Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help, running in safe mode


  • Please log in to reply

#1
momsays

momsays

    Member

  • Member
  • PipPip
  • 23 posts
I posted earlier, went to fix computer as instructed,(friend did), she hit wrong button, and bang, all dll files gone. long story short, went and reformatted, and have yet to be able to get anywhere unless in safe mode. computer freezes, ad aware removed over 500 items. never longed on computer until virus protection was installed, it went to do virus update and during that time ended up with seven or more trojans. now computer is showing the isass.exe, and only way to stay online is with the shutdown.exe code. here is my log, I hope that this is the place to post it, dont know how much more of the computer crap I can take, as to my 10 yr old daughters report is due in two days, and it has taken me that long to try and fix this, I appreciate all of your help. here is the log: Logfile of HijackThis v1.99.1
Scan saved at 6:10:16 PM, on 2/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IExplorer32c Java Scripting] IExplore32cb.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [MDN] MDNZ.exe
O4 - HKLM\..\RunServices: [IExplorer32c Java Scripting] IExplore32cb.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3A53A3A4-3306-4293-86D3-FA7CACE1B038} (WebMon Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62244A71-6073-4041-8F97-F5A84E9D5E38} (MSNInstaller Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108794506272
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {AC89FCD6-2706-4E8A-95C9-CD8945539061} (MsnInstaller Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www2.verizon....es/vzWebIns.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {EFB61AF2-32AF-4D66-8377-DE01BFB34133} (vzLoggerScriptClient Class) - http://www2.verizon....es/vzWebIns.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

again, thank you for your time. we need more people like you guys.
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am unable to download the needed file. getting this code at the download page, Error number: 0x8007043C so now what do I need to do. thank you again for your help
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Without windows being updated you are wide open to infection.

Is your copy of windows valid?
  • 0

#5
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
that was quick, yes it is valid. i repaired the xp with the xp cd after the reformatting of the computer yesterday. i am getting the isass.txt shutdown warning which I stop with the shutdown code. also was looking in my computer in the system properties, and when looking at computer info a error came back about a rpc server is unabailable. also wanted to let you know that yesterday, i was trying to install xp sp2, but then the computer hung. needless to say I was unable to install it. thank you again for your help,
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Don't upgrade to sp2. You are already infected with malware, including wintools.
  • 0

#7
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i am so afraid to leave this site, as i am in safe mode and now it seems that i do not have IE at least to go through the micro site, any ideas
  • 0

#8
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
forgot to ask if you would like a copy of my spyware removal logs cannot believe that going from a clean install to just hitting update virus defen. that all of this would happen.
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I am about to turn off the computer, but let me leave you with some advice.

You say you just refomatted, right? And already you are infected many times over. If I started fixing it, it would be infected right after I fixed it. That's what we're up against. You need to find a way to update windows, given the above instructions.

Concerning your daughter's report, I have sent a note before with my kids when one of the computers is messed up and asked that she do it at school. Not every child has a computer at home. That way you wouldn't be under such a panic to get it all done in a certain amount of time.

Here is something I found on your error message:

http://castlecops.com/postt58331.html

Boot normally logged on with Admin Privilages.
Run WU.
Go into the Install History and click the links to the failed installs.
Follw the instructions and download the full install files to a temp directory. Do not install just yet.
RESTART IN SAFE MODE, no networking. (I got "Extraction Failed, File is corrupt" errors if booted normally.)
Booted in Safe Mode only, run each install file one at a time.
Reboot back into Safe Mode when instructed until all files have been installed.
Keep a written record of the files you install.
Reboot normally and run WU again.


It should now report no critical updates to install.

It worked for me. Hope it helps you too.

Regards,
Mark Brasche
SurfSafely.com
  • 0

#10
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thank you so much for your help, i will do what you have asked, and i will let you know the results, probably tomorrow, need a break from this thing. thank you again
  • 0

#11
momsays

momsays

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok, tryed to get the updates to download , but I get an error message when I click anything in the update pg. called verizon , they tried to get a download started wouldnt work, had an error that they didnt know anything about. I am posting the error here to see if anyone has an idea what it is. I am told that this is why I am having problems installing anything. again, thank you. here is the error message. WebMon internal state is invalid
http://www2.verizon....p?task=checking
114 Error: FFFFFFFF
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP