Colegg
2008-10-24, 04:38
Just an old guy seeing too many ports accessed by www. 007guard.com & not understanding why. Agnitum Outpost & Nod32 find no problems. Spybot shows no glitches. What can be doing this?
I use a portscanner program on this machine so will post a log from that & will also show hijackthis log made maybe an hour back. Hope these things tell you guys more than it all tells me.
127.0.0.1 is where all activity is happening & this is what bugs me most. But you'll see all that in the posted logs.
Please, can someone help me get this "guard" out of here? XPsp3 on PS4 with one gig memory & all up, two hundred gigs storage. Don't know what else to say. Old machine, I know.
colegg.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:19:17, on 10/24/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Security\Nod32\egui.exe
C:\Tools\JetToolBar\JetTB.exe
C:\Editors\NitroPDFPro\NitroPDFPrinterMonitor.exe
C:\Tools\ProcessExplorer v11.2 Freeware\procexp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Security\Spybot\TeaTimer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Tools\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Tools\Skinny Clock\SkinnyClock.exe
C:\Tools\XP Repair Pro 2007\XPRepairPro.exe
C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\autorunusb.exe
C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
C:\Security\Nod32\ekrn.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Security\WinWasher\WasherSvc.exe
C:\WINDOWS\System32\dllhost.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [egui] "C:\Security\Nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [jetToolBar] C:\Tools\JetToolBar\JetTB.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Editors\NitroPDFPro\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Security\Outpost Fwall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] C:\Security\Outpost Fwall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [Processes] C:\Tools\ProcessExplorer v11.2 Freeware\procexp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Security\Spybot\TeaTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Tools\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SkinnyClock] C:\Tools\Skinny Clock\SkinnyClock.exe
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Tools\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - Startup: autorunusb.exe
O4 - Global Startup: Yahoo! Widgets.lnk = C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Security\Outpost Fwall\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\Spybot\SDHelper.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: c:\security\outpost fwall\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\Security\Outpost Fwall\acs.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Security\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Security\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Security\WinWasher\WasherSvc.exe
--
End of file - 5051 bytes
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
I use a portscanner program on this machine so will post a log from that & will also show hijackthis log made maybe an hour back. Hope these things tell you guys more than it all tells me.
127.0.0.1 is where all activity is happening & this is what bugs me most. But you'll see all that in the posted logs.
Please, can someone help me get this "guard" out of here? XPsp3 on PS4 with one gig memory & all up, two hundred gigs storage. Don't know what else to say. Old machine, I know.
colegg.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:19:17, on 10/24/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Security\Nod32\egui.exe
C:\Tools\JetToolBar\JetTB.exe
C:\Editors\NitroPDFPro\NitroPDFPrinterMonitor.exe
C:\Tools\ProcessExplorer v11.2 Freeware\procexp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Security\Spybot\TeaTimer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Tools\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Tools\Skinny Clock\SkinnyClock.exe
C:\Tools\XP Repair Pro 2007\XPRepairPro.exe
C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\autorunusb.exe
C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
C:\Security\Nod32\ekrn.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Security\WinWasher\WasherSvc.exe
C:\WINDOWS\System32\dllhost.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [egui] "C:\Security\Nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [jetToolBar] C:\Tools\JetToolBar\JetTB.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Editors\NitroPDFPro\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Security\Outpost Fwall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] C:\Security\Outpost Fwall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [Processes] C:\Tools\ProcessExplorer v11.2 Freeware\procexp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Security\Spybot\TeaTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Tools\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SkinnyClock] C:\Tools\Skinny Clock\SkinnyClock.exe
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Tools\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - Startup: autorunusb.exe
O4 - Global Startup: Yahoo! Widgets.lnk = C:\Tools\VistaTransform\Yahoo! Widgets\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Security\Outpost Fwall\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\Spybot\SDHelper.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: c:\security\outpost fwall\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\Security\Outpost Fwall\acs.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Security\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Security\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Security\WinWasher\WasherSvc.exe
--
End of file - 5051 bytes
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)