alot of internet access attempts

koolkid12349 · May 25, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2008-05-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5857 bytes

koolkid12349 · May 25, 2008

ComboFix 08-05-25.3 - Owner 2008-05-25 16:49:43.24 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.667 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

2008-05-25 16:41 . 2008-05-25 16:46 <DIR> d-------- C:\Program Files\uTorrent
2008-05-25 16:41 . 2008-05-25 16:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-24 23:44 . 2008-05-24 23:44 460,020 --a------ C:\picture061.jpg
2008-05-24 23:44 . 2008-05-24 23:44 452,787 --a------ C:\picture060.jpg
2008-05-23 14:30 . 2008-05-23 14:30 176,865 --a------ C:\picture059.jpg
2008-05-23 14:30 . 2008-05-23 14:30 176,824 --a------ C:\picture058.jpg
2008-05-22 20:05 . 2008-05-22 20:05 <DIR> d-------- C:\Program Files\7-Zip
2008-05-20 23:15 . 2008-05-20 23:15 376,787 --a------ C:\picture057.jpg
2008-05-18 22:15 . 2008-05-18 22:15 379,722 --a------ C:\picture056.jpg
2008-05-18 22:13 . 2008-05-18 22:13 380,120 --a------ C:\picture054.jpg
2008-05-18 22:13 . 2008-05-18 22:13 375,914 --a------ C:\picture055.jpg
2008-05-18 21:53 . 2008-05-18 21:53 27,433 --a------ C:\deer.jpg
2008-05-17 23:45 . 2008-05-17 23:45 363,096 --a------ C:\picture053.jpg
2008-05-17 20:32 . 2008-05-17 20:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-05-15 21:45 . 2008-05-15 21:45 487,285 --a------ C:\picture051.jpg
2008-05-15 21:45 . 2008-05-15 21:45 484,815 --a------ C:\picture052.jpg
2008-05-13 23:04 . 2008-05-13 23:04 <DIR> d-------- C:\Documents and Settings\test - nick\Application Data\teamspeak2
2008-05-13 22:59 . 2008-05-13 22:59 <DIR> d-------- C:\Documents and Settings\test - nick\Application Data\AVG7
2008-05-13 22:58 . 2008-05-13 22:58 <DIR> d-------- C:\Documents and Settings\test - nick
2008-05-08 22:50 . 2008-05-25 16:05 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\AVG7
2008-05-07 23:22 . 2008-05-07 23:23 36 --a------ C:\New Text Document.bat
2008-05-04 22:09 . 2008-05-04 22:09 420,268 --a------ C:\picture050.jpg
2008-05-04 22:06 . 2008-05-04 22:06 414,481 --a------ C:\picture049.jpg
2008-05-01 22:53 . 2008-05-01 22:53 514,077 --a------ C:\picture048.jpg
2008-05-01 21:29 . 2008-05-01 21:29 471,764 --a------ C:\picture047.jpg
2008-05-01 20:48 . 2008-05-01 20:48 417,940 --a------ C:\picture046.jpg
2008-05-01 20:39 . 2008-05-01 20:39 339,992 --a------ C:\picture045.jpg
2008-04-29 19:54 . 2008-04-29 19:54 498,685 --a------ C:\picture044.jpg
2008-04-28 18:28 . 2008-04-28 18:28 487,498 --a------ C:\picture043.jpg
2008-04-28 12:48 . 2008-04-28 12:49 145,294 --a------ C:\picture042.jpg
2008-04-28 12:46 . 2008-04-28 12:46 637,426 --a------ C:\picture041.jpg
2008-04-26 15:28 . 2008-04-26 15:29 113,547 --a------ C:\picture040.jpg
2008-04-26 12:50 . 2008-05-25 16:15 <DIR> d-------- C:\Mah B folder
2008-04-25 17:41 . 2008-04-29 00:29 112,047 --a------ C:\hitsugaya.jpg
2008-04-25 17:40 . 2008-04-25 17:40 27,685 --a------ C:\ichigo.jpg
2008-04-25 17:16 . 2008-04-25 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-25 17:15 . 2008-04-25 18:44 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-25 17:15 . 2008-04-25 17:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-25 17:15 . 2008-04-25 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-25 17:14 . 2008-04-25 17:16 460 --ah----- C:\IPH.PH
2008-04-25 17:09 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-25 17:09 . 2004-08-04 02:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 03:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-05-23 19:03 4,886,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-23 19:03 37,676 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-23 00:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-18 16:04 1,577,472 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-18 01:11 --------- d-----w C:\Program Files\mIRC
2008-05-16 03:08 1,559,552 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-14 03:04 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-14 02:50 --------- d-----w C:\Documents and Settings\Nick\Application Data\teamspeak2
2008-05-13 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 00:19 2,887,201 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-12 23:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-10 04:53 --------- d-----w C:\Program Files\Howies Quick Screen Capture
2008-04-15 16:52 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-14 04:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-14 04:11 --------- d-----w C:\Program Files\CCleaner
2008-04-03 20:25 --------- d-----w C:\Program Files\iTunes
2008-04-03 20:24 --------- d-----w C:\Program Files\iPod
2008-04-03 20:23 --------- d-----w C:\Program Files\QuickTime
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 03:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 03:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-07 18:05 136,192 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-07 18:05 1,353,216 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-04 04:44 1,974 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-02 04:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 04:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-09-03 23:03 1,217,264 ----a-w C:\Program Files\Win32OpenSSL_Light-0_9_8e.exe
2007-08-13 23:16 1,008,360 ----a-w C:\Program Files\MzBot no patcher.rar
2007-08-11 03:21 27,728 ----a-w C:\Program Files\file1.jpg
2007-08-09 15:26 664,572,433 ----a-w C:\Program Files\MSSetup.exe
2007-08-01 21:22 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-08-01 20:28 212,849 ----a-w C:\Program Files\scanner.exe.zip
2007-08-01 07:45 921,654 ----a-w C:\Program Files\file.BMP
2007-08-01 07:44 28,272 ----a-w C:\Program Files\file.bin
2007-07-31 19:56 50,375 ----a-w C:\Program Files\SAtrainerFinalv3.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-03 23:51 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-03 23:51 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 13:53 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 08:21 579584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-02 17:29 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 18:54:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 16:52:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-25 16:54:40
ComboFix-quarantined-files.txt 2008-05-25 20:54:32
ComboFix2.txt 2008-05-13 01:13:44
ComboFix3.txt 2008-05-12 23:27:42
ComboFix4.txt 2008-04-26 05:45:32
ComboFix5.txt 2008-04-14 03:58:09

Pre-Run: 39,884,312,576 bytes free
Post-Run: 39,909,855,232 bytes free

155 --- E O F --- 2008-05-17 21:04:44

not sure whats going on, but zone alarm is blocking alot of internet access attempts

ceewi1 · May 27, 2008

There's no sign of any malware in either of those logs, and the fact that Zone Alarm is stopping access attempts indicates that it is doing its job properly. I don't think there's any malware on your system.

alot of internet access attempts

koolkid12349

New Member

koolkid12349

New Member

ceewi1

VIP Member