attack

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
My Visualzone is growing wildly. Even when not connected it keeps recording several hits every minute. Any suggestions. Spybot found nothing. Running a current virus check as I type.
The hits seem like the same ones over and over again with time ranges of 1:00 to now.

Over 5000 hits in the past 10 minutes.

Jm100dm
 
Joined
Jul 8, 2002
Messages
14,681
Thats the idea of running a firewall, (which you must be to use VisualZone) to protect your computer's internet traffic. Anything you see in a firewall log is what your firewall has stopped already.
 

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
Thanks

But it keeps replicating. Even if not connected.

I delete the logs and start with nothing in any of them. File is recreated empty and within minutes there are hundreds again.

Heres a sample of the log. The times are sporatic and repeating.
Is tvdebug.log a valid file in windows\internet logs ?

FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
 

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 01-26-2003 8:33:00.46p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\NAVAPW32.EXE /LOADQUIET"
"RegProt"="c:\\regprot\\regprot.exe /start"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"Norton eMail Protect"="C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON ANTIVIRUS\\POProxy.exe"
@=""


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

SET BLASTER=A220 I7 D1 H5 P330 T6
SET SBPCI=C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV
rem - By Windows 98 Network for Netware Upgrade - C:\WINDOWS\lsl.com
SET CLASSPATH=c:\adobe\AdobeConnectables
@ECHO OFF
rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your AUTOEXEC.BAT file. Your actual
rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
rem

PATH C:\BITWARE\

rem - By Windows 98 Network for Netware Upgrade - C:\WINDOWS\odihlp.exe


==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\CapsLockOff.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Taskmon.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder

C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm.lnk

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:WIN9X /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-


REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV\SBINIT



-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 44 01-22-03 11:48a
-=================-

[Rename]
NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\EROTIC~1.SCR

==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
TEMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
CLASSPATH=c:\adobe\AdobeConnectables
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\BITWARE\
windir=C:\WINDOWS

File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini

==========================================================================
__________________________________________________________________________

- End -
 

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
Got it to stop. Not sure how but I had down loaded some bios updates earlier and may have caused this myself. After deleting the files and clearing the logs it stopped. I'll leave the bios alone for now.

Also unchecked the open box in msconfig and restarted. See attachment. Any ideas what this is?

Will check back tomorrow.

jm100dm
 

Attachments

Joined
Jul 29, 2001
Messages
21,334
If you will notice the only port they are hitting is 137 which is open if you have NetBIOS bound to your NIC or file and printer sharing enabled. You also appear not to have a static IP address so don't worry too much....shut off file and printer sharing tho.
 
Joined
Jul 8, 2002
Messages
14,681
Yes, it is only port 137. Probably someone doing random scans looking to hack over NetBIOS, or for un-password protected fileshares.
 

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
There was a box with nothing to the right of it. In regedit under run- the data for default was " ",so I deleted the key and now the box is gone. And default is (value not set). Shortened my msconfig too.

I didn't know that file share was open. Quick refresher - where do I change the setting?

Thanks
jm100dm
 

Attachments

jm100dm

Thread Starter
Joined
May 26, 1999
Messages
994
This just does not seem right to me. My ZALog is now 18.658mb. I downloaded hijackthis and ran it but am clueless as to how to read it. Does anyone see anything that could be causing my problem. Thanks for any help with this.

Jm100dm

Logfile of HijackThis v1.91.2
Scan saved at 7:12:09 PM, on 1/28/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.americasbest.com/danscripts/jokeoftheday.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Access4Free
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://keyword.netscape.com/keyword/%s
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - Startup: CapsLockOff.lnk = C:\unzipped\CapsLockOff1\CapsLockOff.exe
O4 - Startup: Taskmon.lnk = C:\WINDOWS\TASKMON.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &2 Customize Menu - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &7 Fill Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: RF Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.americangreetings.com/cnp/Install/AxCtp.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} (VoilaXctl Class) - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/coloring/Coloring.ocx
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.broderbund.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37641.1581365741
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM\EBKP.DLL
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top