Help-PLEASE! My computer is all *%$#@ up!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
M

MustardSnake

Thread Starter
Joined
Mar 25, 2004
Messages
55
I have an Hp pavilion ze5170 notebook that runs Windows XP. I believe I have a nasty virus/spyware/adware/malware problem, but I'm not sure.
Here is all the trouble my computer is causing me:

-Often, the error message "Missing DLL file" appears.
-The CD Burner will not work. Either through WMP or through DLA or any other burning software that I use. Whenever I give it the command to burn, it just freezes up and will not unfreeze.
-Windows installer freezes as well.
-Many times, it will freeze on shut down or boot up.
-Internet Explorer seems to have a browser hijack - it often changes the start page to http://213.159.117.134/index.php
-When I try to delete files, it gives me another error message mentioning DLL files and something about a source - I can't remember the exact wording- I'll find out and put it in another post.
-It runs waaay too slow for the memory it has.
-All commands seem to take forever to execute.

I've run Ad-Aware, Spybot S&D, McAffee, Spyware Doctor, etc, etc...and all of them show up clean.
I don't really know what to do.

Here is my Hijack This logfile:

Logfile of HijackThis v1.97.7
Scan saved at 2:14:21 PM, on 09/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HpRfDev.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Rock Hudson\Desktop\Maintain\Spyware Doctor\spydoctor.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPBatteryOptimizer.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Documents and Settings\Rock Hudson\Desktop\Maintain\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


The first 6 I have tried to delete, but they always show up the next time I scan.

Can anyone help me? I know a lot of the problems would have been better suited for other forums, but I don't know exactly what the source of the problem is, so I hope it's ok that I put them all on here.

I'm desperately trying not to have to take it into my school's "computer services" because they don't know anything and they confiscate your computer for months. (I think they put it in a cage and poke it with a stick)

I've had great results on TSG forums before- you guys really know your stuff - so if anyone can help me with all this b.s. on my comp. right now, it'd be much appreciated.
 
zoombini

zoombini

Joined
Aug 18, 2003
Messages
289
Run an anti-virus program in safe mode to see if it picks up a virus. The virus may also be rooted the system restore files so delete all them first.

Maybe Im just being lazy cos it's saturday nite, but why not just reinstall the OS to see if some of the problems disappear?
 
M

MustardSnake

Thread Starter
Joined
Mar 25, 2004
Messages
55
I would, but I have no way of backing up the files that I need on my computer. Is there any other way? Or can I get help on how to back up my files?
 
Dust Sailor

Dust Sailor

Joined
Mar 17, 2004
Messages
2,735
Go Here http://forums.techguy.org/t110854.html Download the latest HiJack This program Yours is out of date . Follow the tutorial.

On the same page of Security Tools find SpyBot Search and Destroy and Ad-Awre SE . Download and setup according to tutorials there . Do a scan with both programs and get rid of everything picked up by them .

Download Spyware Blaster install and update .

Do an online Panda Active Scan then post the new Hi Jack This log here . Do not use any spyware programs not listed on this security page for now .

Make sure your McAfee program is up to date .
 
cybertech

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click on the link below to download CWshredder.
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

Reboot:

Download Spybot http://www.majorgeeks.com/download3957.html

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer and post another HJT with the new version, link provided above by Dust Sailor.
 
telecom69

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
You seem to have done all the right things byusing adaware,spybot etc and your hijack log is pretty clean too,Im wondering how you tried to delete those files,did you use hijack? if not put a tick by the following and after closing all open windows have hijack FIX them

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

Then disable system restore temporarily you can enable it when we have finished ....and go here and run the online scan http://housecall.trendmicro.com/

post back a modified log .....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 617 (members: 7, guests: 610)
Top