1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help-PLEASE! My computer is all *%$#@ up!

Discussion in 'Windows XP' started by MustardSnake, Sep 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. MustardSnake

    MustardSnake Thread Starter

    Joined:
    Mar 25, 2004
    Messages:
    55
    I have an Hp pavilion ze5170 notebook that runs Windows XP. I believe I have a nasty virus/spyware/adware/malware problem, but I'm not sure.
    Here is all the trouble my computer is causing me:

    -Often, the error message "Missing DLL file" appears.
    -The CD Burner will not work. Either through WMP or through DLA or any other burning software that I use. Whenever I give it the command to burn, it just freezes up and will not unfreeze.
    -Windows installer freezes as well.
    -Many times, it will freeze on shut down or boot up.
    -Internet Explorer seems to have a browser hijack - it often changes the start page to http://213.159.117.134/index.php
    -When I try to delete files, it gives me another error message mentioning DLL files and something about a source - I can't remember the exact wording- I'll find out and put it in another post.
    -It runs waaay too slow for the memory it has.
    -All commands seem to take forever to execute.

    I've run Ad-Aware, Spybot S&D, McAffee, Spyware Doctor, etc, etc...and all of them show up clean.
    I don't really know what to do.

    Here is my Hijack This logfile:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:14:21 PM, on 09/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HpRfDev.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
    C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Windows\system32\HpSrvUI.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\AIM\aim.exe
    C:\Documents and Settings\Rock Hudson\Desktop\Maintain\Spyware Doctor\spydoctor.exe
    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPBatteryOptimizer.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Documents and Settings\Rock Hudson\Desktop\Maintain\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
    O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    The first 6 I have tried to delete, but they always show up the next time I scan.

    Can anyone help me? I know a lot of the problems would have been better suited for other forums, but I don't know exactly what the source of the problem is, so I hope it's ok that I put them all on here.

    I'm desperately trying not to have to take it into my school's "computer services" because they don't know anything and they confiscate your computer for months. (I think they put it in a cage and poke it with a stick)

    I've had great results on TSG forums before- you guys really know your stuff - so if anyone can help me with all this b.s. on my comp. right now, it'd be much appreciated.
     
  2. zoombini

    zoombini

    Joined:
    Aug 18, 2003
    Messages:
    289
    Run an anti-virus program in safe mode to see if it picks up a virus. The virus may also be rooted the system restore files so delete all them first.

    Maybe Im just being lazy cos it's saturday nite, but why not just reinstall the OS to see if some of the problems disappear?
     
  3. MustardSnake

    MustardSnake Thread Starter

    Joined:
    Mar 25, 2004
    Messages:
    55
    I would, but I have no way of backing up the files that I need on my computer. Is there any other way? Or can I get help on how to back up my files?
     
  4. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
    Go Here http://forums.techguy.org/t110854.html Download the latest HiJack This program Yours is out of date . Follow the tutorial.

    On the same page of Security Tools find SpyBot Search and Destroy and Ad-Awre SE . Download and setup according to tutorials there . Do a scan with both programs and get rid of everything picked up by them .

    Download Spyware Blaster install and update .

    Do an online Panda Active Scan then post the new Hi Jack This log here . Do not use any spyware programs not listed on this security page for now .

    Make sure your McAfee program is up to date .
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to download CWshredder.
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

    Reboot:

    Download Spybot http://www.majorgeeks.com/download3957.html

    Click on "Search For updates" when prompted.

    Scan, click on fix problems.

    Reboot.

    Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

    Install the program and launch it.

    First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

    Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

    Then, deselect Search for negligible risk entries.

    To start the scan, click the Next button.

    When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

    Restart your computer and post another HJT with the new version, link provided above by Dust Sailor.
     
  6. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    You seem to have done all the right things byusing adaware,spybot etc and your hijack log is pretty clean too,Im wondering how you tried to delete those files,did you use hijack? if not put a tick by the following and after closing all open windows have hijack FIX them

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

    Then disable system restore temporarily you can enable it when we have finished ....and go here and run the online scan http://housecall.trendmicro.com/

    post back a modified log .....
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272841

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice