| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81984 | 2007-08-13 03:13:00 | Something lives in my compurter!!!!!! | theother1 (3573) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 580028 | 2007-08-13 03:13:00 | Thanks for all the good advice I have received to date with the problem relating to Virtual Memory in my other thread. I am now having recurring Zonealarm alerts that something in my computer is trying to make contact with IP addresses 192.168.0.102, 192.168.0.151 and 192.168.0.185 however when I try to find out where the IP addresses are the information is unavailable. Not that that is the important part. What is important is - Is there anyway I can find out from where in my computer this is originating and then delete the problem? I have run CCleaner, Spybot, AdAware, running AVG free and Zonealarm free. below is a current HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:25:14 PM, on 13/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - www.lizardtech.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - zone.msn.com O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6063 bytes |
theother1 (3573) | ||
| 580029 | 2007-08-13 03:26:00 | Well, those 192.168 ips look like local ip addresses, which is why u cant find any info for them. Run HJT again tick these entries and tick fix checked. Close browser/s. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll Safe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Since it looks like youre using Wireless have u disabled the onboard LAN, or are you using that as well?? I dont know what this is, something to do with macrovision I think. O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing) |
Speedy Gonzales (78) | ||
| 580030 | 2007-08-13 03:42:00 | Thanks, Speedy, for your speedy reply. I am a little unclear, should I mark all the entries you specify for fixing. or just the first ones. |
theother1 (3573) | ||
| 580031 | 2007-08-13 03:57:00 | All of the entries. Are there 3 PC's wherever you are?? Go to start/run. Type cmd, then type in ipconfig /all Does it show the ips you posted? And are you using the wireless or ethernet? |
Speedy Gonzales (78) | ||
| 580032 | 2007-08-13 04:35:00 | Yes there are more than 3 PC's and the subnet mask and default gateway and dhcp server all have the address 192.168.0.1 what does this mean? we are using wireless. |
theother1 (3573) | ||
| 580033 | 2007-08-13 04:40:00 | Yes there are more than 3 PC's and the subnet mask and default gateway and dhcp server all have the address 192.168.0.1 what does this mean? we are using wireless. You have: IP Address: Sunet: Gateway: 192.169.0.1 I'd say. Which is the router/modem. Turn off Alerts in ZOne Alarm, you only need to worry about whats trying to report back to the net. Like .exes and so on. |
pctek (84) | ||
| 580034 | 2007-08-13 05:04:00 | I'm assuming( I know never assume its the start of all Bulls ups!:rolleyes: ) you have a network with 3 PC's ? If you don't have a network of 3 PC's then check the wireless is secure, the neighbours or someone in range may be using your wireless internet connection. If you do have 3 PC's or network devices- You can turn off the alerts as PCtek said, or go into zone alarm and set the IP to allow connection, the otherr PC's are trying to connect to every PC in the Network (as they should) Open Zone alarm, go to Firewall/zones tab/add/add IP range, then in the top box 192.168.0.1 next box 192.168.0.255 call it what ever you want, click apply and that will allow the whole IP range from the router 1-255 through the firewall, and stop those messages. If the IP range is not set, you will get those mesages as the other PC's are trying to connect. the first IP 192.168.0.1 = 1 is the router Numbers 2 -255 are the available IP's for the PC's. |
wainuitech (129) | ||
| 580035 | 2007-08-13 10:06:00 | Thanks speedy and wainui Yes the network has several computers connecting to it wirelessly. I have turned off the alerts now and I won't worry about it anymore. Speedy I fixed the issues in the HJTLog computer seems to be running pretty well but still seems to freeze at times. I will watch it for a couple of days and report back Thanks again. |
theother1 (3573) | ||
| 580036 | 2007-08-13 10:22:00 | Thanks also to PCtek | theother1 (3573) | ||
| 580037 | 2007-08-13 10:42:00 | Just a side Issue - By turning off the alerts, thats fine, but if the firewall is blocking access from the other PC's on your network then the other PC's also may not be able to talk to one another to share files / folders etc. - Thats if you want sharing of course. | wainuitech (129) | ||
| 1 2 | |||||