Can someone please look at my boses hijackthis log
-
Can someone please look at my boses hijackthis log
My boses computer wont boot up even in safe mode it comes on and then freezes i have tried everthing AVG,NO ADWARE,OFTSPY,REGCURE, the list is endless i am at the end of my tether please help
Logfile of HijackThis v1.99.1
Scan saved at 15:11:00, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVID~1.ROW\LOCALS~1\Temp\Rar$EX00.781 \HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.evesham.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106387825390
O17 - HKLM\System\CCS\Services\Tcpip\..\{330D13FE-175F-47AE-9F05-952958FE52C6}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{330D13FE-175F-47AE-9F05-952958FE52C6}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{330D13FE-175F-47AE-9F05-952958FE52C6}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{330D13FE-175F-47AE-9F05-952958FE52C6}: NameServer = 192.168.0.1,192.168.0.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NetOp Helper ver. 7.65 (2004278) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
-
Not a thing showing in that log but it is an older version:
Please delete the version of HiJackThis.exe you have installed, then download the new version from here:
HIJACKTHIS
How long does it take before it freezes up? Doesn't sound good.
Try this:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found: 
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
-
Computer freezes after a few mins and i tried to run the Dr.Web cure it but computer crashes or freezes straight away or says its encountered a problem and needs to shutdown........
-
go ahead and post the new hijackthis log and if nothing is showing then maybe it is time to just reformat and start over. We can't fix it if we can't run the needed tools/scans.
-
See new attachment of Hijack this log,Thanks for looking
-
Well unfortunately there isn't anything malicious showing in that log either.
Like I said before if you can't run the scans/tools then there isn't any hope to save it.
Wished I could help you.
Newbie
