LWB Posted October 3, 2005 Report Share Posted October 3, 2005 I keep getting the "Updates Loading" Icon, and have had issues with getting pages to load. (It took 20min to register and post here) It seems that if I disconnect and redial, I can get a few minutes before I'm not able to get pages to load again, both on IE and Opera. (the buffer message is when I try to check messages in Eudora)I just got this laptop from a friend, and I'm admittedly bumbling around here trying to resolve the issues. (I had a lot of spyware originally, but Spybot, Ad-Aware and webRoot's Spysweeper come up clean on scans now) I also seem to notice there is much more random data transfer when I'm online than I have with my desktop. (I'm just listing all of what I perceive as "symptoms"- I have no idea whether any of them mean anything)Anywho, the log-Logfile of HijackThis v1.99.1Scan saved at 1:50:13 PM, on 10/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\ltmsg.exeC:\WINDOWS\system32\S3Tray2.exeC:\WINDOWS\system32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\WINDOWS\system32\RunDll32.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exeC:\WINDOWS\system32\winproxy32.exeC:\Program Files\Qualcomm\Eudora\Eudora.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exeC:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exeC:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exeC:\Program Files\Opera\Opera.exeC:\Documents and Settings\Cooter\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gljt.org/modules.php?name=ForumsO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exeO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEO4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitorO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exeO4 - HKLM\..\Run: [NT Logging Service] syslog32.exeO4 - HKLM\..\Run: [Windows Proxy Admin] winproxy32.exeO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\RunServices: [Windows Proxy Admin] winproxy32.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.gljt.orgO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127850486676O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM eGatherer Diagnostics Control) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E950D5CE-E882-4440-9466-524A96800F69}: NameServer = 209.116.241.10 216.99.225.31O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exeO23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Link to post Share on other sites
alsocom Posted October 4, 2005 Report Share Posted October 4, 2005 Hello LWB and welcome to BestTechie.I see no signs of a Firewall or Antivirus program on your computer. I recommend downloading and installing the following free programs: ZoneAlarm FirewallAVG7 Antivirus.Be sure to check for updates after installation.Step 1Open HijackThis, run a scan, then check the following:O4 - HKLM\..\Run: [NT Logging Service] syslog32.exeO4 - HKLM\..\Run: [Windows Proxy Admin] winproxy32.exeO4 - HKLM\..\RunServices: [Windows Proxy Admin] winproxy32.exeWith all other programs and browsers closed, click fix checked.Step 2Please set your computer to show all files.Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK.You will need to reverse this process when all steps are done.Step 3Please delete the following files/folders:C:\WINDOWS\system32\winproxy32.exeC:\WINDOWS\system32\syslog32.exeIf you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.Step 4Download and run StingerDownload Stinger and save it to your desktop. Reboot into safe mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').Double-click on Stinger.exe to open the tool.Choose your entire hard drive to scan.Choose Scan Now.Stinger will fix anything that it finds.Step 5Reboot normally and scan with HijackThis. Post the new log as a reply to this thread.Please let us know of any complications you had and how the computer is behaving. Link to post Share on other sites
LWB Posted October 4, 2005 Author Report Share Posted October 4, 2005 Thanks for the welcome, and the info, alsocom.I had played around a little with the Microsoft Anti Spyware and I think I may have deleted the data transfer that was going on. (I did this before I received your reply, and I thought that when a program was blocked it could be reestablished, but it doesn't appear to be the case)I folllowed the directions, and so far, so good. Here is the new log-Logfile of HijackThis v1.99.1Scan saved at 12:47:01 PM, on 10/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\system32\ltmsg.exeC:\WINDOWS\system32\S3Tray2.exeC:\WINDOWS\system32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\WINDOWS\system32\RunDll32.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\Cooter\Desktop\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gljt.org/modules.php?name=ForumsO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exeO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEO4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitorO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://www.gljt.orgO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127850486676O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM eGatherer Diagnostics Control) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cabO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exeO23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeThank you so much for all your help, and I'll let you know if I see any issues-John Link to post Share on other sites
alsocom Posted October 5, 2005 Report Share Posted October 5, 2005 I see ZoneAlarm in the new log which is great but don't forget to get an antivirus program also. In these days on the Internet, an antivirus program running in the background is crucial to a clean computer.Your new log appears clean. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)1. Right-click My Computer, and then click Properties.2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.3. Click OK, and then click Yes. 4. Restart the computer.5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.I suggest that you download these programs to help keep the computer clean:Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.ie-spyad - Puts over 12,000 bad URLs into your restricted sites for Internet Explorer.Google Toolbar - Blocks many unwanted pop-ups in Internet Explorer.Firefox - 'Safer' alternative to the Internet Explorer web browser.Update these regularly.You may also want to read "So how did I get infected in the first place" to learn how to better secure your computer.Be sure to keep Windows and your Anti-virus updated. Link to post Share on other sites
Recommended Posts