|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Google Links Redirect and Can't Download MS Updates
I recently found out that I could no longer get to updates.microsoft to download updates about 2 or 3 weeks ago instead I get redirected to "Google English". I can also not access many popular antivirus websites to download them. Google paid links redirect to other sites. I have a lot of popups being blocked and some getting through. I've tried to run malware bytes, SuperAntivirus, and a few other virus scanners with a little bit of luck. I found/removed 2 trojans that looked to be linked to a "Sellercore" program trial that I downloaded from their official/unofficial website. I just got a new computer yesterday and I hooked it thinking that it would not show the same symptoms, but the first site I tried going to was updates.microsoft and it instantly redirected to google so maybe it's messing with my network??
Here's a DDS log. Not sure if you need it but hopefully it'll help =) DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 3:03:15.07 on Fri 05/29/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.47 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Sonic\RecordNow!\RecordNow.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.vernoncollege.edu/webctversion.html uSearch Bar = hxxp://www.toshiba.com/search uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Cleanup] c:\docume~1\owner\locals~1\temp\200952617483_mcapp ins.exe /v=3 /cleanup mRun: [msci] c:\docume~1\owner\locals~1\temp\2009526174757_mcin fo.exe /insfin IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325896] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-25 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-7 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-7 298776] R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\driv ers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?] RUnknown SASKUTIL;SASKUTIL; [x] S2 gupdate1c9aac8aecb13e5;Google Update Service (gupdate1c9aac8aecb13e5);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104] =============== Created Last 30 ================ 2009-05-21 01:40 <DIR> --d----- c:\docume~1\owner\applic~1\Affilorama 2009-05-21 01:40 <DIR> --d----- c:\program files\Traffic Travis v3 2009-05-19 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-05-19 11:17 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-05-19 11:17 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com 2009-05-17 11:18 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes 2009-05-17 11:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-17 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-17 10:02 <DIR> --d----- C:\8c679798c12aa35719ccae0c46 2009-05-09 20:11 <DIR> --d----- c:\program files\Algebrator 2009-05-09 16:08 3,120 a------- c:\windows\Y8CAEBJ5.ocx 2009-05-09 16:08 3,120 a------- c:\windows\system32\I9EYCMH4.ocx 2009-05-09 16:08 <DIR> --d----- c:\program files\Cybered 2009-05-07 11:47 <DIR> --d----- c:\program files\Supreme Auction 2009-05-03 14:09 <DIR> --d----- c:\program files\Sellercore 2009-05-03 14:07 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo ==================== Find3M ==================== 2009-05-05 11:12 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-05 11:12 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-05 11:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll 2008-12-27 04:23 34,736 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT 2008-05-12 18:07 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat 2008-12-26 16:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122620081 227\index.dat ============= FINISH: 3:04:33.48 =============== |
#2
|
|||
|
|||
That sure sounds like conflicker to me. You can test for conflicker by using the Conflicker eye chart. It will display 6 images many of which will be blocked if actually do have conflicker. Check out this link
http://www.confickerworkinggroup.org...feyechart.html I had the same problem and (off forum repair referral removed by Moderator) got help from and they cleaned it all up for me remotely Last edited by Jintan; June 3rd, 2009 at 03:34 AM. Reason: Removed link and info |
#3
|
|||
|
|||
eyechart looks good
That eye chart looks good.
I apologize but I'm getting assistance on another forum so I need to close this thread. Thanks, Josh |
#4
|
||||
|
||||
We always appreciate when folks let us know they are working with someone elsewhere JoshN, so it keeps us all from duplicating efforts.
And other than a welcome to CTH megeek, please review the forum guidelines here about not posting advice in request threads. I also did have to edit out your link to a different site, as per CTH policy. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Google redirect | dreemsnake | Malware Removal | 9 | December 2nd, 2010 04:47 AM |
Google redirect and pop ups | ace2005 | Malware Removal | 28 | June 25th, 2010 07:13 PM |
Google redirect and pop ups | ace2005 | Internet / Browsers | 3 | June 22nd, 2010 06:11 PM |
download links jump to Google | rnuckles | Windows XP | 5 | January 15th, 2009 05:56 AM |
Coincidence? After visiting Google.cn, regular Google links redirect!?!? | StopPCTerrorism | Malware Removal | 9 | March 30th, 2006 06:35 AM |
All times are GMT +1. The time now is 01:52 PM.