Hello There, Guest! Register

A plethora of issues
KorJax
BRB, Posting


Posts: 1,376
Joined: Jun 2008
#1
08-01-2009, 10:27 PM

I'm having some very annoying problems here.  Despite running every virus removal program under the sun, in addition to CCcleaner, HijackThis, and doing "manual" fixes I cannot fix ANY of these issues:

1.  I have the google redirect virus.  Don't know how I got it since I only really browse websites I have favorited, but anyways it happens.  Basically every 1/3 google links I click, will INSTEAD redirect to some adsense search engine bullshit instead of the link I clicked.

2.  Every time I start up windows normally, I BSOD. To get into windows I have to boot into either safe mode or debugging mode (the latter is what I do, and appears to work exactly like windows minus a few minor issues). This is most likely due to the above virus fucking things up.  Easy fix with the recovery console, using a chkdsk and fixmbr from what I'm told.  Problem is, my windows XP disk I do not have (can't find it), and the recovery console is ONLY located there. BUT...

3.  I DID find a bat that allowed me to burn the recovery console to a CD, to boot from.  Except I just found out that all my burning programs can no longer detect my DVD/CD burner, which means I can't do this.  Most likely because I am running in safe mode/debug mode.

4.  My system restore is wiped, and I can't make new restore points. This is again most likely due to the above virus.  I do however have an old CCcleaner registry backup from 6/23... but that's over a month old.  I'd rather not resort to using that.

I need some serious help here.  I've done all I can think of and there's no way I can fix this.  I am almost POSITIVE that the reason why my DVD/CD burner isn't working (even though it is detected by windows to work), is because I am running in debug/safe mode.  If I could fix my booting from BSOD'ing by running chkdsk and fixmbr through the recovery console this would be much easier and I'd be able to fix things better, but I can't. 

Obviously reformatting is not an option considering I have no idea where the hell my windows XP disk is (otherwise I would just use that recovery console).

But, my big issue of course is the virus.  Here is my HijackThis log:

Code:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\SAMHAY~1\Desktop\BLACKB~1\Blackbox\blackbox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
Q:\Program Files\BurnAware Free\nmsaccessu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]https://webmail.earthlink.net/wam/login.jsp?redirect=%2Fwam%2Findex.jsp&x=1003931524[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Logitech LCD Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
O4 - Global Startup: Logitech G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computerzoo.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll svdhop.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NMSAccessU - Unknown owner - Q:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

Can anyone see anything that would cause issues?  I've dug through it myself and I can't find a single out of place file/string.  Other people who have had this issue on google and such had stuff like "ILuvSearch" and other crap like that, but in my case everything that showed up is driver related stuff I use or just old programs that are safe but I haven't used in a while.


[Image: a731e9e08c48b218b111e3275e851e8e.gif]
Reply
3clipse
Gay for Richard Simmons


Posts: 953
Joined: May 2008
#2
08-01-2009, 11:19 PM

Plethra, Good word.
Mr.Face had the first problem that you had.
Sorry, ive got nothing to help.


KataKlipse [Meow!]: Was today macho of me?
+|FFG|+ SUPER MACHO MAN: Very.
+|FFG|+ SUPER MACHO MAN: *flex*
KataKlipse [Meow!]: Hell YES!

3clipse|brb.u|: so are we best buddies?
dapngwnman: lol what?
3clipse|brb.u|: lol hahaha
dapngwnman: that was extremely creepy sir
Reply
HeK
Rotartsinimda
*******

Posts: 4,183
Joined: Jun 2015
#3
08-01-2009, 11:27 PM

Jesus, you have A LOT of running programs!

A good number of them could be the cause, in addition to browser-plugin trojans, DLL viruses, etc.

Here's a start, use MSConfig (Start->Run->'MSCONFIG'->Startup Tab->uncheck EVERYTHING!->Click ok, reboot).
See if that helps things, otherwise run another HijackThis and post the log.


As spent time goes, you are best trying to acquire a replacement Windows XP disc. Reinstalling will be the fastest way to get back on your feet.
If you are unable to find one locally, shoot me a PM and I can see if I can help you out.
Reply
Spore
2 guys, no cups necessary


Posts: 2,587
Joined: Mar 2008
#4
08-02-2009, 02:35 AM

Do what the people at Facepunch said.


Feeling generous? Karf is a respectable human being. http://i.imgur.com/MTVw5.png
Thank you, Mr. Pelican.
Reply
[fr31ns]Karrde
The Handy Murse


Posts: 2,655
Joined: May 2008
#5
08-02-2009, 02:51 AM

Don't you have your install disc?  Truy doing a recovery install.  You might be able to fix enough shit up that you may buy time to back your shit up and format.


<+Karrde> welp, time to learn some basic patterning skills
<@Negate> 12121212121212121212
<@Negate> there is a simple pattern
<+Karrde> I changed my mind.  Gonna cosplay as a gay demon from hell and get negate raped instead XD
<+Caffeine`work> Karrde: Gay demon? Why would you need to cosplay just go as yourself
<+FlyingMongoose> Caffeine`work: Karrde would actually have to tone it down some.
Reply
KorJax
BRB, Posting


Posts: 1,376
Joined: Jun 2008
#6
08-02-2009, 07:39 AM

Quote:Karrde link=topic=3391.msg103203#msg103203 date=1249199460]
Don't you have your install disc?  Truy doing a recovery install.  You might be able to fix enough shit up that you may buy time to back your shit up and format.

No, read the post.  If I had my XP disk I would have just used the Recovery Console off that to fix my BSOD issue.  But I don't which means I can't fix it.  My only other option now is to try and find someone else's CD burner to burn my bootable recovery console CD ISO on (as the fact that I'm running debug mode/this virus is making mine not work for programs).


[Image: a731e9e08c48b218b111e3275e851e8e.gif]
Reply
CaffeinePowered
Mad Hatter
*******

Posts: 12,998
Joined: Mar 2008
#7
08-02-2009, 10:42 AM

Get a friend to download a pirated copy, if you want to save any data, just buy a new hard drive and do a fresh install


[Image: caffsighl7.jpg]Â[Image: 1184299259221.gif]
Sig by Joel
Reply
HeK
Rotartsinimda
*******

Posts: 4,183
Joined: Jun 2015
#8
08-02-2009, 12:32 PM

Another option if you do not want to buy another HD is:
  • Obtain a new Windows XP CD.
  • Install Windows without formatting, using the existing partition.
  • You will now have a computer that dual-boots between WindowsXP and broken Windows XP
  • You should have a working burner, back everything up
  • Reinstall, this time formatting the entire drive
  • Party
Reply
KorJax
BRB, Posting


Posts: 1,376
Joined: Jun 2008
#9
08-02-2009, 03:13 PM

Too much time, I'm lazy  Tongue

Plus I'd probably need a weeeee bit more than a few dvd's burned.  It would be cheaper to get a new hard-drive than to buy enough CD's+DVDs to backup everything.


[Image: a731e9e08c48b218b111e3275e851e8e.gif]
Reply
Spore
2 guys, no cups necessary


Posts: 2,587
Joined: Mar 2008
#10
08-02-2009, 04:23 PM

(08-02-2009, 03:13 PM)KorJax link Wrote: Too much time, I'm lazy  Tongue

Plus I'd probably need a weeeee bit more than a few dvd's burned.  It would be cheaper to get a new hard-drive than to buy enough CD's+DVDs to backup everything.

How about you only backup things that can't be replaced. Surely you don't have more than 8GB of stuff you absolutely cannot find anywhere else.


Feeling generous? Karf is a respectable human being. http://i.imgur.com/MTVw5.png
Thank you, Mr. Pelican.
Reply
KorJax
BRB, Posting


Posts: 1,376
Joined: Jun 2008
#11
08-02-2009, 08:16 PM

Managed to burn a boot disk on a my dad's CD burner on his work laptop.  Not sure if it will work though because most of the options some guide told me to set wern't avalable in the program I was using (even though it says I could "make a boot disk" in the program).  Gonna try to use that to defrillibrate my OS so I won't have to use debug mode.

I'm glad the virus seems to not do anything except redirect every third google link though. What is weird is that it there's pretty much little to no trace of it running on the computer as far as I can tell, unless it's embedded itself into my browser somehow or a really REALLY hidden rootkit.  I thought rootkits though were pretty much "covered" by modern anti-spyware/adware/virus programs?



[Image: a731e9e08c48b218b111e3275e851e8e.gif]
(This post was last modified: 08-02-2009, 08:19 PM by KorJax.)
Reply
KorJax
BRB, Posting


Posts: 1,376
Joined: Jun 2008
#12
08-04-2009, 03:05 PM

Okay fixed my BSOD issue, chkdsk did the trick.


[Image: a731e9e08c48b218b111e3275e851e8e.gif]
Reply
Mr. Face
Necrophiliamaniac


Posts: 1,628
Joined: Dec 2008
#13
08-05-2009, 04:03 PM

(08-01-2009, 11:19 PM)3clipse link Wrote: Plethra, Good word.
Mr.Face had the first problem that you had.
Sorry, ive got nothing to help.
If so he's got a trojan.
Looking at the other problems he has he's got more than one.
Trojan's are dicks.



Sticks and stones may break my bones (but -1s hurt forever ;_Wink
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)