Sponsored By

LWB

New (to Me) Laptop- Eudora, Opera, Ie Issues

Recommended Posts

I keep getting the "Updates Loading" Icon, and have had issues with getting pages to load. (It took 20min to register and post here) It seems that if I disconnect and redial, I can get a few minutes before I'm not able to get pages to load again, both on IE and Opera. (the buffer message is when I try to check messages in Eudora)

I just got this laptop from a friend, and I'm admittedly bumbling around here trying to resolve the issues. (I had a lot of spyware originally, but Spybot, Ad-Aware and webRoot's Spysweeper come up clean on scans now) I also seem to notice there is much more random data transfer when I'm online than I have with my desktop. (I'm just listing all of what I perceive as "symptoms"- I have no idea whether any of them mean anything)

Anywho, the log-

Logfile of HijackThis v1.99.1

Scan saved at 1:50:13 PM, on 10/3/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ltmsg.exe

C:\WINDOWS\system32\S3Tray2.exe

C:\WINDOWS\system32\tp4serv.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe

C:\WINDOWS\system32\winproxy32.exe

C:\Program Files\Qualcomm\Eudora\Eudora.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Cooter\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gljt.org/modules.php?name=Forums

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Windows Proxy Admin] winproxy32.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [Windows Proxy Admin] winproxy32.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.gljt.org

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127850486676

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM eGatherer Diagnostics Control) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E950D5CE-E882-4440-9466-524A96800F69}: NameServer = 209.116.241.10 216.99.225.31

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Share this post


Link to post
Share on other sites

Hello LWB and welcome to BestTechie.

I see no signs of a Firewall or Antivirus program on your computer. I recommend downloading and installing the following free programs:

ZoneAlarm Firewall

AVG7 Antivirus.

Be sure to check for updates after installation.

Step 1

Open HijackThis, run a scan, then check the following:

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Windows Proxy Admin] winproxy32.exe

O4 - HKLM\..\RunServices: [Windows Proxy Admin] winproxy32.exe

With all other programs and browsers closed, click fix checked.

Step 2

Please set your computer to show all files.

  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Clear "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Show hidden files and folders."
  • Clear "Hide protected operating system files."
  • Click Apply, and then click OK.

You will need to reverse this process when all steps are done.

Step 3

Please delete the following files/folders:

C:\WINDOWS\system32\winproxy32.exe

C:\WINDOWS\system32\syslog32.exe

If you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.

Step 4

Download and run Stinger

  • Download Stinger and save it to your desktop.
  • Reboot into safe mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').
  • Double-click on Stinger.exe to open the tool.
  • Choose your entire hard drive to scan.
  • Choose Scan Now.
  • Stinger will fix anything that it finds.

Step 5

Reboot normally and scan with HijackThis. Post the new log as a reply to this thread.

Please let us know of any complications you had and how the computer is behaving.

Share this post


Link to post
Share on other sites

Thanks for the welcome, and the info, alsocom.

I had played around a little with the Microsoft Anti Spyware and I think I may have deleted the data transfer that was going on. (I did this before I received your reply, and I thought that when a program was blocked it could be reestablished, but it doesn't appear to be the case)

I folllowed the directions, and so far, so good. Here is the new log-

Logfile of HijackThis v1.99.1

Scan saved at 12:47:01 PM, on 10/4/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\ltmsg.exe

C:\WINDOWS\system32\S3Tray2.exe

C:\WINDOWS\system32\tp4serv.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Cooter\Desktop\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gljt.org/modules.php?name=Forums

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.gljt.org

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127850486676

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM eGatherer Diagnostics Control) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cab

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you so much for all your help, and I'll let you know if I see any issues-

John

Share this post


Link to post
Share on other sites

I see ZoneAlarm in the new log which is great but don't forget to get an antivirus program also. In these days on the Internet, an antivirus program running in the background is crucial to a clean computer.

Your new log appears clean. :)

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

1. Right-click My Computer, and then click Properties.

2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.

3. Click OK, and then click Yes.

4. Restart the computer.

5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

I suggest that you download these programs to help keep the computer clean:

Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.

ie-spyad - Puts over 12,000 bad URLs into your restricted sites for Internet Explorer.

Google Toolbar - Blocks many unwanted pop-ups in Internet Explorer.

Firefox - 'Safer' alternative to the Internet Explorer web browser.

Update these regularly.

You may also want to read "So how did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep Windows and your Anti-virus updated.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.