[pc_user]

Hello
My PC is locking up at boot up and I am unable to proceed. I turn the PC on, and try to boot in safe mode but even pressing F8 Does not work. I verifed all cables are good, and connections are good too.


Here is the last Hijackthis log I ran:

Logfile of HijackThis v1.99.1
Scan saved at 20:35:02, on 18/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\dior4f49459551.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Documents and Settings\Catiane\Configurações locais\Temp\Diretório temporário 11 para hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa/
O2 - BHO: (no name) - {086F3ADF-92EA-4415-877E-C7DD7DD64F14} - C:\WINDOWS\System32\awtspno.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows module] uisment.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0BDFA616] C:\WINDOWS\System32\dior4f49459551.exe
O4 - HKLM\..\RunServices: [Windows module] uisment.exe
O4 - HKLM\..\RunServices: [0BDFA616] C:\WINDOWS\System32\dior4f49459551.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165279714055
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165279664644
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADB1C21D-FBCD-4036-AA8B-A622FA3CBEE8}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtspno - awtspno.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: Windows Host Services (WINHOST32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe (file missing)
O23 - Service: Print Spooler Service (yoei42ea2230) - Unknown owner - C:\WINDOWS\System32\dior4f49459551.exe


Thanks for the help
S.

[Advertisements]

duplicate post. Posted in malware forum.

[coachwife6]

duplicate post. Posted in malware forum.

[coachwife6]

You have malware. Where did you purchase your machine? You have not updated to SP2. Without that service pack anything we would fix would be infected within a very short time.

Can you update to at least service pack 1?