Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Demons in the machine


  • Please log in to reply

#1
Gozza

Gozza

    Member

  • Member
  • PipPip
  • 20 posts
Dear Geekstogo,

I wonder if you could help me. I've been trying to fix my aunts computer and I thought I wouldn't have to much trouble with it, however things are in complete chaos on her computer.

She has all the nescesarry antivirus programs installed like Grisoft antivirus, Symantec and norton. But none of them work! They stop functioning during installation or can't be executed if they're already installed. I tried opening them from their respective folders, but the folder-explorer vanishes when I try to get into them. Same thing with spybot search and destroy and a number of other malware removal programs. Internet seems to be impaired as well, since I can't open the geekstogo webpage on her computer, nor can I enter my own hotmail account. The only page it seems to open is google and a number of other searchpages.. internet explorer just vanishes when I try to open anything else. Messenger also won't start up. I've never seen anything this bad. Basically there is little to nothing she can do with her computer now.

I was able to download hijackthis and copy the file to a floppy (nero seems to have been irrepairably damaged, so no cd-burning). I hope there is something you can help me with because it seems the only thing we can think of is to do a complete reinstall.

Here is my Hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 15:31:23, on 29-3-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\formatsys.exe
C:\WINDOWS\paint.exe
C:\WINDOWS\uptime.exe
C:\WINDOWS\taskmsg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Janmap\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dgrinrlcl...sEEXawTKPs.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:3004
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55198F30-C147-551A-7633-3CCFCD637FF7} - C:\DOCUME~1\Anja\APPLIC~1\COALMP~1\meow boob.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {E9EA211C-D9F2-4F30-BF5C-27980F2B33B7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\uptime.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\taskmsg.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\Run: [FunkEncPingKind] C:\Documents and Settings\All Users\Application Data\download inter funk enc\extra pure.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Winzip QuickStrt] logon.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [stupid aim] C:\DOCUME~1\Anja\APPLIC~1\SKIPRE~1\bolt remote idle.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements


#2
Gozza

Gozza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
-bump-

I hope it's allright to bump this? I couldn't even find the page that my thread was on... ;)

thank you in advance, you guys are great :tazz:
  • 0

#3
Gozza

Gozza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
-bump-

It's been several days :tazz: ;)
  • 0

#4
Gozza

Gozza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
-bump-

srry... over a week has gone by since my first post in this topic :tazz:
  • 0

#5
Gozza

Gozza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Nevermind...

They couldn't wait any longer so they've decided to do a complete format and reinstall.

:tazz:
  • 0

#6
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts
Sorry about that
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP