Help!

google redirecting and i cant use anti-virus programs

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  Wireless Cam  
Author Message
Cloudx123c



Joined: Sep 16, 2008
Posts: 13
PostPosted: Sun Sep 06, 2009 5:59 pm    Post subject: google redirecting and i cant use anti-virus programs
i cant use mbam, spybot, or any other anti virus programs. im getting pop ups constantly. fake alerts are popping up in my toolbar. and i keep getting fake security center alerts. please help! its a miracle i can even run Hijack this...

hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:09 PM, on 9/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6079 bytes

i really need help guys, i do all my work on this computer. and i have work to do.



EDIT: now i cant even do a right-click without windows explorer stopping and having an error needing to close/ and then i get a message about "dr.watson" having an error and needing to close/

my brother must have done something to this computer, it was fine when it was just redirecting and pop-ups. but now my clicking is limited. this is ridiculous.

EDIT 2: now ive figured out that this drwatson thing is causing the freezing. when it says that "dr.watson post-mortem debugger" has encountered an error and needs to close, it freezes everything on the computer except my access to the task manager/ when i access the task manager, i kill that "drwtsn" process. then the computer un-freezes. however, it happens if i right click agian, so i have to keep doing that. not to mention i dont even get access to the drop-down menu when i right click. im currently going to search more about this thing.

EDIT3: i learned all about it. due to the fact that some virus is affecting it, i used a registry file off of microsoft.com to disable it. the registry file sets dr.watson debugger's operating value to 0. while i could have done it myself, i had four files in that folder, so this was a better choice because i didnt want to accidentally change the wrong value..

but i still cant right click due to an explorer error, but at least its not freezing now. im going to search up how to resolve this as well. in the mean time, i would still like help with my other problems please.
Back to top
Cloudx123c



Joined: Sep 16, 2008
Posts: 13
PostPosted: Sun Sep 13, 2009 10:34 pm    Post subject:
nobody? just what happened to this site? a long time ago, you guys/greyknight17 had responded to my other two incidents in a heartbeat. but not even one person out of 283 views to the topic decided to respond? i guess ill go post my log somewhere else, i need help with this problem. but id much rather use this site, im more familiar with it and comfortable with it in general. now i have to go register and learn about someplace else.
Back to top
goretsky



Joined: Dec 07, 2002
Posts: 9041

Location: Southern California
PostPosted: Tue Sep 15, 2009 2:03 am    Post subject:
Hello,

Please be patient. It may take a while for our resident HijackThis Logs expert to assist you.

In the meantime, you might want to remove the following programs, which are not malicious, but do not need to be installed on the computer:

Absolute Poker
Bodog Poker
Ultimate Bet

They are gambling related and should probably not be installed on a work computer.

Regards,

Aryeh Goretsky
Back to top
Cloudx123c



Joined: Sep 16, 2008
Posts: 13
PostPosted: Tue Sep 15, 2009 9:55 pm    Post subject:
thank you very much for the response. i just thought that nobody cared. perhaps i was a tad impatient.

though this is my work computer, those are my brothers games, so unless they are harmful i believe i should leave them be. i mainly use this computer for school work, although it was originally built as a gaming computer. its too old now. the processor is too weak and our hard drive and video card are obsolete. but keep in mind that its not only used for work, so id like to leave any games or miscellaneous programs be,

im most comfortable with this site, so i guess i should wait and get assistance from one of you guys than go register to a new forum.
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Mon Sep 28, 2009 9:39 pm    Post subject:
Hi, very sorry for the huge delay in replying. Have been inactive for a while due to some other problems that came up. Should be back now Cool

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\wscsvc32.exe

Make sure you delete the above file that has the 32 at the end. There is another legitimate file without the 32...don't touch that file.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
Back to top
AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum