I'm having some very annoying problems here. Despite running every virus removal program under the sun, in addition to CCcleaner, HijackThis, and doing "manual" fixes I cannot fix ANY of these issues:
1. I have the google redirect virus. Don't know how I got it since I only really browse websites I have favorited, but anyways it happens. Basically every 1/3 google links I click, will INSTEAD redirect to some adsense search engine bullshit instead of the link I clicked.
2. Every time I start up windows normally, I BSOD. To get into windows I have to boot into either safe mode or debugging mode (the latter is what I do, and appears to work exactly like windows minus a few minor issues). This is most likely due to the above virus fucking things up. Easy fix with the recovery console, using a chkdsk and fixmbr from what I'm told. Problem is, my windows XP disk I do not have (can't find it), and the recovery console is ONLY located there. BUT...
3. I DID find a bat that allowed me to burn the recovery console to a CD, to boot from. Except I just found out that all my burning programs can no longer detect my DVD/CD burner, which means I can't do this. Most likely because I am running in safe mode/debug mode.
4. My system restore is wiped, and I can't make new restore points. This is again most likely due to the above virus. I do however have an old CCcleaner registry backup from 6/23... but that's over a month old. I'd rather not resort to using that.
I need some serious help here. I've done all I can think of and there's no way I can fix this. I am almost POSITIVE that the reason why my DVD/CD burner isn't working (even though it is detected by windows to work), is because I am running in debug/safe mode. If I could fix my booting from BSOD'ing by running chkdsk and fixmbr through the recovery console this would be much easier and I'd be able to fix things better, but I can't.
Obviously reformatting is not an option considering I have no idea where the hell my windows XP disk is (otherwise I would just use that recovery console).
But, my big issue of course is the virus. Here is my HijackThis log:
[code]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\SAMHAY~1\Desktop\BLACKB~1\Blackbox\blackbox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
Q:\Program Files\BurnAware Free\nmsaccessu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.earthlink.net/wam/login.jsp?redirect=%2Fwam%2Findex.jsp&x=1003931524
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Logitech LCD Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
O4 - Global Startup: Logitech G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computerzoo.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll svdhop.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NMSAccessU - Unknown owner - Q:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe[/code]
Can anyone see anything that would cause issues? I've dug through it myself and I can't find a single out of place file/string. Other people who have had this issue on google and such had stuff like "ILuvSearch" and other crap like that, but in my case everything that showed up is driver related stuff I use or just old programs that are safe but I haven't used in a while.
Reformat with Windows 7 RC.
If I was in the same situation, I would just reformat and start new. I think your computer is fucked up beyond all repair.
Go for 7 RC. You're computer's beyond help.
The best thing I can think of is if you have two or more HD's, install to a different one, put some anti-virus on it, and scan your other one, and try to back up whatever you can.
[QUOTE=Prismatex;16428425]Reformat with Windows 7 RC.[/QUOTE]
[QUOTE=0TheTrooper0;16428765]If I was in the same situation, I would just reformat and start new. I think your computer is fucked up beyond all repair.[/QUOTE]
[QUOTE=SteeleCratos;16430185]Go for 7 RC. You're computer's beyond help.[/QUOTE]
[QUOTE=Master117;16432087]The best thing I can think of is if you have two or more HD's, install to a different one, put some anti-virus on it, and scan your other one, and try to back up whatever you can.[/QUOTE]
[quote]
[B]Obviously reformatting is not an option considering I have no idea where the hell my windows XP disk is (otherwise I would just use that recovery console).[/B][/quote]
Also I'm not going to install Windows 7 RC. I DO want to hold out until W7 is released officially before I even think about getting it. Sorry, I'm not a fan of installing a self-destructive OS that will basically shut down sometime next year and I'll be forced to go through a reformat all over again.
I'm seriously considering just using my month-old registry backup from CCcleaner. I'm pretty sure I can fix my BSOD issue if I can get to another computer's CD burner and just burn the recovery console CD on there. I'm think my other issues are just because I am running in debug mode. This virus though is just pissing me off, HijackThis comes of "clean" (I looked up all the stuff there and it's for legit services I run), so I'm not sure how it's happening.
[url]http://hijackthis.de[/url]
See this. It doesn't seem like you have anything really bad running.
However, I'm quite sure you can't fix this with just tools you currently have.
[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e[/url]
Get this. If you can't burn, put it on a usb stick and get a friend to burn it or something. Then you can use repair (if it will work) or new installation (programs and data will stay intact)
Or if you still have your product key, go to TPB and torrent an XP CD.
Managed to get to a burner, not sure it will totally work since the CD burning software I used didn't have most of the "advanced" options the guide told me to change, other than it being able to make a "bootable" CD.
I do still have my product key though, so that's certainly an idea. Are all WinXP CD's built the same though? I thought they were tied to only work with specific keys/CDs? In that case I could just borrow a friend's XP disk that I'm sure he would have laying around.
[quote][url]http://hijackthis.de[/url][/quote]
Wow, useful thanks.
[editline]09:10PM[/editline]
Meh, it scanned and says my HijackThis log is totally clean :confused:
[QUOTE=KorJax;16442215]Are all WinXP CD's built the same though? I thought they were tied to only work with specific keys/CDs? In that case I could just borrow a friend's XP disk that I'm sure he would have laying around.
[/QUOTE]
Yes they are all built the same. My friend used my Vista CD but put in his own product key that he had and it installed perfectly fine.
[QUOTE=SteeleCratos;16439434]Or if you still have your product key, go to TPB and torrent an XP CD.[/QUOTE]
It's illegal
It's an illegal distrobution of a copyrighted program, which in the EULA states is is prohibited to illegally distrobute this software under [B][U][I]ANY[/I][/U][/B] circumstances
[QUOTE=ReznorT;16450515]It's illegal
It's an illegal distrobution of a copyrighted program, which in the EULA states is is prohibited to illegally distrobute this software under [B][U][I]ANY[/I][/U][/B] circumstances[/QUOTE]
:cop:
[QUOTE=ReznorT;16450515]It's illegal
It's an illegal distribution of a copyrighted program, which in the EULA states is is prohibited to [b]illegally distribute[/b] this software under [B][U][I]ANY[/I][/U][/B] circumstances[/QUOTE]
If the serial he has is from a licensed XP package that HE bought then I'm pretty sure it's not illegal to download an .iso of an XP CD. Not to mention that you said [b]distribute[/b] which means to give/share to other potential users. He would only be downloading it for personal use. This is the same exact premise that gamecopyworld.com runs on, their users may download backup .iso files and cracks under the assumption that the client has legally acquired the product in the past.
[QUOTE=reedbo;16450561]If the serial he has is from a licensed XP package that HE bought then I'm pretty sure it's not illegal to download an .iso of an XP CD. Not to mention that you said [b]distribute[/b] which means to give/share to other potential users. He would only be downloading it for personal use. This is the same exact premise that gamecopyworld.com runs on, their users may download backup .iso files and cracks under the assumption that the client has legally acquired the product in the past.[/QUOTE]
It's illegal.
Period.
End of.
Unless it's holomarked with the microsoft logo it is illegal.
And downloading a torrent is different from any "personal backup"
[QUOTE=ReznorT;16450592]It's illegal.
Period.
End of.
Unless it's holomarked with the microsoft logo it is illegal.
And downloading a torrent is different from any "personal backup"[/QUOTE]
Downloading a torrent? What the fuck are you talking about?
I'm talking about downloading .iso files of an XP CD and using them for personal use would be legal ONLY if you had previously bought the same product you downloaded.
No.
Read the EULA then come back whining
A personal backup means i go drop an .iso of my Vista disk and keep it to myself, hence "personal"
Who cares? If he downloads a copy of XP when he already owns a copy it's fine. I'm not saying its legal, but it makes sense.
[QUOTE=ReznorT;16450650]No.
Read the EULA then come back whining
A personal backup means i go drop an .iso of my Vista disk and keep it to myself, hence "personal"[/QUOTE]
Read my post and come back whining.
How is a Vista .iso I make going to be any different than your Vista .iso? (Provided they're the same version IE: Ultimate, personal etc..)
[QUOTE=reedbo;16450701]Read my post and come back whining.
How is a Vista .iso I make going to be any different than your Vista .iso? (Provided they're the same version IE: Ultimate, personal etc..)[/QUOTE]
There is only 1 ISO for all versions.
Is it legal for me to steal your car without the car keys?
[QUOTE=ReznorT;16450515]It's illegal
It's an illegal distrobution of a copyrighted program, which in the EULA states is is prohibited to illegally distrobute this software under [B][U][I]ANY[/I][/U][/B] circumstances[/QUOTE]
[url]http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e[/url]
Dammit Microsoft breaking the law by distributing iso files of their own operating systems
Are you fucking dumb?
That ISO is only the service pack.
[QUOTE=Prismatex;16456562]Are you fucking dumb?
That ISO is only the service pack.[/QUOTE]
I downloaded a windows vista sp2 iso off the microsoft site and I was able to do a clean install of vista. So... What does that count as.
You must be Jesus.
[QUOTE=Yumyumbublegum;16456914]You must be Jesus.[/QUOTE]
Appearently
i'll send in a cupon for a free halo
Allright the good news is I managed to stop my PC from bsoding on startup by doing the chkdsk in the recovery console (took like 4 hours though)!
Bad news is I still have the google redirect and I still can't make system restore points.
[QUOTE=KorJax;16482750]Allright the good news is I managed to stop my PC from bsoding on startup by doing the chkdsk in the recovery console (took like 4 hours though)!
Bad news is I still have the google redirect and I still can't make system restore points.[/QUOTE]
try using another browser and see if it still does that. If it does, then I strongly suggest you uninstall IE and download it again with your secondary browser (or download it before you uninstall it)
IE? I don't use IE, so that wouldn't help at all. But yes it does happen in IE too.
And you can't just uninstall IE. Last time I tried doing that, whenever I used steam (or it could have been whenever I would log into my account on windows) I would BSOD. I blame it on the fact that Steam (and several other programs) have deeply tied roots in IE and use it as a basis for their own stuff.
Internet explorer is intergrated into xp/vista you can never fully uninstall it, so if you bsod logging into steam or anything else that would be another issue all together.
If you dont have an IE icon on your desktop, do this: Right click desktop>Properties>Desktop tab>Customise Desktop. Tick the checkbox for IE. If all that doesent matter, just get to Internet Options>Programs>Manage addons. Delete all of them not listed as Microsoft supplied or if you've no idea where they came from. Addons like toolbars or ActiveX controls. If you cant remove eny of them, get this --> [url]http://ccollomb.free.fr/unlocker/[/url] It will force almost any handle on any file closed so you can delete/rename/move/copy it. If you wanna see in detail whats running on your computer, get this too --> [url]http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx[/url] Theres a great number of things you can do with this, one great thing is you can suspend a process so it cant do anything, like a malicious one.
My computer was full of spyware and stuff, I just bought spyware doctor and that fixed it ( Found 176 infections), Although I still get that google redirect thing once in a while.
The redirect thing could be a change in your DNS server settings. Some malware my younger brother downloaded on a laptop he used to have changed them, which made every search engine redirect to some nasty ass sales site. Check them.
Sorry, you need to Log In to post a reply to this thread.