| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81744 | 2007-08-05 22:51:00 | Virtual Memory exhausted | theother1 (3573) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 576982 | 2007-08-08 22:32:00 | I am getting a Zonealarm warning which says "the firewall has blocked access to 192.168.0.101 (Netbios Session) from your computer [TCP Flags S] and then a second message saying "the firewall has blocked access to your computer (Netbios Session) from 192.168.0.101 [TCP Port 2448] [TCP Flags S]:( Sounds like a problem to me, any thoughts? |
theother1 (3573) | ||
| 576983 | 2007-08-08 23:04:00 | here is the latest Highjackthis log. I can't see any of the problems mentioned before in various posts, but I rely on the experts among you to confirm that. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:32 AM, on 9/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe c:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = red.clientapps.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - www.lizardtech.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - zone.msn.com O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6109 bytes |
theother1 (3573) | ||
| 576984 | 2007-08-09 00:03:00 | I use the free versions of Zonealarm and AVG is nod32 also free? post these questions in the anti-virus debate, and read my posts in there about these products. |
Bozo (8540) | ||
| 576985 | 2007-08-09 02:19:00 | I have just downloaded SpywareBot and have run it on the computer in question it has detected 1380 infected files but wants me to register to clean them. Is this another RegCure type program? What I wanted was Spybot but I got this instead!!!!!!!!!!!!!!!!!!!!!!!!:annoyed: | theother1 (3573) | ||
| 576986 | 2007-08-09 02:23:00 | Don't worry about that - heres (www.safer-networking.org) the correct link for downlaoding spybot s&d | wratterus (105) | ||
| 576987 | 2007-08-09 02:33:00 | Is this another RegCure type program? There are other RegCure programs, like CCleaner (http://www.ccleaner.com/). Do not use Registry Cleaner, like so many other people do. it is buggy and is well known for stuffing your registry up ae |
Bozo (8540) | ||
| 576988 | 2007-08-09 05:01:00 | I have run spybot twice - 84 then 24 infections - cleaned them out and am just running it again to see what was missed the first and second time. Computer seems to be running better every time I start it. Thanks Demonhunter and everyone else for your help. | theother1 (3573) | ||
| 576989 | 2007-08-09 06:44:00 | kewl, glad to hear that it is running faster now. Have you run CCleaner on your pc yet? always helps to fix a few issues. Run both the Cleaner and the Fix Issues until you get no more entries to clear out. Also, it may pay to do a defragment of your hard drive about every 2 -4 weeks as this will help keep things running smoother. The more fragmented your hdd is, the long it takes to locate a file, so naturally slows down the whole pc. Enjoy your faster pc! :lol: |
Bozo (8540) | ||
| 576990 | 2007-08-10 02:08:00 | Yes I have run CC several times and Adaware and Spybot. I am running Adaware (9 issues) now as I am still getting Zonealarm warnings that something on my computer is trying to access the internet. I am not worried about attempted intrusions as they are few and we have an encrypted wireless network (obviously someone has found a way through that or someone in the office is trying to get into my computer:mad: ) what is bugging me is the trojan which is obviously still in my system somewhere. | theother1 (3573) | ||
| 576991 | 2007-08-12 23:27:00 | Thanks for all the good advice I have received to date with this problem. I am now having recurring Zonealarm alerts that something in my computer is trying to make contact with 192.168.0.102, 192.168.0.151 and 192.168.0.185 however when I try to find out where the IP addresses are the information is unavailable. Is there anyway I can find out from where in my computer this is originating and then delete it? |
theother1 (3573) | ||
| 1 2 3 4 5 6 | |||||