Jump to content


Photo

Is spyware disabling my internet connection?


  • Please log in to reply
5 replies to this topic

#1 SpyFighter

SpyFighter

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 May 2004 - 04:54 PM

Hey professionals, I am experiencing quite a weird problem with my laptop. After about 10 minutes of using the internet, my ADSL connection suddenly gets cut off and I can no longer use the net. I see no errors message, all that happens is my browser says at the bottom of the screen in the left hand corner: "Connecting to ...IP address". I have noticied that this seems to happen most of the time when I try to use Bittorrents.

I have run the latest versions of Spybot, Ad-aware, CWShredder, TrojanHunter, Spyblaster but none have found anything suspicious (both in normal/safe mode). Zonealarm, Norton antivirus, Spyware Blaster and Spyware Guard all run automatically on my PC.

Recently I have switched from using Internet Explorer to Firefox 0.8 but the problem occurs with both browsers.

I have a number of startup programs disabled by MSCONFIG but after reading the F.A.Q., I have re-enabled them all and restarted so that they all start thus helping HijackThis to find something.

It would be great if someone could point me in the right direction and check-out my HijackThis log below. I'd be most appreciated as I am desperate to find a resolution. I'm just a bit worried to delete anything in HijackThis without getting some advice beforehand.

Thanks again in advance for any help...here's my log:

Logfile of HijackThis v1.97.7
Scan saved at 23:35:38, on 30/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\cfpsys.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\James Close\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it;iol.it;;localhost;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Warning: do not remove it! (system)] cfpsys.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashCapture (HKLM)
O9 - Extra button: AOL Instant Messenger ™ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7583.2370601852
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

#2 Mike

Mike

    Dark Lord of SWI

  • Emeritus
  • PipPipPipPipPip
  • 514 posts

Posted 30 May 2004 - 09:04 PM

Sounds more like a problem with the ISP. Call their tech support and see if they can figure it out.
SpywareInfo: How are you gentlemen?? All your base are belong to us!!
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!

#3 RJ100

RJ100

    SWI Lurk-Master

  • Full Member
  • Pip
  • 46 posts

Posted 30 May 2004 - 10:02 PM

Mike seems to be on the right track.

I too have been experiencing this same dilemma.
A re-boot is the only thing that sorts out the connection.
3 machines, linksys router, Dlink modem, sygate firewall, etc.
Only one PC does this consistently. :ugh: :gah:

Here are some links that may or may not be of use to you.
http://www.sysopt.co...threadid=162792
http://www.dslreport...21233~mode=flat
http://www.dslreport...89536~mode=flat
http://www.dslreport...33286~mode=flat

The last link has a pretty good explination by TELUS Helper.

HTH
Take care

#4 SpyFighter

SpyFighter

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 31 May 2004 - 07:22 AM

Thanks for your replies Mike and RJ. I called my ISP but they said everything was fine at their end. However, after reading RJ's link suggestions and discovering that sometimes firewalls can be part of the problem, I do remember that recently I upgraded my Zonealarm software so maybe that needs to be re-configured in some way?

Could you just confirm that my log seems ok and there aren't any suspicious files there that need deleting? Thanks again for your input!

#5 Mike

Mike

    Dark Lord of SWI

  • Emeritus
  • PipPipPipPipPip
  • 514 posts

Posted 31 May 2004 - 10:43 PM

Disable the firewall long enough to see if that's the problem. If the problem doesn't happen with the firewall disabled, then you have something set up wrong.
SpywareInfo: How are you gentlemen?? All your base are belong to us!!
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!

#6 SpyFighter

SpyFighter

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 June 2004 - 06:52 AM

Guys I have resolved the problem, just thought I would let you know.

I did a little research on the Zonelabs website forums and there were several listing reporting complaints about the new upgrade patch that ZLs has released (version 5.0). Almost everyone who has upgrading is experiencing a whole wide range of problems. The majority of which state that there PC often reaches near maximum CPU usage % when only a few processes are running.

So we have all no downgraded to the golden oldie gem of Zonealarm's version 4.5.594.000. All explanations and versions are available from Zonelab's forums. My PC is back up and running PERFECTLY!

Grreeeat thanks all for your help....hope this helps someone else too :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button