2ND WORK PC, INFECTED W/ VIRUSES...

Discussion in 'adware, spyware & hijack cleaning' started by CdS, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. CdS

    CdS Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    8
    ABOUT TO CALL A TECH, PLEASE HELP...

    OK, this is the other work PC of mine. I ran both Spybot & Ad-aware. My homepage always starts at some lame search page and Internet Explorer will stop responding sometimes. Please help, it's very important for the tire shop! Thanks in advance...

    Logfile of HijackThis v1.97.7
    Scan saved at 9:51:19 AM, on 6/28/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\msieftp.exe
    C:\Documents and Settings\User\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\User\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {D05562AB-E4BC-4675-BDEE-C3489DA9B472} - C:\WINNT\system32\gpl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [msieftp] C:\WINNT\system32\msieftp.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38091.6800694444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A71080-B03A-4610-B5E9-08C5958BE276}: NameServer = 151.164.169.201,151.164.1.8
     
    Last edited: Jul 1, 2004
  2. CdS

    CdS Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    8
    BUMP.
     
  3. CdS

    CdS Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    8
    I'm sorry to bump this again, but this is for a work PC. It's of dire importance that we get this problem fixed. We are unable to access pages we need in order to complete transactions for the company. PLEASE, PLEASE HELP US!!! If I can't get this fixed by tomorrow, we're gonna have to call a technician. We sure could save the money if someone could help us out here! Thanks in advance.
     
    Last edited: Jul 1, 2004
Thread Status:
Not open for further replies.