MartinLetain
Posts: 16 +0
Hi guys, my first time on here and would really appreciate some help. A few days ago I had the google redirect problem which Ive had previous amounts of times before. All it took to repair before was malwarebytes anti malware and it always worked like a charm. However this time, I ran it and got rid of the bad malware and ever since then I cant get rid of the google redirect problem as well as I cant visit ANY microsoft sites for updates. After reinstalling XP the same problems have been happening. Ive tried numerous other anti spyware and malware programs and nothing seems to be helping! Not too mention my o/s automatic updater doesnt even pop up or download any updates for me anymore.
Here is my hijackthis log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:25 AM, on 12/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Rtlupd] C:\Program Files\Realtek\InstallShield\Rtlupd.exe -u
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B67E2199-1DCE-4049-8400-A96E6B8AD6F0}: NameServer = 142.161.130.155 142.161.2.155
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
--
End of file - 2048 bytes
Here is my hijackthis log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:25 AM, on 12/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Rtlupd] C:\Program Files\Realtek\InstallShield\Rtlupd.exe -u
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B67E2199-1DCE-4049-8400-A96E6B8AD6F0}: NameServer = 142.161.130.155 142.161.2.155
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
--
End of file - 2048 bytes