Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows update redirects to google

  • Please log in to reply
1 reply to this topic

#1 BPtheo


  • Members
  • 1 posts
  • Local time:03:02 AM

Posted 19 January 2009 - 02:00 PM

When I try to go to http://windowsupdate.microsoft.com/, I am redirected to google.com

most/all of my adds with google chrome are for viamax

explorer searches are all redirected.

I cant download anything from microsoft.com. I click the link, it opens a new window and tries to connect to download.microsoft.com, then I get a page cannot be displayed error.


here is my DDS

DDS (Ver_09-01-18.01) - NTFSx86
Run by cgrimes at 13:55:52.04 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2444 [GMT -5:00]

AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cgrimes\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
\\exchange01\userhome\cgrimes\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://proxy.dynamix-ltd.com/
uInternet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Google Update] "c:\documents and settings\cgrimes\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [jEdit Server] "c:\windows\system32\javaw.exe" -xms64m -xmx192m -jar "c:\program files\jedit\jedit.jar" -background -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: trendmicro.com\housecall65
TCP: NameServer =,
TCP: {C9B28D50-B096-4E20-894D-3519B4B520C1} =,
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\WowCtl2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cgrimes\applic~1\mozilla\firefox\profiles\va5h2riv.default\
FF - prefs.js: browser.startup.homepage - hxxp://proxy.dynamix-ltd.com/
FF - plugin: c:\documents and settings\cgrimes\local settings\application data\google\update\\npGoogleOneClick7.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2008-5-29 592224]
R4 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2008-4-21 45960]
R4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-8-29 31592]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-11-13 24576]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2009-01-19 12:44 <DIR> --d----- c:\program files\trend micro
2009-01-19 05:50 474,415 a------- C:\fraglist.luar
2009-01-16 17:17 <DIR> --d----- c:\windows\UltraDefrag
2009-01-16 16:51 <DIR> --d----- c:\docume~1\cgrimes\applic~1\GlarySoft
2009-01-16 16:48 <DIR> --d----- c:\program files\Registry Repair
2009-01-16 16:09 70,360 a------- c:\windows\system32\nvwsapps.xml
2009-01-16 16:09 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-16 16:05 18,725 a------- c:\windows\system32\nvdisp.nvu
2009-01-16 16:05 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-15 10:47 253,139 a------- c:\windows\PDFCreator_Toolbar_Uninstaller_484.exe
2009-01-15 10:47 <DIR> --d----- c:\program files\PDFCreator Toolbar
2009-01-15 10:47 116,224 a------- c:\windows\system32\pdfcmnnt.dll
2009-01-15 10:46 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2009-01-15 10:46 <DIR> --d----- c:\program files\PDFCreator
2009-01-14 09:47 255 ---shr-- C:\autorun.inf
2009-01-14 08:42 239 a------- c:\windows\PUNITS.INI
2009-01-14 08:36 73,216 a------- c:\windows\system32\drivers\gaopdxserv.sys
2009-01-14 07:43 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-13 12:52 <DIR> --d----- c:\program files\Bouml
2009-01-13 10:20 <DIR> --dshr-- C:\resycled
2009-01-12 08:26 <DIR> --d----- c:\documents and settings\cgrimes\CodeByDesign
2009-01-12 08:24 <DIR> --d----- C:\OpenSystemArchitect-4.0.0-XP-32bit
2009-01-11 07:55 66,721 a------- c:\documents and settings\cgrimes\FBPSamples.zip
2009-01-11 07:11 <DIR> --d----- c:\docume~1\cgrimes\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-09 17:38 3,480 a------- c:\windows\FVP.INI
2009-01-09 17:38 260 a------- c:\windows\NWS1LICFILE.DAT
2009-01-09 17:38 <DIR> --d----- c:\program files\Northwoods Software
2009-01-09 17:38 299,520 a------- c:\windows\uninst.exe
2009-01-09 17:37 <DIR> --d----- c:\documents and settings\cgrimes\WINDOWS

==================== Find3M ====================

2008-12-03 15:50 60,744 a------- c:\documents and settings\cgrimes\g2mdlhlpx.exe
2008-11-18 16:17 67,108 a---h--- c:\windows\system32\mlfcache.dat
2008-11-13 04:52 6,656 a------- c:\windows\system32\bootexctrl.exe
2008-11-13 04:52 86,016 a------- c:\windows\system32\ultradefrag.exe
2008-11-13 04:52 9,728 a------- c:\windows\system32\defrag_native.exe
2008-11-13 04:52 6,656 a------- c:\windows\system32\udefrag-gui.exe
2008-11-13 04:52 13,824 a------- c:\windows\system32\lua5.1a_gui.exe
2008-11-13 04:52 7,680 a------- c:\windows\system32\udefrag.exe
2008-11-13 04:52 91,648 a------- c:\windows\system32\lua5.1a.dll
2008-11-13 04:52 9,728 a------- c:\windows\system32\lua5.1a.exe
2008-11-13 04:52 17,408 a------- c:\windows\system32\zenwinx.dll
2008-11-13 04:52 9,728 a------- c:\windows\system32\udefrag.dll
2008-10-28 15:37 9,400,320 a------- c:\windows\system32\PDF2DWG.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-06-24 20:07 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-06-24 20:07 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-06-24 20:07 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:56:03.18 ===============

BC AdBot (Login to Remove)


#2 kahdah


  • Security Colleague
  • 11,138 posts
  • Gender:Male
  • Location:Florida
  • Local time:04:02 AM

Posted 30 January 2009 - 08:10 AM

Hello BPtheo

Welcome to BleepingComputer :thumbup2:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

Please include the contents of the following in your next reply:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users