Articles

being redirected to other websites

November 1, 2009 at 10:12:24
Specs: Microsoft Windows Vista Home Basic, 1.6 GHz / 1789 MB

Your System Specs
Click here to return to My Computing.Net.
Manufacturer: Emachines
Model: El1200-07w
OS: Microsoft Windows Vista Home Basic
CPU/Ram: 1.6 GHz / 1789 MB
Video Card: NVIDIA GeForce 6150SE nForce 430
Sound Card: Realtek High Definition Audio

Good day everyone, ok usually I can find my way out of issues, but this time I can't. here is what is going on
1. when i use internet explore and click on a website it will redirect me to somewhere else, i have to hurry and hit the go back button and click again 5 times i have to do this to get to the website i want.
2. I first used this site 6 years ago and thats how i learned about hijack this, and spy bot. anways i havent had it downloaded i just got this pc in march, and i tired few days ago and something is "eating it", i download hijack this and the desktop icon is a white box with a little green box off to the left and this is the error i get.
"Windows cannot access the specified device, path, or file.
You may not have the appropriate permissions to access the it"
3. I downloaded spybot search and destroy and i see the icon but when i click on it I get the same error as hijack this.
4. also i can't update my computer its there the icon in the lower right corner but everytime i click on it to update it fails.

someone help me. i dont have a disk to restore but im sure there is a button to push on start up to restore to factory i just can't find it on the emachine. thanks in advance.

shiree


See More: being redirected to other websites

Report •


#1
November 1, 2009 at 10:15:36

please someone help me

Report •

#2
November 1, 2009 at 13:40:07

The symptoms you describe are normally a virus.

Consider antivirus software, see microsoft's security essentials or other choice.

Removing virus's are kind of a hit and miss deal. Might end up reloading the whole computer and then use antivirus and spyware software and go directly to updates.

Repost if doesn't fix.

Playing to the angels
Les Paul (1915-2009)


Report •

#3
November 2, 2009 at 09:04:10

Removing virus's are kind of a hit and miss deal. Might end up reloading the whole computer and then use antivirus and spyware software and go directly to updates.

That is pretty vague and harsh. Why not give the poster advice on how to remove infections instead of saying fresh install?
Most people have tons of valuable stuff on their PC. Also, the poster could be directed to the security and virus forum if that is the problem. Just my personal opinion.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions

#4
November 2, 2009 at 12:34:53

You are welcome to add additional information that you feel might help the OP.

When you pick on me I start to cry.

Playing to the angels
Les Paul (1915-2009)


Report •

#5
November 2, 2009 at 17:02:11

hey everyone so nothing worked. sad :(, i went to microsoft tried the microsoft's security essentials, no luck it stopped half way through and said, stopped unexpectedly. 3 times had to restart, i tried the onecare, nothing again, I also tried the malwarebytes and nothing it did the same as spybot search and destory and hijack this. the only thing that will work is AVG free, sad it don't help pick up anything, so my conclusing is i need to fresh install but my emachines wont let me, nothing built in like an everx that u hit f8, or dell ctrl + f11. i called emachines the girl was rude and said i have to buy a recovery disk. well i know there has to be a way. but thanks for helping.

Report •

#6
November 2, 2009 at 17:12:25

You can also try making a live cd to try to remove and fix errors.

Barts and UBCD4Win have plugin apps that work great.

Also linux live cd's can run antivirus such as clamwin.

Some machines may have a hidden partition that stores the OEM data. See manual for exact way to recover system. Yep, I have heard that some people have to pay for media but double check the manual.

Playing to the angels
Les Paul (1915-2009)


Report •

#7
November 2, 2009 at 17:22:56

Hi,

I had a similar problem with loads of web site redirects and unable to get updates or use my virus scan - real nasty.

I used Malwarebytes and it sorted it. I don't know if it will work for you, but its free, so worth a try.

Either download it here or get a friend to download it to a memory stick or a disk, then run it from there.

Here's the site address for download in plain text.

Regards


Report •

#8
November 2, 2009 at 19:41:26

I would suggest using combofix:
http://www.bleepingcomputer.com/com...
Download it from that link and follow the instructions. DON'T press any keys unless requested by combofix. Let the program run it's course and after it opens up the text file, that's when you can close that off.
Let us know if that fixes your problem. You may have a rootkit installed if combo fix doesn't clear the problem.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#9
November 3, 2009 at 09:32:22

haha I kinda defeted my pc, i restarted in safemode with networking and downloaded malwarebyes and ran a basic scan and here is my prob. i still have it up so im gona remove it all and then do the combo fix. thanks guys for allll ur help

Malwarebytes' Anti-Malware 1.41
Database version: 3092
Windows 6.0.6002 Service Pack 2 (Safe Mode)

11/3/2009 11:31:34 AM
mbam-log-2009-11-03 (11-31-23).txt

Scan type: Quick Scan
Objects scanned: 85362
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\win32k.sys (Trojan.Dropper) -> No action taken.


Report •

#10
November 3, 2009 at 10:47:29

ok here is my combo fix log i have no idea what im looking at or what to do with it. thanks guys
ComboFix 09-11-02.05 - Shi 11/03/2009 12:18.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.947 [GMT -6:00]
Running from: c:\users\Shi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2330998901-1206937444-1990037922-500
c:\$recycle.bin\S-1-5-21-3476011304-3305141862-4244828377-500
c:\$recycle.bin\S-1-5-21-957388825-4026625574-79556735-1000
c:\users\Shi\AppData\Local\{19AD1114-A43F-497B-9FD9-F07FD9960DB3}
c:\users\Shi\AppData\Local\{19AD1114-A43F-497B-9FD9-F07FD9960DB3}\chrome\content\overlay.xul
c:\users\Shi\AppData\Local\{19AD1114-A43F-497B-9FD9-F07FD9960DB3}\install.rdf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\{30B7C709-C1A4-45CC-8802-C1343F638D30}\_Setup.dll
c:\windows\TEMP\{AC9B3218-F05F-4D55-9E38-29572388BE9D}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_IsRes.dll
c:\windows\TEMP\{AC9B3218-F05F-4D55-9E38-29572388BE9D}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_ISUser.dll
c:\windows\TEMP\{AC9B3218-F05F-4D55-9E38-29572388BE9D}\{7F811A54-5A09-4579-90E1-C93498E230D9}\isrt.dll
c:\windows\TEMP\{F5B75451-8462-4FC4-BA4D-0ADC60F9D80F}\_Setup.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 18:31 . 2009-11-03 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-03 18:10 . 2009-11-03 18:11 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-11-03 17:53 . 2009-11-03 17:53 -------- d-----w- c:\program files\CCleaner
2009-11-03 17:26 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 17:26 . 2009-11-03 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 17:26 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 16:48 . 2009-11-02 16:48 -------- d-----w- c:\users\Shi\AppData\Local\AOL
2009-11-02 15:20 . 2009-11-02 15:20 -------- d-----w- c:\users\Shi\AppData\Local\Apple Computer
2009-11-02 03:15 . 2009-11-02 03:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-11-02 00:57 . 2009-10-01 16:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 21:05 . 2009-11-03 16:18 -------- d-----w- c:\program files\ssd
2009-11-01 20:11 . 2009-11-01 20:11 -------- d-----w- c:\users\Shi\AppData\Roaming\Malwarebytes
2009-11-01 20:11 . 2009-11-01 20:11 -------- d-----w- c:\programdata\Malwarebytes
2009-10-31 17:25 . 2009-10-31 17:25 -------- d-----w- c:\users\Shi\AppData\Local\Microsoft Help
2009-10-31 02:08 . 2009-10-31 02:08 -------- d-----w- c:\users\Shi\AppData\Local\Apple
2009-10-30 03:36 . 2009-10-30 03:36 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-30 03:32 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-30 03:32 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-30 03:32 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-30 03:30 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-30 03:30 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-30 03:30 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 15:33 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-29 15:33 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-29 04:38 . 2009-10-29 04:55 -------- d-----w- c:\program files\RegCleaner
2009-10-29 04:15 . 2009-10-29 04:15 -------- d-----w- c:\programdata\RegCure
2009-10-29 02:35 . 2009-10-29 02:35 -------- d-----w- c:\programdata\WindowsSearch
2009-10-29 02:24 . 2009-10-29 03:50 -------- d-----w- C:\$AVG
2009-10-29 02:24 . 2009-10-29 02:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-29 02:24 . 2009-10-29 02:24 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 02:24 . 2009-10-29 02:24 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 02:24 . 2009-11-03 16:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-29 02:24 . 2009-10-29 02:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-10-29 02:24 . 2009-10-29 02:24 -------- d-----w- c:\program files\AVG
2009-10-29 02:24 . 2009-10-29 02:24 -------- d-----w- c:\programdata\avg9
2009-10-29 01:55 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 19:06 . 2009-11-03 16:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 19:06 . 2009-11-02 02:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-27 19:26 . 2009-10-28 20:35 0 ----a-w- c:\users\Shi\AppData\Local\Shozofipu.bin
2009-10-27 19:26 . 2009-10-28 17:06 120 ----a-w- c:\users\Shi\AppData\Local\Cdocogiceyiqama.dat
2009-10-27 01:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0(142).dll
2009-10-27 01:41 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1(136).dll
2009-10-26 15:43 . 2009-10-26 15:43 -------- d-----w- c:\users\Shi\AppData\Local\BuildAGadget Content
2009-10-26 14:15 . 2009-10-26 14:15 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-25 05:30 . 2009-10-25 05:30 -------- d-----w- c:\users\Shi\AppData\Local\MotionDSP
2009-10-25 05:26 . 2009-10-25 05:26 -------- d-----w- c:\users\Shi\AppData\Roaming\MotionDSP
2009-10-09 15:01 . 2009-01-09 21:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-10-07 15:30 . 2009-10-07 15:30 -------- d-----w- c:\program files\NOS
2009-10-05 23:58 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-05 23:58 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-05 23:58 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-05 23:58 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-05 23:58 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-05 23:58 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-05 23:58 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-05 23:58 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 16:52 . 2009-03-09 03:42 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-11-02 16:48 . 2009-03-18 18:09 -------- d-----w- c:\program files\Common Files\aol
2009-11-02 16:39 . 2008-10-28 21:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 16:36 . 2009-03-07 03:13 73968 ----a-w- c:\users\Shi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 16:27 . 2009-08-27 15:13 -------- d-----w- c:\programdata\Kodak
2009-11-02 16:14 . 2009-04-26 17:23 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-02 16:14 . 2009-04-26 17:23 -------- d-----w- c:\programdata\Roxio
2009-11-02 16:09 . 2009-04-26 17:16 -------- d-----w- c:\program files\Research In Motion
2009-11-02 15:27 . 2008-10-28 21:56 -------- d-----w- c:\programdata\Microsoft Help
2009-11-02 15:26 . 2008-10-28 21:57 -------- d-----w- c:\program files\Microsoft Works
2009-10-30 03:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-30 03:36 . 2009-10-30 03:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 03:36 . 2009-10-30 03:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-30 03:29 . 2009-06-17 17:02 -------- d-----w- c:\program files\LSI SoftModem
2009-10-28 17:14 . 2009-03-20 23:01 -------- d-----w- c:\users\Shi\AppData\Roaming\LimeWire
2009-10-13 21:48 . 2009-04-26 20:18 256 ----a-w- c:\windows\system32\pool.bin
2009-10-09 15:20 . 2009-07-22 16:24 -------- d-----w- c:\programdata\NOS
2009-10-06 14:01 . 2008-10-28 21:49 -------- d-----w- c:\program files\Java
2009-10-06 13:57 . 2008-10-28 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-01 01:02 . 2009-10-30 03:31 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-30 03:31 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-30 03:31 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-30 03:31 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-30 03:31 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-30 03:31 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-30 03:31 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-30 03:31 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-30 03:31 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-30 03:31 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-30 03:31 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-30 03:31 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-30 03:31 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-30 03:31 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-30 03:31 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-30 03:31 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-10-30 03:31 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-30 03:31 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-30 03:31 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-30 03:31 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-30 03:31 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-30 03:31 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-30 03:31 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-30 03:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-30 03:31 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-30 03:31 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-30 03:31 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-30 03:31 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-30 03:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-30 03:31 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-30 03:31 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-30 03:31 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-30 03:31 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-30 03:31 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-30 03:31 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-10-30 03:31 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-10-30 03:31 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-30 03:31 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-30 03:31 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-30 03:31 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-30 03:31 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-30 03:31 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-30 03:31 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 14:24 . 2009-07-19 04:50 -------- d-----w- c:\users\Shi\AppData\Roaming\Apple Computer
2009-09-13 22:03 . 2009-09-13 22:03 2068 ----a-w- c:\windows\checkip.dat
2009-08-27 05:22 . 2009-10-30 04:34 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-30 04:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-30 04:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-30 04:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 05:33 . 2009-08-18 05:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 19:18 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 19:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 19:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 19:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 19:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 19:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 19:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 19:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 19:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 19:18 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 19:18 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 20:07 . 2009-08-13 20:07 1163328 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2009-08-07 02:24 . 2009-10-03 02:03 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2009-10-03 02:04 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-10-03 02:04 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:23 . 2009-10-03 02:03 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-10-03 02:04 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 01:45 . 2009-10-03 02:04 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-08-07 01:44 . 2009-10-03 02:03 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-08-07 00:23 . 2009-10-03 02:03 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-06 23:44 . 2009-10-03 02:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-07-25 03:39 . 2009-07-22 20:16 168 --sha-r- c:\windows\System32\8674849A33.sys
2009-07-25 04:07 . 2009-07-22 16:57 7520 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 17:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f3,f0,82,5a,87,f1,c9,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/28/2009 8:24 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/28/2009 8:24 PM 360584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
rsmsvcs REG_MULTI_SZ ntmssvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{339880ED-3F16-4ED0-A7BF-6AE93BEEEC79}.job
- c:\windows\system32\msfeedssync.exe [2009-10-30 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
mStart Page = hxxp://www.maxiwe.com
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: astrology.com\www
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} - c:\program files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe
AddRemove-{8F1B6239-FEA0-450A-A950-B05276CE177C} - c:\program files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 12:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8B5F7E07]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
c:\windows\system32\vssvc.exe
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\program files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe
c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
.
**************************************************************************
.
Completion time: 2009-11-03 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 18:44

Pre-Run: 44,504,408,064 bytes free
Post-Run: 44,519,809,024 bytes free


Report •

#11
November 3, 2009 at 17:56:55

bump. lol anyone tell me what i need to do from here with the log of the combo fix? thanks in advance. btw im still haveing the re-directing to other website problem, and hijack will NOT install right.

Report •

#12
November 3, 2009 at 20:15:36

sorry for the delay. Download Rootrepeal and follow these
instructions:
http://rootrepeal.googlepages.com/

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#13
November 4, 2009 at 06:54:32

ok update 4? lol so rootrepeal does not work it crashed my computer twice and sent it to the blue screen that said dump recovery. i restarted in safemode and was able to run spybot but only 2 things showed up one mywebsearch, and one keylogger. I tried adaware it wont download, hijack still wont work, which would help me i know. so I been looking for a good registry cleaner, I use to use regcleaner by jouni vuorio, it does not work with vista, it terminates it seft when you run the registry cleaner, I did however get ccleaner to run, but I still have the redirecting to other websites and still can't update my computer. Also I notice when you click on "My computer" and view your C drive, D drive I have a E and F drive that all of the sudden have question marks on them, but nothing in it. I don't know anymore, I'm willing to try anything, this is kinda fun troubleshooting, the worst that will happen is i have to order a recovery disk from emachines for $20 lol..thanks all in advance. shi

Report •

#14
November 4, 2009 at 07:29:34

Give unhackme a shot, I use it for removing rootkits. You can use it in regular or safe mode:
http://www.greatis.com/unhackme/dow...
JUst follow the beginner guide on the left of the page and be sure to run it till ALL the infections are gone. It has many features. Google anything that is unclear to you.
Good Luck

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#15
November 4, 2009 at 10:24:51

Appears to me that you have been hacked.

There is no reason to continue down any path other than wipe the drive and reinstall everything from scratch.

You will not be able to find and close all the back doors the hacker has left behind.

Learn about safe computing and how to protect yourself when you are online. The internet is a criminal playground and you are but one in millions presently hacked. Your identity, your banking, any kind of personal information has been compromised. Act accordingly.


Report •

#16
November 4, 2009 at 15:04:14

There is no reason to continue down any path other than wipe the drive and reinstall everything from scratch.

That is a LAST resort. I have never had to wipe a drive from a rootkit or virus yet (touch wood). My clients are happy with that.
If I had this PC in question in my office, it would be repaired without losing anything and have all the security holes patched.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#17
November 6, 2009 at 07:12:32

Hi,

The advice
There is no reason to continue down any path other than wipe the drive and reinstall everything from scratch.

is not good advice.

If you have a rootkit or other virus, then whatever you have, you will not be alone, and someone will have worked out how to clean it up and remove all traces.

Its worth persevering, before starting from scratch.

Keep the infected PC disconnected from the internet until it's back to normal.

Regards


Report •

#18
November 9, 2009 at 17:52:32

Hey guys. so update on my problem, I'm not sure what or if I had anything, or what was wrong. but I googled an error I was getting not being able to update my pc and this is what I found and tired and it worked, not sure if it was safe or legit lol. but it worked. see below

((((((I had this issue as well (error 80070005 when trying to use update in vista HP),
in my case it seems the problem was a corrupted softwaredistribution folder,
the fix that worked for me is below:

Stop update service:
in run type services.msc, go to windows update and right click select stop.

Rename your softwaredistribution folder:

Go to C:\Windows and find the folder named SoftwareDistribution and rename it to
something else.

NB to do this you will have to first make it visable (folder options>show hidden files),
you may also have to alter permissions on the folder (right click>properties>security
and make sure your user account has the permission to alter the file), also uncheck
the read only box, then apply

now create a new folder called SoftwareDistribution in c:\Windows

Restart windows update:
in run type services.msc, right click on windows update and select start

Now restart your computer, and try to use windows update.

This worked for, can't say it will for everyone, the fix is not mine
- found it on a newsgroup but can't find it now so can't give the credit
to the person that did come up with it

Also I've been qute careful about what updates I've installed now, only
installing essential ones, checking the rest to see if they apply to me-most don't.

Hope this helps it had me tearing my hair out.)))))))

Thats what I tired and it worked, But I was still having that redirecting problem on my browser to ad sites and everything else had to hit the go back 5 times to get to my site. today i once again tried downloading hijack this and opened the file location and went in and messed with the properties to allow me full access but my computers name was not on there, so i added it, but my other pc that is in the kitchen named everybody WAS in there. hmmm wierd and im on a wireless network that is pasword protected for 2 weeks now I called the provider and got help. anyways here is my log for hijack i wont do anything untill someone responds i just want to be sure. thanks everyone for ur help.
shi


Report •

#19
November 9, 2009 at 17:54:42

sorry forgot the hijack log hehe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:05 PM, on 11/9/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\helppane.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.a...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ssd\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\ssd\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ssd\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ssd\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5394 bytes


Report •

#20
November 17, 2009 at 17:18:22

hey guys so my pc finally left me, lol I could order a $20 recovery disk from dumb emachines or I read trying a vista bootable disk. but thanks for everyones help. i realized what it was after searching other websites about the programs running in taskmanager. it was a virus or trojans that implanted them selves as iexplore.exe cuz i had about 4 or 5 going sad i know, and few others. now all it does is go to that blue screen of death, no further if i try to repair it said it cant to send microsoft the error. anyways thanks for all ur help.

Report •

#21
November 18, 2009 at 10:10:12

I saw in one of your first posts where your log said u had a
trojen.doppler. My suggestion would have been to download a
fixtool via another CPU that's not infected and save it to a
memory stick and run it off that.

Report •


Ask Question