The machine in question is and old Dell Latitude Laptop, P3, running Win2000 SP2 (I cant really up this as there is minimal disk space left)
So I am working on a friends said laptop (more fool me!), I have run spybot, Ad-Aware, AGV anti spyware, SUPERAntispyware, cwshredder, and a fix for smitfraud. All were run in safe mode and for the most part the system seems to have been cleaned, there was tons of Spyware on the machine, I have tried to install AVG anti virus, but it wont install, it says it is already installed all I can do is modify/remove components, repair or remove, none of the options do anything except modify/remove, but all it does is create and empty dir name AVG, anyway hopefully that will be fixed one this problem is sorted.
Another issue I have is that the machine can not get onto the internet (This is sent via another machine), it seems that when ever I connect a cat5 cablle the machine blue screens and reboots. I assume this is part of the problem.
The only thing I can see now that could be the problem is the flashing ?/No though sign in the system tray, when clicked this opens IE, but I can not see the page as its not online.
The only other big problem with this is I cant really do a fresh install (I would love to as who ever set this machine up was an arse anyhow...) as there are some expensive programs on the machine and the friend can not find the install disks/cd.... :-(
Here is the hijack log (Ran as adminsitrator on a normal boot)
Logfile of HijackThis v1.99.1
Scan saved at 14:54:13, on 17/04/2007
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\INV32CLI.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\WUSER32.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %
O2 - BHO: 0 - {1637A00E-AD50-4597-F1A7-A09B8E297D9A} - C:\Program Files\Accessories\lavujat.dll (file missing)
O2 - BHO: AutoComplete - {3878A544-E465-4aad-AF9D-B2A680C2F7EC} - C:\WINNT\System32\xsojf36.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AE71946-4C83-C4FB-F50E-0A330B454C47} - C:\WINNT\System32\tsmahbi.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: AOL 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: AOL Companion.lnk.disabled
O9 - Extra button: FHMPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - D:\APPLIC~1\FHMPoker\client.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ntlogon - C:\WINNT\System32\xsojf36.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Thanks in advance
Ian
Edited by cwjdmitr, 17 April 2007 - 08:20 AM.