TechSpot

Redirected, please help

By oskarcaz
Sep 6, 2008
  1. ok so the other day i was on a website and i clicked on a link it it suddenly turned off my windows firewall and i knew something went wrong. i turned it back on and i thought it was fine.but i got the redirecting virus.when im on google or yahoo and i search for something and click on a link it redirects me to another website.
    heres the hijackthis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:12:49 PM, on 9/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Vista Rainbar\Rainmeter.exe
    C:\Program Files\Styler\Styler.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\OSKARC~1\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\Iexplore.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Documents and Settings\Oskar Cazessus\Desktop\New Folder\More Extras\Favorite links kit\FindeXer\FindeXer.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\Rainmeter.exe
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - Startup: Styler.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 4934 bytes





    can anyone help?
     
  2. SpiritWind

    SpiritWind TS Rookie Posts: 164

    antiSPYWARE/antiTROJAN program(s)

    Hi :

    Based on your "symptoms", it appears you have some bad malware on your
    computer; also your HijackThis log indicates you have NO antiSPYWARE/
    antiTROJAN programs, a serious security lack . Would recommend you run
    "Full Scan(s)" of BOTH the FREE Version of "SUPERAntiSpyware" from
    www.superantispyware.com AND the "Free" Version of "Malwarebytes' Anti-
    Malware", best downloaded from www.malwarebytes.org/mbam.php .

    IF these 2 fail to resolve your problem(s), let us know .
     
  3. oskarcaz

    oskarcaz TS Rookie Topic Starter

    i ran both those programs and SUPERantivirus didnt find anything, but Malwarebytes' Anti-
    Malware found some stuff and got rid of it.my computer is finally back to normal.:] also, whatever i had on my computer wouldn't let me go to a bunch of websites where i could resolve the problem,and would not let me go to any links to like the malwarebytes anti-malware .so i found other download sites where i downloaded it from.
    my computer is running great now thank you
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have no Java installed. Please download and install the latest version, v6u7:
    http://www.java.com/en/download/manual.jsp

    You need to run another HijackThis scan- this does not look like the entire log- the mid-section isn't there. Also, attach Malwarebytes and SuperAntispyware logs.

    You have an issue with the following- make sure the install is correct- uninstall/reinstall if needed:
    Have HijackThis remove the following:
    Then uninstall the Viewpoint program and disable the Viewpoint Service>

    If you require more help, please post new logs as an attachment:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...