Won't let me open Local disks etc?

[Joshuashaw]

Sorry for poor subject title but this is a complicated one, and I'm sure I'll get slaughtered for it, but it all stemmed from a programme that was reccomended by this forum avast! Antivirus, home edition - the free one as I've certainly not paid for it.

 I used it regularly to monitor my emails and websites I was surfing and never had one problem, never had one virus warning pop up, but ever since I tried to doing a full computer scan, I've been riddled with viruses.

I tried uninstalling it via Control Panel > Add & Remove Programme, but this doesn't work, I've always had the error warning "avast! A Setiface error has occured 536 870929, try to reinstall or contact support, please." what I get when I try uninstall it the normal way, I've tried forcibly uninstalling it using freeware programmes from reliable sources such as Download.com but it still refuses to leave since then I've installed CCleaner, SUPERAntiSpyware & Malwarebytes' Anti Malware, all when I do quick scans and full scans pick up little insignificant threads like spyware threats, nothing major that from the way they give me the results of the scans, and any of the malware that has been found has been removed from my PC.

But I have had problems in terms of when I type a website in, not at the moment, but if I regularly open new IE browsers and type in the toolbar I get a website opening which I didn't ask for, say I typed in google.com; it refers me to a site, I quickly C&P'ed it -

http://offsw.com/?q=dell%208199

and now once the site had loaded has resorted me to this;

[link modified to prevent page-stretching - Carbon]

which doesn't open anything which gives me what looks like a normal error "HTTP 404 Not Found" which comes up with-

"Most likely causes:
There might be a typing error in the address.
If you clicked on a link, it may be out of date. "

I also had a pop up which was trying to make me install a software, nothing I'd actually asked for, but looked like a pop up, x'ed out of box everytime but another sign of an infected computer, but now when I try open up My Computer and go to Local Disk or my External Hard-drive I get this warning sign "C:\resycled/boot.com is not a valid Win32 application" (spelt exactly like that resycled. but this means I can't even transfer the files from my Local disk, internal hard-drive to my external as I can't get into both due to the above error sign. ^ So I can't format it back to shop standards without loosing everything that is initally on my ext hd although it will let me get onto My Documents and places like that on my desktop.

I also got the "HTTP 404 Not Found" error when I woke up this morning and tried getting onto the internet and when I went onto MSN, it wouldn't let me on due to a problem the MSN troubleshooter wouldn't get hold of but I could get on the internet via my xbox live and play games online, same goes for my parents they could get on the net on the other desktops and laptops in my household.

Can anyone shed some light on what theyd think my problem is? I honestly don't mind rebooting the hting back to shop standards aslong as I can put programmes like photoshop & illustrator and the cds and films I've ripped recently from my old collections.

Any help much appreciated. 

[Joshuashaw]

Whilst Im out this evening, Ill run full comp scans via the softwares I've been reccomended from this site apart from avast! which won't even run as it's not 100% there on my PC.

[Joshuashaw]

"Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 5.1.2600 Service Pack 2

26/12/2008 23:39:29
mbam-log-2008-12-26 (23-39-29).txt

Scan type: Quick Scan
Objects scanned: 47599
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)"

Log one,  done a ton of scans in general - full & quick, always picked up on things, only two this time so must be an improvement, I don't have the thing in my IE toolbar redirecting me to random websites obv from malware anymore. Currently running a SUPERAntiSpyware quick scan too, going to download Hijackthis and install that and get a log from that too, in the mean while any help much appreciated.

[Joshuashaw]

In fact, the minute I posted that SuperAntiSpyware did a quick scan and picked up nothing. I still can't get into my local disk or ext hd but I got another error code which I'm presuming is malware due to the spelling incorrection -

"Windows cannot find 'resycled/boot.com' Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search."

I am not sure if it's something I've messed up or an actually malware file within my computer as it seems so weird as I've not fiddled with my local disk or hard-drive or any above my knowledge computer stuff like that on my PC.

[Joshuashaw]

Log from HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:29, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BackupGenius Reminder.lnk = C:\TakeWare\Breminder\BReminder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - AppInit_DLLs: qgpnla.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Layer Gateway Service (ALG)  - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8155 bytes

Just typed a good search, clicked first link, once again been redirected to something else other than what I asked for, it's normally advertisements from something for other, say if I type Dell in > click first reliable google link, actually came up the actual Dell website, toolbar address changes to http://offsw.com/?q=dell and then I either get a site advertising dell with various links or HTTP 404 Not Found.

[Joshuashaw]

I also have a problem viewing opening up video clips from websites in WMP which is insignificant compared to the website redirecting thing and not being able to go into my local disk or ext hd.

[CBMatt]

Sorry for the long wait.  With all of your replies, I was under the impression that you were being helped, so I almost skipped your topic entirely.  You may want to read this...
http://www.computerhope.com/forum/index.php/topic,69848.0.html

It's hard to say what's going on just yet...there are a couple of popular infections running rampant right now, so start with the following...
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to "Non-plug and Play Drivers" and click the plus icon to open those drivers.
• Then search for TDSSserv.sys
• Let me know if you find this or not.
• If you do find it, right click on it, and select "Disable". Do not try to uninstall it.
• Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Then do this...
Please print these instructions as they will be needed later when Internet access is not available.
 
Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/156236231/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double-click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix).
• DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears), press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double-click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished.  Press any key to end the script and load your desktop icons.
• Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Copy and paste the contents of the results file Report.txt in your next reply.

Once you have done all of the above, please follow all of the instructions on this page (or at least as much as you can)...
http://www.computerhope.com/forum/index.php/topic,46313.0.html