Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infested With Everything


  • This topic is locked This topic is locked
No replies to this topic

#1 cwjdmitr

cwjdmitr

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 17 April 2007 - 08:18 AM

Hi All, long time no post for me, well down to the problem,

The machine in question is and old Dell Latitude Laptop, P3, running Win2000 SP2 (I cant really up this as there is minimal disk space left)

So I am working on a friends said laptop (more fool me!), I have run spybot, Ad-Aware, AGV anti spyware, SUPERAntispyware, cwshredder, and a fix for smitfraud. All were run in safe mode and for the most part the system seems to have been cleaned, there was tons of Spyware on the machine, I have tried to install AVG anti virus, but it wont install, it says it is already installed all I can do is modify/remove components, repair or remove, none of the options do anything except modify/remove, but all it does is create and empty dir name AVG, anyway hopefully that will be fixed one this problem is sorted.

Another issue I have is that the machine can not get onto the internet (This is sent via another machine), it seems that when ever I connect a cat5 cablle the machine blue screens and reboots. I assume this is part of the problem.

The only thing I can see now that could be the problem is the flashing ?/No though sign in the system tray, when clicked this opens IE, but I can not see the page as its not online.

The only other big problem with this is I cant really do a fresh install (I would love to as who ever set this machine up was an arse anyhow...) as there are some expensive programs on the machine and the friend can not find the install disks/cd.... :-(

Here is the hijack log (Ran as adminsitrator on a normal boot)

Logfile of HijackThis v1.99.1
Scan saved at 14:54:13, on 17/04/2007
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\INV32CLI.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\WUSER32.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %
O2 - BHO: 0 - {1637A00E-AD50-4597-F1A7-A09B8E297D9A} - C:\Program Files\Accessories\lavujat.dll (file missing)
O2 - BHO: AutoComplete - {3878A544-E465-4aad-AF9D-B2A680C2F7EC} - C:\WINNT\System32\xsojf36.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AE71946-4C83-C4FB-F50E-0A330B454C47} - C:\WINNT\System32\tsmahbi.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: AOL 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: AOL Companion.lnk.disabled
O9 - Extra button: FHMPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - D:\APPLIC~1\FHMPoker\client.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ntlogon - C:\WINNT\System32\xsojf36.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Thanks in advance


Ian

Edited by cwjdmitr, 17 April 2007 - 08:20 AM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users