I have completed the five steps as outlined by this forum regarding malware removal and have attached the HijackThis log below.
Here's the problem. Whenever I disable ZoneAlarm Pro (ZAP), my internet connection hangs up, preventing any program updates, browser access, etc. When I attempt a connection to any URL, both IE and FireFox are redirected to IP 208.185.174.63:8082 which then freezes. When ZoneAlarm is started back up, Internet access becomes available again!!!
I think it is some sort of worm that traveled through my local network, because three different machines exhibit the same issues. However, only the XP platform w/ZAP is able to access the Interent. My win98 machine with ZAP is completely locked out. I've tried several hosts file resets and winsock fixes as well but to no avail.
If anyone could provide any advice, suggestions, etc. on what I can do from here, I would be so greatful! Thanks in advance... Brian
Logfile of HijackThis v1.99.1
Scan saved at 12:40:20 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\SETI@home\[email protected]
D:\Program Files\Belkin\Bluetooth Software\BTTray.exe
D:\Program Files\SpySubtract\SpySub.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Downloaded Files\Utilities\Maintenence Utilities\HijackThis\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [seticlient] D:\Program Files\SETI@home\[email protected] -min
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySubtract\SpySub.exe
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103507796420
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...438/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - G:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - G:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - G:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92PagingServer - Unknown owner - G:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - G:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - G:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - G:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORACLEDB - Oracle Corporation - g:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe