Windows Update keeps on redirecting to google

[Adam1460]

I've had this problem for a long time. I re-installed a genuine windows XP SP2 Home edition today, no luck. I also cannot download anything from Microsoft's website. I get a connection refused/document contains no data error on my firefox.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:55, on 09/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mddxw] C:\WINDOWS\system32\mddxw.exe \u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4138 bytes

[Karnac]

You should run SuperAntispyware and Malwarebytes......

Follow these guidelines.....http://www.computerhope.com/forum/index.php/topic,46313.0.html

Download to a USB stick and transfer them if you have to.

[Helpmeh]

You should run SuperAntispyware and Malwarebytes......

Follow these guidelines.....http://www.computerhope.com/forum/index.php/topic,46313.0.html

Download to a USB stick and transfer them if you have to.

That's what I've been saying!

[Karnac]

Maybe in another thread.....

[Helpmeh]

Maybe in another thread.....

Sorry, I just mad because I kept telling another member to do that exact same thing.

[Adam1460]

I'll post the other two logs, shortly.

MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

10/05/2009 14:55:58
mbam-log-2009-05-10 (14-55-58).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 86059
Time elapsed: 1 hour(s), 55 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Helpmeh]

I'll post the other two logs, shortly.

MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

10/05/2009 14:55:58
mbam-log-2009-05-10 (14-55-58).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 86059
Time elapsed: 1 hour(s), 55 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8dd2fabf-ab3e-43fb-93d3-63c2c0acb888}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68 85.255.112.221 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Well a DNS changer could be causing some problems, but there is a chance that MBAM didn't completely fix your computer.

[Adam1460]

Still not working..

[Helpmeh]

Still not working..

but there is a chance that MBAM didn't completely fix your computer.

I just highlighted the DNS Changer and pointed out the fact that it could have caused the redirection...an expert will hopefully come shortly and help you.

[Adam1460]

I just highlighted the DNS Changer and pointed out the fact that it could have caused the redirection...an expert will hopefully come shortly and help you.

Thanks for your help!

final log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/10/2009 at 09:45 PM

Application Version : 4.26.1002

Core Rules Database Version : 3868
Trace Rules Database Version: 1816

Scan type       : Complete Scan
Total Scan Time : 01:32:56

Memory items scanned      : 382
Memory threats detected   : 0
Registry items scanned    : 3332
Registry threats detected : 0
File items scanned        : 32533
File threats detected     : 1

Trojan.Unknown Origin
   C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\1565220.DLL.VIR


after that, I still got redirected to google.

[Helpmeh]

Thanks for your help!

final log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/10/2009 at 09:45 PM

Application Version : 4.26.1002

Core Rules Database Version : 3868
Trace Rules Database Version: 1816

Scan type       : Complete Scan
Total Scan Time : 01:32:56

Memory items scanned      : 382
Memory threats detected   : 0
Registry items scanned    : 3332
Registry threats detected : 0
File items scanned        : 32533
File threats detected     : 1

Trojan.Unknown Origin
   C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\1565220.DLL.VIR


after that, I still got redirected to google.

Malware isn't as easy as deleting a few files...as evilfantasy knows.

[Adam1460]

Malware isn't as easy as deleting a few files...as evilfantasy knows.

>.>

[Adam1460]

I'm not getting any help?

[Helpmeh]

I'm not getting any help?

Please be patient. Evilfantasy is just one person, and as you can see, MANY people need his help.