This topic is locked
I'm trying to help my sister with her pc, and neither of us are experts, so apologies if this is a little vague:
She's on XP PRO (no disk) and wanted to replace her Norton AV because the subscription ran out and she said the computer seemed a bit sluggish, so she installed AVG. However, she didn't uninstall Norton first because she didn't know about multi-AVs being incompatible/problematic etc.
Her pc then started behaving even weirder, so she went out and bought (quite cheaply) another AV called 'Bullguard 5.0' because she was convinced that a virus was her problem.
As this 3rd AV was installing, it recognised the other AVs and told her to uninstall them. This she did via Add/Remove.
But her connection to the internet has gone...i.e she just gets an error message (and she's on AOL, just to complicate matters!)
Now then, I have since visited her and ran spybot, adaware, 2 versions of CW shredder, HijackThis, a standalone Avast virus checker, and 2 programs I was recommended on here recently myself (just in case) - aboutbuster and a backdoorbagent removal tool from Symantec, all several times. Everything seems clear, except I don't understand the (quite short) HijackThis log (see below).
I also manually searched through her pc (Program Files, Application Data, Registry) for any files related to Norton, Symantec, AVG, or Grisoft, and deleted them (after back-up of course). And after various stages I ran Regseeker just to clear any dead ends/bits left over in the registry. The first clean found 1300 bits and the last found 1.
The AOL tech also advised her to uninstall her modem, run some of the above and an AV then reinstall AOL etc, all of which she's done (except the AV because apparently 'Bullguard' needs to be online to register and she deleted the others)..but all to no avail anyway. Still she gets stopped at the last stage of getting onto the net with AOL, and I should perhaps also add that the search feature on her pc doesn't work properly, it just opens a box with menus at the top (File, Edit etc) but these have few or no options within them, and there is no option to search for files/folders etc..the box is more or less just a blank one.
So she's looking at a format/reinstall (but I don't know with what disk if it should come to that - one friend has a legal XP Home, but can she just use that??) so, anyway, I suggested that she try the 'ask an expert' approach first, so here it is.
Thankyou for your time, and I really hope someone can help.
Here's the HT log:
-------
Logfile of HijackThis v1.99.1
Scan saved at 16:53:45, on 28/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\steve\Desktop\clean up stuff\hijackthis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Word Whomp Whackdown by pogo - http://game5.pogo.co...n-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - (no file)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)
-------
(If it's any use, the F2 userinit.exe file won't allow it's extension to be changed (I tried .exe to .old just because it looked dodgy), and the 023 entry for AVG just comes back straight away - we tried to delete that only because we'd been getting rid of anything to do with AVG, Norton etc)
Genuine thanks in advance.
diggerbarnes.
Sign In
Create Account
