Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Amount Of Incoming Pings, Zonealarm Doesn't React.


  • This topic is locked This topic is locked
3 replies to this topic

#1 TheYoda

TheYoda

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:48 PM

Posted 26 April 2006 - 06:48 PM

My computer has been extremeley slow and my router has been flashing that my computer is doing a lot of action when I don't have anything running. It's doing it now too. ZoneAlarm doesn't react to it and I did netstat -a in command prompt and there was a strange incoming connection from something like delay.akamaitechnologies.net:http. I don't know what's going on, so I thought maybe someone could help me. Here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:37 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\kmw_run.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\KMW_SHOW.EXE
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\VMware\VMware Player\vmware-authd.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\system32\vmnat.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
E:\WINDOWS\system32\vmnetdhcp.exe
E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Administrator\Desktop\downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.toolbar/...orms/search.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9B053E00-78D3-47AE-B763-60FF36FF2886} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Dogpile Toolbar - {5e92f538-b50b-46c5-9c5f-c6eeced3f6c6} - E:\Program Files\DogpileToolbar\insptbar.dll
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ccApp] E:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O8 - Extra context menu item: &AIM Search - res://E:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Dogpile Cursor Search - E:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145238558451
O17 - HKLM\System\CCS\Services\Tcpip\..\{D186AD4A-EC12-43D5-A556-35A8D44E94BF}: NameServer = 24.29.103.10,0.0.0.0
O20 - Winlogon Notify: MacDrive-iTunes compatibility - E:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - E:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 03 May 2006 - 05:17 PM

Hello TheYoda and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. There are a couple of housekeeping items we can fix so let's do that while you are here.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file)
O2 - BHO: (no name) - {9B053E00-78D3-47AE-B763-60FF36FF2886} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Other than that you are good to go.

The akamaitechnologies.net is a part of Akamai which is a worldwide content provider used by, well, just about everyone with downloadable content. I can't say why they might be pinging your machine but maybe it was to verify that a connection was still available. Hard to say. At some point in time during each day anyone who is on the internet probably interacts with an Akamai server simply by browsing on the web and the odds go way up if anything is downloaded from any website (including MS updates).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 TheYoda

TheYoda
  • Topic Starter

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:48 PM

Posted 04 May 2006 - 02:58 PM

Thanks, I'll do those house keeping things and it seems windows wasn't telling me that it was updating.
Thanks again!

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 07 May 2006 - 08:48 AM

You're very welcome TheYoda. I'm glad that we could help.

Now that your malware issues have been answered I will close this topic. If you have any new malware issues in the future then please start a new topic.

Cheers.

Have a safe and happy computing day!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users