1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Badly-infected computer

Discussion in 'Virus & Other Malware Removal' started by HomeSprings, Feb 13, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. HomeSprings

    HomeSprings Thread Starter

    Joined:
    Aug 2, 2004
    Messages:
    11
    My sister had some trouble with a worm a while back, so she deleted everything on her computer and started it up again. Apparently, she forgot to put some sort of protection on her computer, and now she's having major problems with it. I downloaded the CWShredder and got those fixed, and I also used Spybot and Ad-aware to check the rest of her computer. Spybot returned about 50 files, and Ad-aware returned more than 300 different things, which I tried to fix.

    Mostly what has been happening is that when she logs on to the internet (MSN) Internet Explorer will open up and takes her to some site (secretanime.com). Then after being online for a while, she'll get an error message that disconnects her and won't let her connect again without restarting her computer. Can someone just look at this log and let me know if there's anythng else that the programs didn't fix?

    Logfile of HijackThis v1.99.0
    Scan saved at 3:33:23 AM, on 2/13/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\winfirewall.exe
    C:\WINDOWS\System32\winsql32.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\PDSched.exe
    C:\WINDOWS\System32\sys32cfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\crash.exe
    C:\WINDOWS\wlxbok.exe
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\Program Files\.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
    O4 - HKLM\..\Run: [Microsoft Update] sys32cfg.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lameshit] C:\crash.exe
    O4 - HKLM\..\Run: [Win32 Firewall Drivers] winfirewall.exe
    O4 - HKLM\..\Run: [K6IEXh] C:\WINDOWS\wlxbok.exe
    O4 - HKLM\..\Run: [Windows Sql Service For Windows 32 Bit] winsql32.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] sys32cfg.exe
    O4 - HKLM\..\RunServices: [Win32 Firewall Drivers] winfirewall.exe
    O4 - HKLM\..\RunServices: [Windows Sql Service For Windows 32 Bit] winsql32.exe
    O4 - HKLM\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
    O4 - HKLM\..\RunOnce: [Windows Sql Service For Windows 32 Bit] winsql32.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
    O4 - HKCU\..\Run: [Microsoft Update] sys32cfg.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Win32 Firewall Drivers] winfirewall.exe
    O4 - HKCU\..\Run: [Windows Sql Service For Windows 32 Bit] winsql32.exe
    O4 - HKCU\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
    O4 - HKCU\..\RunOnce: [Windows Sql Service For Windows 32 Bit] winsql32.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{314EDD0A-9C2B-496C-9B92-11D404353E43}: NameServer = 205.171.3.65 205.171.2.65
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
     
  2. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
    http://forums.techguy.org/t110854.html

    Go here and update Spybot and Ad-aware Se and do a scan UPDATE these and use weekly

    Do a scan with housecall and Panda

    If you do not have an on board anti virus program get AVG 7 here and install it

    Turn on the XP firewall

    Download and Install Spyware Blaster and Spyware Guard .

    Empty the recycle bin

    REBOOT and post another log here please
     
  3. crjdriver

    crjdriver Moderator

    Joined:
    Jan 2, 2001
    Messages:
    38,372
    In addition to the above info, turn off system restore. This deletes all of the restore points which can be infected. Turn system restore back on after you are finished.
     
  4. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    If U still have problems with your computer/OS (hey U have/had some pests that are hard to get rid of!!!
    Here's a great cleaning tool from a-squared (a²) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). a² fills the gap that malware writers exploit.
    When on page, scroll down to a² Free at:

    http://www.emsisoft.com/en/software/free/

    Being of a curious ilk, I've tested this program. It's an superior/safe cleaning tool, and we use it on all of our computers.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329986

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice