dpserial.exe & dll

Discussion in 'adware, spyware & hijack cleaning' started by Sophie, Jun 3, 2004.

Thread Status:
Not open for further replies.
  1. Sophie

    Sophie Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    5
    Starting today, my Zone Alarm is popping up with "dpserial.exe is trying to access the internet. Do you wish to allow this?" According to my system, I've had this dpserial.exe and also dpserial.dll since I've had the computer. What are they and why all of the sudden is Zone Alarm noticing them? I can't find any info on google, so I came here. Also, when I run Hijack This! It shows them on my scan, but I don't think it ever showed them before in previous scans. Worry or not?
     
  2. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Hello Sophie !

    Would you like to show us your complete hijackthis log ?

    With Thanks !
    Newkid !
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please copy these files and zip them and send to submit@thespykiller.co.uk with a short note referring to this thread
    dpserial.exe and also dpserial.dll
    I'll check them out and see how bad they are
     
  4. Sophie

    Sophie Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    5
    Ah! I ran "Ad Aware" in preparation for a new hijack log and lo and behold!!! Inside my dpserial folder was the malware "gloggle.shing" which I then deleted. Should have done that in the first place. Stupid malwares... Thank you anyway! Problem solved for now. But just in case there is something else lurking... here is my new log:



    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
    C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
    C:\WINNT\system32\atiptaxx.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\FotoNation\EvLstnr.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r3.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r3.attbi.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [PNSetup] C:\Program Files\PopNot\PNSetup.exe
    O4 - HKLM\..\Run: [PopNot] C:\Program Files\PopNot\PopNot.exe auto
    O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Allow Site's Pop-&ups - file://C:\Program Files\PopNot\trustsite.script
    O8 - Extra context menu item: Always &Kill this Pop-up - file://C:\Program Files\PopNot\blocksite.script
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: CuteShield Internet Eraser (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37908.9341087963
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    The log is clean. Did you send the files to dvk01 as he requested?

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.