Badly-infected computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

HomeSprings

Thread Starter
Joined
Aug 2, 2004
Messages
11
My sister had some trouble with a worm a while back, so she deleted everything on her computer and started it up again. Apparently, she forgot to put some sort of protection on her computer, and now she's having major problems with it. I downloaded the CWShredder and got those fixed, and I also used Spybot and Ad-aware to check the rest of her computer. Spybot returned about 50 files, and Ad-aware returned more than 300 different things, which I tried to fix.

Mostly what has been happening is that when she logs on to the internet (MSN) Internet Explorer will open up and takes her to some site (secretanime.com). Then after being online for a while, she'll get an error message that disconnects her and won't let her connect again without restarting her computer. Can someone just look at this log and let me know if there's anythng else that the programs didn't fix?

Logfile of HijackThis v1.99.0
Scan saved at 3:33:23 AM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\winfirewall.exe
C:\WINDOWS\System32\winsql32.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\PDSched.exe
C:\WINDOWS\System32\sys32cfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\crash.exe
C:\WINDOWS\wlxbok.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [Microsoft Update] sys32cfg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lameshit] C:\crash.exe
O4 - HKLM\..\Run: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKLM\..\Run: [K6IEXh] C:\WINDOWS\wlxbok.exe
O4 - HKLM\..\Run: [Windows Sql Service For Windows 32 Bit] winsql32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft Update] sys32cfg.exe
O4 - HKLM\..\RunServices: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKLM\..\RunServices: [Windows Sql Service For Windows 32 Bit] winsql32.exe
O4 - HKLM\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKLM\..\RunOnce: [Windows Sql Service For Windows 32 Bit] winsql32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft Update] sys32cfg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKCU\..\Run: [Windows Sql Service For Windows 32 Bit] winsql32.exe
O4 - HKCU\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKCU\..\RunOnce: [Windows Sql Service For Windows 32 Bit] winsql32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{314EDD0A-9C2B-496C-9B92-11D404353E43}: NameServer = 205.171.3.65 205.171.2.65
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
 
Joined
Mar 17, 2004
Messages
2,735
http://forums.techguy.org/t110854.html

Go here and update Spybot and Ad-aware Se and do a scan UPDATE these and use weekly

Do a scan with housecall and Panda

If you do not have an on board anti virus program get AVG 7 here and install it

Turn on the XP firewall

Download and Install Spyware Blaster and Spyware Guard .

Empty the recycle bin

REBOOT and post another log here please
 

crjdriver

Moderator
Joined
Jan 2, 2001
Messages
41,163
In addition to the above info, turn off system restore. This deletes all of the restore points which can be infected. Turn system restore back on after you are finished.
 

Kenny94

Banned
Joined
Dec 16, 2004
Messages
2,026
If U still have problems with your computer/OS (hey U have/had some pests that are hard to get rid of!!!
Here's a great cleaning tool from a-squared (a²) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). a² fills the gap that malware writers exploit.
When on page, scroll down to a² Free at:

http://www.emsisoft.com/en/software/free/

Being of a curious ilk, I've tested this program. It's an superior/safe cleaning tool, and we use it on all of our computers.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top