internet connection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

zainu

Thread Starter
Joined
Nov 8, 2000
Messages
179
My OS win2000 SP3. Just recently i noticed the two monitor
screen in taskbar perpetually downloading something eventhough
i did not launch IE and it never stops. I have done a scan with
Adaware and had removed all spyware but still it perists. Below is
HijackThis result. Pls help to see if there are anything amiss: -


Logfile of HijackThis v1.97.2
Scan saved at 5:57:49 PM, on 10/4/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\wins\DLLHOST.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINNT\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\metalrock.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINNT\System32\NotifyPhoneBook.exe
C:\WINNT\system32\netd32.exe
C:\Documents and Settings\user\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37817.8022222222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thks for any help.

:(
 
Joined
Aug 10, 2003
Messages
401
You've been infected with: Backdoor.IRC.Tastyred
check it out here: http://www.symantec.com/avcenter/venc/data/backdoor.irc.tastyred.html

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe

Then reboot in safe mode and delete the following file (in bold):

C:\WINNT\System32\metalrock.exe

Reboot in normal mode and that hopefully should be that.
Hope this helps!

:D
 

zainu

Thread Starter
Joined
Nov 8, 2000
Messages
179
TopCat, i think that did it. My two monitor screen in not flashing
anymore. I have check with HijackThis and those files that i had
removed is no longer that. BTW do i need to delete anything
from the registry :confused:
 
Joined
Aug 10, 2003
Messages
401
If your problem is solved then HJT should have fixed everything that needs to be fixed.

In future a good rule of thumb is:
DO NOT TOUCH THE REGISTRY unless both:
1. a back-up of the registry has been made, and
2. you know exactly what you are doing.

Have you tried an online scan with links that i posted earlier?

You should, if you haven't already done so, go here and install Spybot Search & Destroy: http://tomcoyote.org/SPYBOT/index1.html including a tutorial on removing spyware/adware etc.
Then use this thread to install and configure Lavasoft AdAware: http://forums.techguy.org/t164245/s.html
You would also be advised to goto http://www.javacoolsoftware.com/spywareblaster.html and download SpywareBlaster and SpyGuard which will help prevent the spyware from being installed in the first place.

After all that then do another scan with HJT and post log here to see if everything is as it should be.

Hopefully that should have your pc running smoothly.
:D
 

zainu

Thread Starter
Joined
Nov 8, 2000
Messages
179
Thanks for all the great help that you had given. At present i am
not able to do the online scanning for reasons i cannot disclosed
now. Perhaps some other time. Than you again for helping. (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top