN.DL_[msgr3en.dll]
Possible Virus. No disinfected C:\I386\MSNMIGR.DL_[msnmigr.dll]
Possible Virus. No disinfected C:\I386\NMAS.DL_[nmas.dll]
Possible Virus. No disinfected C:\I386\RASSER.DL_[rasser.dll]
Possible Virus. No disinfected C:\I386\REGEDIT.EXE
Possible Virus. No disinfected C:\I386\SYSPARSE.EXE
Possible Virus. No disinfected C:\I386\TSHOOT.DL_[tshoot.dll]
Possible Virus. No disinfected C:\I386\UNREGMP2.EX_[unregmp2.exe]
Possible Virus. No disinfected C:\I386\WIASF.AX_[wiasf.ax]
Possible Virus. No disinfected C:\I386\WINNT32.EXE
Possible Virus. No disinfected C:\I386\WINNTUPG\NETUPGRD.DLL
Possible Virus. No disinfected C:\Program Files\Adobe\Acrobat 6.0\Esl\AiodLite.dll
Possible Virus. No disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\Ace.dll
Possible Virus. No disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Accessibility.api
Possible Virus. No disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\ImageViewer\ImageViewer.API
Possible Virus. No disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\printme.api
Possible Virus. No disinfected C:\Program Files\Adobe\Photoshop 7.0\ACE.dll
Possible Virus. No disinfected C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\Adobe Acrobat - Reader 6.0.2 Update.msi[unk_0045]
Possible Virus. No disinfected C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\Adobe Acrobat - Reader 6.0.2 Update.msi[unk_0046]
Possible Virus. No disinfected C:\Program Files\Common Files\csshare\csunins.exe
Possible Virus. No disinfected C:\Program Files\Common Files\csshare\csunins_us.exe
Possible Virus. No disinfected C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
Possible Virus. No disinfected C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[java.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[javaw.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[javaws.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[keytool.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[kinit.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[klist.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[ktab.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[orbd.exe]
Possible Virus. No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[pack200.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[policytool.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[rmid.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[rmiregistry.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[servertool.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[tnameserv.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip[unpack200.exe]
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_03.b07\zipper.exe
No disinfected C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_04.b05\zipper.exe
No disinfected C:\Program Files\Common Files\Microsoft Shared\TextConv\wkcvqr01.dll
No disinfected C:\Program Files\Common Files\Microsoft Shared\TextConv\wkcvqrtf.dll
No disinfected C:\Program Files\Common Files\Microsoft Shared\TextConv\WRD6ER32.CNV
No disinfected C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll
No disinfected C:\Program Files\Common Files\Real\Update_OB\~Upg0\weatherapp\The_Weather_Channel_Application.exe
No disinfected C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\DiscReaderCom.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\DVDRipper.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\MPEGUtils.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWAV.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\TIFFLoader3.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\VWHelpService7.exe
No disinfected C:\Program Files\Common Files\Roxio Shared\SharedCOM\VW_Resources\HomeEng6.dll
No disinfected C:\Program Files\Common Files\Roxio Shared\System\DirectCD.exe
No disinfected C:\Program Files\COMPAQ\Easy Access Button Support\CPQREC.dll
No disinfected C:\Program Files\COMPAQ\Easy Access Button Support\KillBezel.exe
No disinfected C:\Program Files\COMPAQ\Works6.0\Common\MSShared\Textconv\wkcvqr01.dll
No disinfected C:\Program Files\COMPAQ\Works6.0\Common\MSShared\Textconv\wkcvqrtf.dll
No disinfected C:\Program Files\COMPAQ\Works6.0\Common\MSShared\Textconv\WRD6ER32.CNV
No disinfected C:\Program Files\COMPAQ\Works6.0\PFiles\MSWorks\Artgalry\CAG.EXE
No disinfected C:\Program Files\COMPAQ\Works6.0\PFiles\MSWorks\WkMerge.dll
No disinfected C:\Program Files\COMPAQ\Works6.0\PFiles\MSWorks\wksab.exe
No disinfected C:\Program Files\COMPAQ\Works6.0\PFiles\MSWorks\wkwpqrtf.dll
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\icw.cab[INETCFG.dll]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\icwcon.cab[icwconn1.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\icwcon.cab[icwutil.dll]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\jaaime.cab[internat.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\koaime.cab[internat.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\mdac_ie5.cab[msador15.dll]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\mdac_ie5.cab[msadrh15.dll]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\mplayer2.cab[logagent.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\nm30.cab[nmas.w95]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\nm30.cab[nmas.nt]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\scaime.cab[internat.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\setupnt.CAB[grpconv.exe]
No disinfected C:\Program Files\COMPAQ\Works6.0\Redist\IE5\tcaime.cab[internat.exe]
No disinfected C:\Program Files\CompuServe 2000\sndinst.dll
No disinfected C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
No disinfected C:\Program Files\EarthLink TotalAccess\FastLane\IPDNS32.exe
No disinfected C:\Program Files\EarthLink TotalAccess\PnEL_UI.dll
No disinfected C:\Program Files\EarthLink TotalAccess\PnMsgBlk.dll
No disinfected C:\Program Files\ewido\security suite\archive.dll
No disinfected C:\Program Files\Grisoft\AVG Free\avgmail.dll
No disinfected C:\Program Files\InstallShield Installation Information\{36E144A1-2757-11D4-8D88-00902799E3BF}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{7FDB8D20-1C51-11D3-9D4B-00805F1A8BB9}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{816D97C9-1F0D-4A85-962E-BBF0466104F0}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{81C49BBF-3F11-4475-A175-0444910B53D4}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{B043A99F-930B-461E-8A62-BA5097C4D5FE}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{C1A9EFC0-1C2E-11D4-892F-0008C73FDA66}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{D76E927F-E292-434B-9661-3858F5D7BF63}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{DB2747AC-1BA6-4130-93FF-EB1CC617393D}\data1.cab[ctor.dll]
No disinfected C:\Program Files\InstallShield Installation Information\{F405B9DD-5646-43B3-ABCC-EC87979D8FA1}\data1.cab[ctor.dll]
No disinfected C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\java.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\javaw.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\javaws.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\keytool.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\kinit.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\klist.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\ktab.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\orbd.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\pack200.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\policytool.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\rmid.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\rmiregistry.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\servertool.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\tnameserv.exe
No disinfected C:\Program Files\Java\jre1.5.0_03\bin\unpack200.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\java.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\javaws.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\keytool.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\kinit.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\klist.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\ktab.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\orbd.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\pack200.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\policytool.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\rmid.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\rmiregistry.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\servertool.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\tnameserv.exe
No disinfected C:\Program Files\Java\jre1.5.0_04\bin\unpack200.exe
No disinfected C:\Program Files\LexmarkX63\PDFAPI.dll
No disinfected C:\Program Files\LexmarkX63\Sprint\2OCR.EXE
No disinfected C:\Program Files\LexmarkX63\Sprint\LCSPELL.DLL
No disinfected C:\Program Files\LexmarkX63\Sprint\STEDW.EXE
No disinfected C:\Program Files\Microsoft Works\WkMerge.dll
No disinfected C:\Program Files\Microsoft Works\wksab.exe
No disinfected C:\Program Files\Microsoft Works\wkwpqrtf.dll
No disinfected C:\Program Files\Mozilla Firefox\xpcom_compat.dll
No disinfected C:\Program Files\MSN\MSNCoreFiles\MIGRATE.DLL
No disinfected C:\Program Files\NetMeeting\callcont.dll
No disinfected C:\Program Files\NetMeeting\nmas.dll
No disinfected C:\Program Files\NetMeeting\nmft.dll
No disinfected C:\Program Files\OpenOffice.org1.1.4\program\fps.dll
No disinfected C:\Program Files\OpenOffice.org1.1.4\program\OOoVirgTray.exe
No disinfected C:\Program Files\OpenOffice.org1.1.4\program\setup.exe
No disinfected C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
No disinfected C:\Program Files\OpenOffice.org1.1.4\program\tl645mi.dll
No disinfected C:\Program Files\Real\RealPlayer\plugins\teamp3.dll
No disinfected C:\Program Files\Real\RealPlayer\realjbox.exe
No disinfected C:\Program Files\Real\RealPlayer\rphelperapp.exe
No disinfected C:\Program Files\Real\RealPlayer\rpplugins\rjbc3260.dll
No disinfected C:\Program Files\Real\RealPlayer\rpplugins\rpds3260.dll
No disinfected C:\Program Files\Real\RealPlayer\rpplugins\rpmn3260.dll
No disinfected C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMgr.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Adobe\Illustrator 8.0\Plug-ins\Text File Formats\AFUFileFormat.aip
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Aladdin Systems\StuffIt\foundation.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\AT&T\WNS\Programs\Fixit.exe
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\AT&T\WNS\Programs\strthelp.exe
Renamed C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Microsoft Shared\GrphFlt\DRWIMP32.FLT
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Microsoft Shared\GrphFlt\DXFIMP32.FLT
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\CreatorAPI\CDMP3.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\CreatorAPI\Creator.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\ImageDeviceProtocolHandler.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\MemoryProtocolHandler.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\MGIExtendedControls.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\MGIHelperAxControls.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\MGISaveOptions.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\ResourceProtocolHandler.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\SkinProtocolHandler.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\StorageProtocolHandler.dll
No disinfected C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\Common Files\Roxio Shared\SharedCom\SupportWIA.dll
No disinfected
  • 0

#13
elirarey
Posted 01 October 2005 - 07:34 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the HijackThis Log. I am looking into the firewall programs recommended by the bleepingcomputer article.


Logfile of HijackThis v1.99.1
Scan saved at 9:33:21 PM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
  • 0

#14
elirarey
Posted 01 October 2005 - 07:48 PM

elirarey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
So I looked at my Windows XP Security options and I already have the firewall turned on, I didn't even realize it! I've downloaded Outpost Free Version, but it warns not to use it at the same time as another firewall. Is Windows XP Firewall good enough? How do I know that it is protecting me? (It hasn't done a very good job so far.)

Here is Windows' description of the difference between antivirus and firewall:

A firewall is different from antivirus software, but the two of them work together to help protect your computer. You might say that a firewall guards the windows and doors against strangers or unwanted programs trying to get in, while an antivirus program protects against viruses or other security threats that can try to sneak in through the front door.

:tazz: This house-metaphor is no joke!
  • 0

#15
Buckeye_Sam
Posted 02 October 2005 - 12:41 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I actually recommend Zone Alarm as an excellent firewall. You can get the free version from here.

http://www.zonelabs....reeDownload.jsp

Once you install Zone Alarm, Windows firewall should turn itself off.


I'm concerned about the results from the Panda scan. They are...unusual.

Please download and install Bit Defender free version. Once installed please follow the prompts to download all updates and then run a complete scan. When the scan is done please post the log here in your next reply.

http://www.bitdefend...ee-Edition.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP