I'm going to let it go over night and see if it improves.
Two worms got me [RESOLVED]
#16
Posted 02 October 2005 - 04:00 PM
I'm going to let it go over night and see if it improves.
#17
Posted 02 October 2005 - 06:14 PM
#18
Posted 02 October 2005 - 11:16 PM
Does all this mean anything? I'm downloading Bit Defender now rather quickly, I'll have its log for you in the morning I think.
ZoneAlarm Logging Client v6.0.667.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
OSFW,2005/10/03,00:48:28 -4:00 GMT,UNKNOWN(0),guard,C:\Program Files\ewido\security suite\ewidoguard.exe,FILE,WRITE,SRC,WINDRVDIR\ETC\HOSTS
PE,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:48 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:49:56 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:18 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,00:50:24 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:54:40 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (148.4.108.234:DNS).,N/A,N/A
PE,2005/10/03,00:55:10 -4:00 GMT,guard,85.10.237.9:80,N/A
ACCESS,2005/10/03,00:55:10 -4:00 GMT,guard was unable to obtain permission for connecting to the Internet (85.10.237.9:HTTP); access was denied.,N/A,N/A
FWOUT,2005/10/03,01:00:52 -4:00 GMT,192.168.1.109:1030,148.4.108.234:53,UDP
PE,2005/10/03,01:03:48 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,01:03:48 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
ACCESS,2005/10/03,01:04:12 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.63:Port 161).,N/A,N/A
PE,2005/10/03,01:04:38 -4:00 GMT,guard,207.46.254.126:53,N/A
ACCESS,2005/10/03,01:09:58 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.31:Port 161).,N/A,N/A
FWOUT,2005/10/03,01:10:04 -4:00 GMT,192.168.1.109:1027,192.168.100.31:161,UDP
#19
Posted 03 October 2005 - 04:30 AM
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 03/10/2005 01:48:11
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
Folders : 3885
Files : 313018
Archives : 14809
Packed files : 20424
Identified viruses : 7
Infected files : 19
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 2
Renamed files : 0
I/O errors : 26
Scan time : 03:08:45
Scan speed (files/sec) : 27
Virus definitions : 214593
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/whenusearch/Search.exe Detected: Adware.Whenu.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/whenusearch/Search.exe Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/whenusearch/search.dll Detected: Adware.Whenu.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/save/save.exe Detected: Application.Adware.SaveNow.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/save/save.exe Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/incred~1/bho/incfin~1.dll Infected Trojan.Downloader.KeenValue.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/incred~1/bho/incfin~1.dll Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>Program Files/incredifind/bho/incfindbho.dll Infected Trojan.Downloader.KeenValue.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>apropos_client_loader.exe Detected: Adware.ApropoAd.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip=>apropos_client_loader.exe Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040630071218390.zip Moved
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Infected Trojan.Downloader.Agent.EC
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Detected: Adware.ApropoAd.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Infected Backdoor.Ruledor.C
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Infected Trojan.Downloader.Agent.EC
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Detected: Adware.ApropoAd.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Infected Backdoor.Ruledor.C
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.RB0=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Infected Trojan.Downloader.Agent.EC
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Detected: Adware.ApropoAd.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Infected Backdoor.Ruledor.C
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Infected Trojan.Downloader.Agent.EC
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0003 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Detected: Adware.ApropoAd.A
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0006 Move failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Infected Backdoor.Ruledor.C
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Disinfection failed
C:\RECYCLER\S-1-5-21-1729697498-2501954535-3646181656-1006\Dc2\PestPatrol\Quarantine\20040716093650640.zip=>My Documents/Data/Data/all_files4.exe=>(NSIS o)=>zlib_nsis0007 Move failed
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP233\A0062076.dll.tcf Detected: Adware.Wheaterbug.A
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP233\A0062076.dll.tcf Disinfection failed
C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP233\A0062076.dll.tcf Moved
I'm also posting a new ZA log, in hopes that it is more useful:
ZoneAlarm Logging Client v6.0.667.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
OSFW,2005/10/03,00:48:28 -4:00 GMT,UNKNOWN(0),guard,C:\Program Files\ewido\security suite\ewidoguard.exe,FILE,WRITE,SRC,WINDRVDIR\ETC\HOSTS
PE,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:48 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:49:56 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:18 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,00:50:24 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:54:40 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (148.4.108.234:DNS).,N/A,N/A
PE,2005/10/03,00:55:10 -4:00 GMT,guard,85.10.237.9:80,N/A
ACCESS,2005/10/03,00:55:10 -4:00 GMT,guard was unable to obtain permission for connecting to the Internet (85.10.237.9:HTTP); access was denied.,N/A,N/A
FWOUT,2005/10/03,01:00:52 -4:00 GMT,192.168.1.109:1030,148.4.108.234:53,UDP
PE,2005/10/03,01:03:48 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,01:03:48 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
ACCESS,2005/10/03,01:04:12 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.63:Port 161).,N/A,N/A
PE,2005/10/03,01:04:38 -4:00 GMT,guard,207.46.254.126:53,N/A
ACCESS,2005/10/03,01:09:58 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.31:Port 161).,N/A,N/A
FWOUT,2005/10/03,01:10:04 -4:00 GMT,192.168.1.109:1027,192.168.100.31:161,UDP
OSFW,2005/10/03,01:21:44 -4:00 GMT,UNKNOWN(0),Win32 Cabinet Self-Extractor ,C:\Documents and Settings\Adam44\Desktop\Downloads\bitdefender_free_v8.exe,REGISTRY,SETVALUE,SRC,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE,wextract_cleanup0
PE,2005/10/03,01:29:24 -4:00 GMT,BitDefender Console Scanner,69.44.123.70:53,N/A
PE,2005/10/03,01:44:12 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
PE,2005/10/03,01:44:18 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
PE,2005/10/03,01:45:48 -4:00 GMT,BitDefender Scanner Module,69.44.123.70:53,N/A
PE,2005/10/03,01:46:30 -4:00 GMT,guard,69.44.123.73:53,N/A
OSFW,2005/10/03,01:46:48 -4:00 GMT,UNKNOWN(0),BitDefender Upgrade Replacer,C:\PROGRAM FILES\Softwin\BITDEFENDER8\upgrepl.exe,PROCESS,SPAWNPROCESS,SRC,C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE,fa4682f2-79a1449a-8c33a19e-d0d57b33,4551-9fb832d9-f29fbe72
FWOUT,2005/10/03,03:03:06 -4:00 GMT,192.168.1.109:1080,208.185.174.66:80,TCP (flags:S)
FWOUT,2005/10/03,04:00:12 -4:00 GMT,192.168.1.109:1084,208.185.174.66:80,TCP (flags:S)
FWOUT,2005/10/03,05:02:10 -4:00 GMT,192.168.1.109:1102,208.185.174.66:80,TCP (flags:S)
And last of all, here's another HijackThis log.
ZoneAlarm Logging Client v6.0.667.000
Windows XP-5.1.2600-Service Pack 2-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
OSFW,2005/10/03,00:48:28 -4:00 GMT,UNKNOWN(0),guard,C:\Program Files\ewido\security suite\ewidoguard.exe,FILE,WRITE,SRC,WINDRVDIR\ETC\HOSTS
PE,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:34 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
ACCESS,2005/10/03,00:49:42 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.31:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:49:48 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:49:56 -4:00 GMT,Spooler SubSystem App,192.168.100.31:161,N/A
PE,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:04 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for connecting to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:50:12 -4:00 GMT,Spooler SubSystem App was unable to obtain permission for sending data to the Internet (192.168.100.63:Port 161); access was denied.,N/A,N/A
PE,2005/10/03,00:50:18 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,00:50:24 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
ACCESS,2005/10/03,00:54:40 -4:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (148.4.108.234:DNS).,N/A,N/A
PE,2005/10/03,00:55:10 -4:00 GMT,guard,85.10.237.9:80,N/A
ACCESS,2005/10/03,00:55:10 -4:00 GMT,guard was unable to obtain permission for connecting to the Internet (85.10.237.9:HTTP); access was denied.,N/A,N/A
FWOUT,2005/10/03,01:00:52 -4:00 GMT,192.168.1.109:1030,148.4.108.234:53,UDP
PE,2005/10/03,01:03:48 -4:00 GMT,Spooler SubSystem App,192.168.100.63:161,N/A
PE,2005/10/03,01:03:48 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
ACCESS,2005/10/03,01:04:12 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.63:Port 161).,N/A,N/A
PE,2005/10/03,01:04:38 -4:00 GMT,guard,207.46.254.126:53,N/A
ACCESS,2005/10/03,01:09:58 -4:00 GMT,Spooler SubSystem App was temporarily blocked from connecting to the Internet (192.168.100.31:Port 161).,N/A,N/A
FWOUT,2005/10/03,01:10:04 -4:00 GMT,192.168.1.109:1027,192.168.100.31:161,UDP
OSFW,2005/10/03,01:21:44 -4:00 GMT,UNKNOWN(0),Win32 Cabinet Self-Extractor ,C:\Documents and Settings\Adam44\Desktop\Downloads\bitdefender_free_v8.exe,REGISTRY,SETVALUE,SRC,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE,wextract_cleanup0
PE,2005/10/03,01:29:24 -4:00 GMT,BitDefender Console Scanner,69.44.123.70:53,N/A
PE,2005/10/03,01:44:12 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
PE,2005/10/03,01:44:18 -4:00 GMT,LEXPPS.EXE,0.0.0.0:1025,N/A
PE,2005/10/03,01:45:48 -4:00 GMT,BitDefender Scanner Module,69.44.123.70:53,N/A
PE,2005/10/03,01:46:30 -4:00 GMT,guard,69.44.123.73:53,N/A
OSFW,2005/10/03,01:46:48 -4:00 GMT,UNKNOWN(0),BitDefender Upgrade Replacer,C:\PROGRAM FILES\Softwin\BITDEFENDER8\upgrepl.exe,PROCESS,SPAWNPROCESS,SRC,C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE,fa4682f2-79a1449a-8c33a19e-d0d57b33,4551-9fb832d9-f29fbe72
FWOUT,2005/10/03,03:03:06 -4:00 GMT,192.168.1.109:1080,208.185.174.66:80,TCP (flags:S)
FWOUT,2005/10/03,04:00:12 -4:00 GMT,192.168.1.109:1084,208.185.174.66:80,TCP (flags:S)
FWOUT,2005/10/03,05:02:10 -4:00 GMT,192.168.1.109:1102,208.185.174.66:80,TCP (flags:S)
thanks so luch for your help -- do you see anything suspicious?
#20
Posted 03 October 2005 - 07:27 AM
It's listed as a "running process" here.
Logfile of HijackThis v1.99.1
Scan saved at 9:25:09 AM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
#21
Posted 03 October 2005 - 10:55 AM
Just keeping the updates coming. Post when you have a chance - thanks for your help.
New Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:38 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Adam44\Desktop\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.scservers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: SysTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: DigiChat Applet - http://host7.digicha...s/Client_IE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127657371398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
#22
Posted 03 October 2005 - 03:10 PM
This is a legitimate process that is associated with your printer. You should allow it.So now every time my computer turns on it tells me that LEXPPS.EXE is trying to act as a server. Is that as bad as it sounds?
I'm a little confused by this because Zone Alarm is just a firewall. Do you mean AVG?ZoneAlarm just did an automatic scan - found PartyPoker and quarantined it.
You can fix these lines with Hijackthis.
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - (no file)
Delete this folder.
C:\Program Files\PartyPoker
Everything that Bit Defender found was old. No active infections.
Please download and install Cleanup 4.0
Now run CleanUp
IMPORTANT!
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp
Running CleanUp
- Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
- When CleanUp starts go to the Options button (right side of CleanUp screen)
- Move the arrow down to "Custom CleanUp!"
- Now place a checkmark next to the following (Make sure nothing else is checked!):
- Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea - Empty Recycle Bins
- Delete Prefetch files
- Cleanup! All Users
- Delete Cookies
- Click OK
- Then click on the CleanUp button. This will take a short while, let it do its thing.
- When asked to reboot system select Yes
- Close CleanUp
Let me know how things are working now.
#23
Posted 03 October 2005 - 04:52 PM
I didn't mistake ZoneAlarm for AVG -- when I downloaded ZA it convinced me to do a 15-day trial of ZoneAlarm Pro, which apparently sometimes scans my computer on its whim.
Everything seems to be going great -- is that because I got rid of Party Poker? Why was my computer so hung up before?
I'm afraid to mark this resolved because everything will go bonkers again.
#24
Posted 03 October 2005 - 07:31 PM
It should. But you may have to to uninstall any software that was installed with it also.Glad to know the reign of terror from LEXPPS was actually just a printer. PS - I have a Konica, an Epson, and an HP printer, no Lexmark. (It's installed, but I don't remember why.) If I delete this printer from my Control Panel list of installed printers, will LEXPPS stop benignly becoming a server?
Delete these three files that are associated with Lexmark. They may not be present after you remove the printer.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\lxamsp32.exe
And this folder:
C:\Program Files\LexmarkX63
Gotcha! That makes sense.I didn't mistake ZoneAlarm for AVG -- when I downloaded ZA it convinced me to do a 15-day trial of ZoneAlarm Pro, which apparently sometimes scans my computer on its whim.
Party Poker is usually not a problem. In fact, I often will leave it alone unless someone mentions it.Everything seems to be going great -- is that because I got rid of Party Poker? Why was my computer so hung up before?
I'm afraid to mark this resolved because everything will go bonkers again. lookaround.gif
At this point it would be a good idea to uninstall Bit Defender since you have AVG running.
I'll keep this thread open for a few weeks just in case you start having problems again.
#25
Posted 17 October 2005 - 05:51 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users