Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Google Links Redirect and Can't Download MS Updates
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 29th, 2009, 09:09 AM
JoshN JoshN is offline
Member
  
Join Date: May 2009
Posts: 32
Google Links Redirect and Can't Download MS Updates
I recently found out that I could no longer get to updates.microsoft to download updates about 2 or 3 weeks ago instead I get redirected to "Google English". I can also not access many popular antivirus websites to download them. Google paid links redirect to other sites. I have a lot of popups being blocked and some getting through. I've tried to run malware bytes, SuperAntivirus, and a few other virus scanners with a little bit of luck. I found/removed 2 trojans that looked to be linked to a "Sellercore" program trial that I downloaded from their official/unofficial website. I just got a new computer yesterday and I hooked it thinking that it would not show the same symptoms, but the first site I tried going to was updates.microsoft and it instantly redirected to google so maybe it's messing with my network??

Here's a DDS log. Not sure if you need it but hopefully it'll help =)


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 3:03:15.07 on Fri 05/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.47 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vernoncollege.edu/webctversion.html
uSearch Bar = hxxp://www.toshiba.com/search
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Cleanup] c:\docume~1\owner\locals~1\temp\200952617483_mcapp ins.exe /v=3 /cleanup
mRun: [msci] c:\docume~1\owner\locals~1\temp\2009526174757_mcin fo.exe /insfin
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-7 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-7 298776]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\driv ers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 gupdate1c9aac8aecb13e5;Google Update Service (gupdate1c9aac8aecb13e5);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]

=============== Created Last 30 ================

2009-05-21 01:40 <DIR> --d----- c:\docume~1\owner\applic~1\Affilorama
2009-05-21 01:40 <DIR> --d----- c:\program files\Traffic Travis v3
2009-05-19 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-19 11:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-19 11:17 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-05-17 11:18 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-05-17 11:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-17 10:02 <DIR> --d----- C:\8c679798c12aa35719ccae0c46
2009-05-09 20:11 <DIR> --d----- c:\program files\Algebrator
2009-05-09 16:08 3,120 a------- c:\windows\Y8CAEBJ5.ocx
2009-05-09 16:08 3,120 a------- c:\windows\system32\I9EYCMH4.ocx
2009-05-09 16:08 <DIR> --d----- c:\program files\Cybered
2009-05-07 11:47 <DIR> --d----- c:\program files\Supreme Auction
2009-05-03 14:09 <DIR> --d----- c:\program files\Sellercore
2009-05-03 14:07 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo

==================== Find3M ====================

2009-05-05 11:12 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-05 11:12 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-05 11:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2008-12-27 04:23 34,736 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-05-12 18:07 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-12-26 16:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122620081 227\index.dat

============= FINISH: 3:04:33.48 ===============
Reply With Quote
  #2  
Old May 29th, 2009, 09:43 PM
megeek megeek is offline
New Member
  
Join Date: May 2009
Posts: 1
That sure sounds like conflicker to me. You can test for conflicker by using the Conflicker eye chart. It will display 6 images many of which will be blocked if actually do have conflicker. Check out this link

http://www.confickerworkinggroup.org...feyechart.html

I had the same problem and (off forum repair referral removed by Moderator) got help from and they cleaned it all up for me remotely
Last edited by Jintan; June 3rd, 2009 at 03:34 AM. Reason: Removed link and info
Reply With Quote
  #3  
Old May 30th, 2009, 11:53 PM
JoshN JoshN is offline
Member
  
Join Date: May 2009
Posts: 32
eyechart looks good
That eye chart looks good.

I apologize but I'm getting assistance on another forum so I need to close this thread.

Thanks,
Josh
Reply With Quote
  #4  
Old June 3rd, 2009, 03:37 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
  
Join Date: Dec 2004
Posts: 52,284
We always appreciate when folks let us know they are working with someone elsewhere JoshN, so it keeps us all from duplicating efforts.

And other than a welcome to CTH megeek, please review the forum guidelines here about not posting advice in request threads. I also did have to edit out your link to a different site, as per CTH policy.
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Google redirect dreemsnake Malware Removal 9 December 2nd, 2010 04:47 AM
Google redirect and pop ups ace2005 Malware Removal 28 June 25th, 2010 07:13 PM
Google redirect and pop ups ace2005 Internet / Browsers 3 June 22nd, 2010 06:11 PM
download links jump to Google rnuckles Windows XP 5 January 15th, 2009 05:56 AM
Coincidence? After visiting Google.cn, regular Google links redirect!?!? StopPCTerrorism Malware Removal 9 March 30th, 2006 06:35 AM


All times are GMT +1. The time now is 01:52 PM.