[momsays]

I posted earlier, went to fix computer as instructed,(friend did), she hit wrong button, and bang, all dll files gone. long story short, went and reformatted, and have yet to be able to get anywhere unless in safe mode. computer freezes, ad aware removed over 500 items. never longed on computer until virus protection was installed, it went to do virus update and during that time ended up with seven or more trojans. now computer is showing the isass.exe, and only way to stay online is with the shutdown.exe code. here is my log, I hope that this is the place to post it, dont know how much more of the computer crap I can take, as to my 10 yr old daughters report is due in two days, and it has taken me that long to try and fix this, I appreciate all of your help. here is the log: Logfile of HijackThis v1.99.1
Scan saved at 6:10:16 PM, on 2/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IExplorer32c Java Scripting] IExplore32cb.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [MDN] MDNZ.exe
O4 - HKLM\..\RunServices: [IExplorer32c Java Scripting] IExplore32cb.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3A53A3A4-3306-4293-86D3-FA7CACE1B038} (WebMon Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62244A71-6073-4041-8F97-F5A84E9D5E38} (MSNInstaller Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108794506272
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {AC89FCD6-2706-4E8A-95C9-CD8945539061} (MsnInstaller Class) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www2.verizon....es/vzWebIns.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {EFB61AF2-32AF-4D66-8377-DE01BFB34133} (vzLoggerScriptClient Class) - http://www2.verizon....es/vzWebIns.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

again, thank you for your time. we need more people like you guys.

[Advertisements]

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

[coachwife6]

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

[momsays]

I am unable to download the needed file. getting this code at the download page, Error number: 0x8007043C so now what do I need to do. thank you again for your help

[coachwife6]

Without windows being updated you are wide open to infection.

Is your copy of windows valid?

[momsays]

that was quick, yes it is valid. i repaired the xp with the xp cd after the reformatting of the computer yesterday. i am getting the isass.txt shutdown warning which I stop with the shutdown code. also was looking in my computer in the system properties, and when looking at computer info a error came back about a rpc server is unabailable. also wanted to let you know that yesterday, i was trying to install xp sp2, but then the computer hung. needless to say I was unable to install it. thank you again for your help,

[coachwife6]

Don't upgrade to sp2. You are already infected with malware, including wintools.

[momsays]

i am so afraid to leave this site, as i am in safe mode and now it seems that i do not have IE at least to go through the micro site, any ideas

[momsays]

forgot to ask if you would like a copy of my spyware removal logs cannot believe that going from a clean install to just hitting update virus defen. that all of this would happen.

[coachwife6]

I am about to turn off the computer, but let me leave you with some advice.

You say you just refomatted, right? And already you are infected many times over. If I started fixing it, it would be infected right after I fixed it. That's what we're up against. You need to find a way to update windows, given the above instructions.

Concerning your daughter's report, I have sent a note before with my kids when one of the computers is messed up and asked that she do it at school. Not every child has a computer at home. That way you wouldn't be under such a panic to get it all done in a certain amount of time.

Here is something I found on your error message:

http://castlecops.com/postt58331.html

Boot normally logged on with Admin Privilages.
Run WU.
Go into the Install History and click the links to the failed installs.
Follw the instructions and download the full install files to a temp directory. Do not install just yet.
RESTART IN SAFE MODE, no networking. (I got "Extraction Failed, File is corrupt" errors if booted normally.)
Booted in Safe Mode only, run each install file one at a time.
Reboot back into Safe Mode when instructed until all files have been installed.
Keep a written record of the files you install.
Reboot normally and run WU again.


It should now report no critical updates to install.

It worked for me. Hope it helps you too.

Regards,
Mark Brasche
SurfSafely.com

[momsays]

thank you so much for your help, i will do what you have asked, and i will let you know the results, probably tomorrow, need a break from this thing. thank you again

[momsays]

ok, tryed to get the updates to download , but I get an error message when I click anything in the update pg. called verizon , they tried to get a download started wouldnt work, had an error that they didnt know anything about. I am posting the error here to see if anyone has an idea what it is. I am told that this is why I am having problems installing anything. again, thank you. here is the error message. WebMon internal state is invalid
http://www2.verizon....p?task=checking
114 Error: FFFFFFFF