1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Downloads from Microsoft not working

Discussion in 'Malware and Virus Removal Archive' started by c3p0u812, 2010/03/07.

  1. 2010/03/07
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    [Active] Downloads from Microsoft not working

    I'm not sure if this is the appropriate thread and if it isn't my apologies and please point me in the right direction.

    I have absolutely no problem going to any other pages or downloading from anywhere else except microsoft.

    I cannot get to windows updates, nor do the downloads at the download center work.. Nothing from microsoft.com at all works.

    I had sp3 and uninstalled it because other were having problems with windows updates, but that didn't work. Now I'm just left with sp2 and I still cant get my windows updates.

    I've tried adding microsoft as a trusted site. I've tried the genuine advantage tool. There are some files I've registered through cmd.

    I'm stuck! I have xp pro sp2 as of now. I can get to microsoft.com but when following a link to download or trying to open windows update it acts as if i have no connection at all.

    Please help if you can.

    DDS:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by eibbor at 13:02:26.49 on Sun 03/07/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1056 [GMT -5:00]

    AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\eibbor\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BlockAds]
    uRun: [TransparentIcons]
    uRun: [TransTask]
    uRun: [Tweak-XP]
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [CTHelper] CTHELPER.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: NameServer = 93.188.165.106,93.188.161.74
    TCP: {A9932A34-064F-449E-858B-55F8A6841BF0} = 93.188.165.106,93.188.161.74
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: XULRunner: {648C5191-1955-4049-8E53-4054A9CE127C} - c:\documents and settings\eibbor\local settings\application data\{648C5191-1955-4049-8E53-4054A9CE127C}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-15 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-15 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-15 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100224.002\IDSXpx86.sys [2010-2-25 329592]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-15 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-16 102448]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.020\NAVENG.SYS [2010-3-6 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.020\NAVEX15.SYS [2010-3-6 1324720]
    R3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-2-15 899700]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2002-1-1 23456]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\eibbor\my documents\downloads\everesthome220\kerneld.wnt [2005-8-18 7168]

    =============== Created Last 30 ================

    2010-03-06 18:50:48 3375093 ----a-w- c:\windows\{00000002-00000000-00000002-00001102-00000002-100A1102}.BAK
    2010-03-06 18:39:56 0 d-----w- c:\program files\Tweak-XP Pro
    2010-03-06 18:30:41 376 ----a-w- c:\windows\ODBC.INI
    2010-03-06 18:29:41 0 d-----w- c:\program files\Microsoft ActiveSync
    2010-03-06 18:29:03 0 d-----w- c:\windows\ShellNew
    2010-03-06 18:13:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
    2010-03-06 18:13:44 0 d-----w- c:\program files\common files\SureThing Shared
    2010-03-06 18:12:28 0 d-----w- c:\program files\common files\Sonic Shared
    2010-03-06 18:11:43 0 d-----w- c:\program files\Roxio
    2010-03-06 16:48:58 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-02-23 23:25:27 0 d-sh--w- c:\documents and settings\eibbor\IECompatCache
    2010-02-23 03:43:02 0 d-----w- c:\program files\CamGrab-2Plus
    2010-02-21 20:35:04 0 d-----w- c:\windows\pss
    2010-02-21 20:19:04 113 ----a-w- c:\windows\system32\_WKERNEL.SYL
    2010-02-21 20:18:28 56496 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-02-21 20:18:28 544768 ----a-w- c:\windows\system32\wbocx.ocx
    2010-02-21 20:18:28 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-02-21 20:18:27 4608 ----a-w- c:\windows\system32\W95INF32.DLL
    2010-02-21 20:18:27 439 ----a-w- c:\windows\system32\shfolder.inf
    2010-02-21 20:18:27 33968 ----a-w- c:\windows\system32\anim.dll
    2010-02-21 20:18:27 2272 ----a-w- c:\windows\system32\W95INF16.DLL
    2010-02-21 20:18:27 1706800 ----a-w- c:\windows\system32\gdiplus.dll
    2010-02-21 20:18:26 0 d-----w- c:\program files\WinUtilities
    2010-02-21 05:35:18 0 d-----w- c:\program files\Microsoft
    2010-02-21 05:35:09 0 d-----w- c:\program files\MSN Toolbar
    2010-02-21 05:34:05 0 d-----w- c:\program files\MSN Toolbar Installer
    2010-02-21 01:01:51 0 d-----w- c:\program files\File Shredder
    2010-02-16 03:57:54 120 ----a-w- c:\windows\Jlalejoxodokakej.dat
    2010-02-16 03:57:54 0 ----a-w- c:\windows\Gtewezuduqiy.bin
    2010-02-16 03:27:30 178176 ----a-w- c:\windows\system32\unrar.dll
    2010-02-16 03:27:23 38 ----a-w- c:\windows\avisplitter.ini
    2010-02-16 03:26:58 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-02-16 03:26:55 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-02-16 03:26:45 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-16 03:26:45 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-02-16 03:26:42 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-16 03:26:41 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-16 03:26:16 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-02-16 03:26:15 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-16 03:26:04 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-02-16 02:43:57 0 d-----w- c:\docume~1\eibbor\applic~1\FrostWire
    2010-02-16 02:41:19 0 d-----w- c:\program files\FrostWire
    2010-02-16 02:41:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-02-16 02:41:09 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-16 02:40:18 0 d-----w- c:\program files\Ask.com
    2010-02-16 00:02:01 0 d-sh--w- c:\documents and settings\eibbor\PrivacIE
    2010-02-16 00:00:59 0 d-sh--w- c:\documents and settings\eibbor\IETldCache
    2010-02-15 23:56:43 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 23:56:06 0 d-----w- c:\windows\ie8updates
    2010-02-15 23:55:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 23:55:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 23:42:47 991232 -c--a-w- c:\windows\system32\dllcache\ieframe.dll.mui
    2010-02-15 23:42:47 63488 -c--a-w- c:\windows\system32\dllcache\icardie.dll
    2010-02-15 23:42:47 6067200 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-15 23:42:47 52224 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-02-15 23:42:47 459264 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-02-15 23:42:47 380928 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
    2010-02-15 23:42:47 268288 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
    2010-02-15 23:42:47 2452872 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
    2010-02-15 23:42:47 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
    2010-02-15 23:20:54 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-02-15 23:20:54 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-02-15 23:20:54 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
    2010-02-15 23:20:54 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-02-15 23:20:53 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
    2010-02-15 23:20:53 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-02-15 23:20:52 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
    2010-02-15 23:20:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-02-15 23:20:50 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
    2010-02-15 23:20:50 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-02-15 23:14:59 0 d-----w- c:\program files\Veo Stingray
    2010-02-15 23:14:53 306688 ----a-w- c:\windows\IsUninst.exe
    2010-02-15 23:14:50 0 d-----w- C:\SETUP
    2010-02-15 22:35:59 3375093 ----a-w- c:\windows\{00000002-00000000-00000004-00001102-00000002-100A1102}.CDF
    2010-02-15 22:32:20 24672 ----a-w- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000002-100A1102}.rfx
    2010-02-15 22:32:20 24672 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000002-100A1102}.rfx
    2010-02-15 22:32:00 35766 ----a-w- c:\windows\system32\Emu10kx.ini
    2010-02-15 22:32:00 29 ----a-w- c:\windows\system32\ctzapxx.ini
    2010-02-15 22:32:00 0 d-----w- c:\windows\system32\Data
    2010-02-15 22:31:10 20480 ----a-w- c:\windows\INRES.DLL
    2010-02-15 21:51:07 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
    2010-02-15 21:51:07 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
    2010-02-15 08:28:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-02-15 04:02:26 0 d-----w- c:\program files\Windows Media Connect 2
    2010-02-15 03:59:54 0 d-----w- c:\windows\system32\LogFiles
    2010-02-15 03:55:09 128000 ----a-w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-02-15 03:52:52 200064 ----a-w- c:\windows\system32\dllcache\rmcast.sys
    2010-02-15 03:50:58 450048 ----a-w- c:\windows\system32\dllcache\aclayers.dll
    2010-02-15 03:50:18 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-15 03:36:48 0 d-----w- c:\windows\system32\scripting
    2010-02-15 03:36:48 0 d-----w- c:\windows\l2schemas
    2010-02-15 03:36:46 0 d-----w- c:\windows\system32\en
    2010-02-15 03:36:44 0 d-----w- c:\windows\system32\bits
    2010-02-15 03:29:29 0 d-----w- c:\program files\CCleaner
    2010-02-15 03:24:18 0 d-----w- c:\windows\network diagnostic
    2010-02-15 03:19:53 0 d-----w- c:\program files\Yahoo!
    2010-02-15 03:18:46 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-02-15 03:16:59 788992 ----a-w- c:\windows\system32\dllcache\sprb0407.dll
    2010-02-15 03:00:01 336256 ----a-w- c:\windows\system32\dllcache\srv.sys
    2010-02-15 02:27:56 0 d-----w- c:\program files\Symantec
    2010-02-15 02:27:56 0 d-----w- c:\program files\common files\Symantec Shared
    2010-02-15 02:27:11 0 d-----w- c:\program files\Norton Security Suite
    2010-02-15 02:27:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-02-15 02:26:58 0 d-----w- c:\program files\NortonInstaller
    2010-02-15 02:26:58 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-02-15 02:04:30 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-02-15 02:04:00 0 d--h--w- c:\program files\WindowsUpdate
    2010-02-15 02:03:10 0 d-----w- c:\program files\common files\MSSoap
    2010-02-15 02:01:39 0 d-----w- c:\program files\Online Services
    2010-02-15 02:01:33 0 d-----w- c:\program files\Messenger
    2010-02-15 02:01:30 0 d-----w- c:\program files\MSN Gaming Zone
    2010-02-15 02:00:57 0 d-----w- c:\program files\Windows NT
    2010-02-14 16:48:40 0 d-----w- c:\program files\common files\ODBC
    2010-02-14 16:48:37 0 d-----w- c:\program files\common files\SpeechEngines
    2010-02-14 16:48:13 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-02-15 22:09:58 107776 ----a-w- c:\windows\system32\drivers\ac97ich4.sys
    2010-02-15 02:27:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-02-15 02:27:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-02-15 02:27:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-02-15 02:27:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-02-15 02:27:49 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-02-15 02:27:48 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-02-15 02:27:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-02-15 02:02:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2000-04-20 03:00:02 6995 ----a-w- c:\windows\inf\RAMDISK.SYS

    ============= FINISH: 13:03:22.14 ===============

    ATTACH:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/14/2010 9:08:40 PM
    System Uptime: 3/7/2010 12:40:26 PM (1 hours ago)

    Motherboard: | | 845PE-ITE8712
    Processor: Intel(R) Celeron(R) CPU 2.50GHz | Socket 478 | 2500/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 190 GiB total, 179.149 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 149 GiB total, 139.598 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: RAID Controller
    Device ID: PCI\VEN_1103&DEV_0007&SUBSYS_00011103&REV_02\4&1A671D0C&0&30F0
    Manufacturer:
    Name: RAID Controller
    PNP Device ID: PCI\VEN_1103&DEV_0007&SUBSYS_00011103&REV_02\4&1A671D0C&0&30F0
    Service:

    ==== System Restore Points ===================

    RP1: 2/14/2010 9:13:39 PM - System Checkpoint
    RP2: 2/14/2010 9:32:33 PM - Software Distribution Service 3.0
    RP3: 2/14/2010 9:43:17 PM - Software Distribution Service 3.0
    RP4: 2/14/2010 10:07:56 PM - Software Distribution Service 3.0
    RP5: 2/14/2010 10:58:18 PM - Software Distribution Service 3.0
    RP6: 2/14/2010 11:24:46 PM - Installed Windows XP WgaNotify.
    RP7: 2/14/2010 11:32:39 PM - Software Distribution Service 3.0
    RP8: 2/14/2010 11:42:03 PM - Norton 360 Registry Clean
    RP9: 2/15/2010 4:53:21 PM - Software Distribution Service 3.0
    RP10: 2/15/2010 5:21:47 PM - Update to an unsigned driver
    RP11: 2/15/2010 5:39:25 PM - Unsigned driver install
    RP12: 2/15/2010 6:20:48 PM - Update to an unsigned driver
    RP13: 2/15/2010 6:37:00 PM - Software Distribution Service 3.0
    RP14: 2/15/2010 6:50:52 PM - Software Distribution Service 3.0
    RP15: 2/15/2010 7:06:25 PM - Software Distribution Service 3.0
    RP16: 2/16/2010 7:30:19 PM - System Checkpoint
    RP17: 2/17/2010 7:53:44 PM - System Checkpoint
    RP18: 2/18/2010 11:58:41 PM - System Checkpoint
    RP19: 2/20/2010 12:42:27 AM - System Checkpoint
    RP20: 2/21/2010 12:32:14 AM - Installed Java(TM) 6 Update 18
    RP21: 2/21/2010 12:33:37 AM - Installed MSN Toolbar Setup
    RP22: 2/22/2010 1:18:40 AM - System Checkpoint
    RP23: 2/22/2010 10:42:59 PM - Installed CamGrab-2Plus
    RP24: 2/23/2010 10:47:20 PM - System Checkpoint
    RP25: 2/24/2010 11:48:30 PM - System Checkpoint
    RP26: 1/1/2002 3:19:27 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP27: 2/27/2010 8:14:05 PM - System Checkpoint
    RP28: 1/1/2002 3:07:40 AM - Unsigned driver install
    RP29: 2/28/2010 4:14:11 PM - Norton 360 Registry Clean
    RP30: 3/1/2010 4:39:51 PM - System Checkpoint
    RP31: 3/2/2010 4:44:03 PM - System Checkpoint
    RP32: 3/3/2010 5:12:55 PM - System Checkpoint
    RP33: 3/4/2010 6:42:17 PM - System Checkpoint
    RP34: 3/5/2010 7:42:58 PM - System Checkpoint
    RP35: 3/6/2010 10:24:25 AM - Restore Operation
    RP36: 3/6/2010 10:34:47 AM - Restore Operation



    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Ask Toolbar
    CamGrab-2Plus
    CCleaner
    DriverAgent by eSupport.com
    File Shredder 2.0
    FrostWire 4.18.6
    Google Chrome
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976098-v2)
    Java Auto Updater
    Java(TM) 6 Update 18
    K-Lite Codec Pack 5.7.0 (Full)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Search Enhancement Pack
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6)
    MSN Toolbar
    MSN Toolbar Platform
    Norton Security Suite
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Tweak-XP Pro
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinUtilities 9.41 Professinal Edition
    Yahoo! BrowserPlus
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    3/6/2010 12:51:15 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort1.
    3/6/2010 11:48:29 AM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
    3/6/2010 11:46:23 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    3/6/2010 10:34:10 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    3/4/2010 10:45:07 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    3/3/2010 8:58:05 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00502C07CB16 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/3/2010 11:41:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00502C07CB16 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/2/2010 8:09:18 PM, error: Ftdisk [31] - The fault tolerant driver could not read the on disk structures from disk 0.
    3/2/2010 8:09:18 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
    3/2/2010 8:09:18 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort0.

    ==== End Of File ===========================


    I'm stuck! I have xp pro sp2 as of now. I can get to microsoft.com but when following a link to download or trying to open windows update it acts as if i have no connection at all.

    Please help if you can.

    DDS:


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by eibbor at 13:02:26.49 on Sun 03/07/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1056 [GMT -5:00]

    AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\eibbor\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BlockAds]
    uRun: [TransparentIcons]
    uRun: [TransTask]
    uRun: [Tweak-XP]
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [CTHelper] CTHELPER.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: NameServer = 93.188.165.106,93.188.161.74
    TCP: {A9932A34-064F-449E-858B-55F8A6841BF0} = 93.188.165.106,93.188.161.74
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: XULRunner: {648C5191-1955-4049-8E53-4054A9CE127C} - c:\documents and settings\eibbor\local settings\application data\{648C5191-1955-4049-8E53-4054A9CE127C}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-15 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-15 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-15 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100224.002\IDSXpx86.sys [2010-2-25 329592]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-15 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-16 102448]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.020\NAVENG.SYS [2010-3-6 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100306.020\NAVEX15.SYS [2010-3-6 1324720]
    R3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2010-2-15 899700]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2002-1-1 23456]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\eibbor\my documents\downloads\everesthome220\kerneld.wnt [2005-8-18 7168]

    =============== Created Last 30 ================

    2010-03-06 18:50:48 3375093 ----a-w- c:\windows\{00000002-00000000-00000002-00001102-00000002-100A1102}.BAK
    2010-03-06 18:39:56 0 d-----w- c:\program files\Tweak-XP Pro
    2010-03-06 18:30:41 376 ----a-w- c:\windows\ODBC.INI
    2010-03-06 18:29:41 0 d-----w- c:\program files\Microsoft ActiveSync
    2010-03-06 18:29:03 0 d-----w- c:\windows\ShellNew
    2010-03-06 18:13:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
    2010-03-06 18:13:44 0 d-----w- c:\program files\common files\SureThing Shared
    2010-03-06 18:12:28 0 d-----w- c:\program files\common files\Sonic Shared
    2010-03-06 18:11:43 0 d-----w- c:\program files\Roxio
    2010-03-06 16:48:58 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-02-23 23:25:27 0 d-sh--w- c:\documents and settings\eibbor\IECompatCache
    2010-02-23 03:43:02 0 d-----w- c:\program files\CamGrab-2Plus
    2010-02-21 20:35:04 0 d-----w- c:\windows\pss
    2010-02-21 20:19:04 113 ----a-w- c:\windows\system32\_WKERNEL.SYL
    2010-02-21 20:18:28 56496 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-02-21 20:18:28 544768 ----a-w- c:\windows\system32\wbocx.ocx
    2010-02-21 20:18:28 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-02-21 20:18:27 4608 ----a-w- c:\windows\system32\W95INF32.DLL
    2010-02-21 20:18:27 439 ----a-w- c:\windows\system32\shfolder.inf
    2010-02-21 20:18:27 33968 ----a-w- c:\windows\system32\anim.dll
    2010-02-21 20:18:27 2272 ----a-w- c:\windows\system32\W95INF16.DLL
    2010-02-21 20:18:27 1706800 ----a-w- c:\windows\system32\gdiplus.dll
    2010-02-21 20:18:26 0 d-----w- c:\program files\WinUtilities
    2010-02-21 05:35:18 0 d-----w- c:\program files\Microsoft
    2010-02-21 05:35:09 0 d-----w- c:\program files\MSN Toolbar
    2010-02-21 05:34:05 0 d-----w- c:\program files\MSN Toolbar Installer
    2010-02-21 01:01:51 0 d-----w- c:\program files\File Shredder
    2010-02-16 03:57:54 120 ----a-w- c:\windows\Jlalejoxodokakej.dat
    2010-02-16 03:57:54 0 ----a-w- c:\windows\Gtewezuduqiy.bin
    2010-02-16 03:27:30 178176 ----a-w- c:\windows\system32\unrar.dll
    2010-02-16 03:27:23 38 ----a-w- c:\windows\avisplitter.ini
    2010-02-16 03:26:58 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-02-16 03:26:55 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-02-16 03:26:45 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-16 03:26:45 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-02-16 03:26:42 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-16 03:26:41 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-16 03:26:16 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-02-16 03:26:15 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-16 03:26:04 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-02-16 02:43:57 0 d-----w- c:\docume~1\eibbor\applic~1\FrostWire
    2010-02-16 02:41:19 0 d-----w- c:\program files\FrostWire
    2010-02-16 02:41:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-02-16 02:41:09 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-16 02:40:18 0 d-----w- c:\program files\Ask.com
    2010-02-16 00:02:01 0 d-sh--w- c:\documents and settings\eibbor\PrivacIE
    2010-02-16 00:00:59 0 d-sh--w- c:\documents and settings\eibbor\IETldCache
    2010-02-15 23:56:43 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 23:56:06 0 d-----w- c:\windows\ie8updates
    2010-02-15 23:55:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 23:55:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 23:42:47 991232 -c--a-w- c:\windows\system32\dllcache\ieframe.dll.mui
    2010-02-15 23:42:47 63488 -c--a-w- c:\windows\system32\dllcache\icardie.dll
    2010-02-15 23:42:47 6067200 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-15 23:42:47 52224 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-02-15 23:42:47 459264 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-02-15 23:42:47 380928 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
    2010-02-15 23:42:47 268288 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
    2010-02-15 23:42:47 2452872 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
    2010-02-15 23:42:47 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
    2010-02-15 23:20:54 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-02-15 23:20:54 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-02-15 23:20:54 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
    2010-02-15 23:20:54 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-02-15 23:20:53 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
    2010-02-15 23:20:53 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-02-15 23:20:52 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
    2010-02-15 23:20:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-02-15 23:20:50 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
    2010-02-15 23:20:50 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-02-15 23:14:59 0 d-----w- c:\program files\Veo Stingray
    2010-02-15 23:14:53 306688 ----a-w- c:\windows\IsUninst.exe
    2010-02-15 23:14:50 0 d-----w- C:\SETUP
    2010-02-15 22:35:59 3375093 ----a-w- c:\windows\{00000002-00000000-00000004-00001102-00000002-100A1102}.CDF
    2010-02-15 22:32:20 24672 ----a-w- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000002-100A1102}.rfx
    2010-02-15 22:32:20 24672 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000002-100A1102}.rfx
    2010-02-15 22:32:00 35766 ----a-w- c:\windows\system32\Emu10kx.ini
    2010-02-15 22:32:00 29 ----a-w- c:\windows\system32\ctzapxx.ini
    2010-02-15 22:32:00 0 d-----w- c:\windows\system32\Data
    2010-02-15 22:31:10 20480 ----a-w- c:\windows\INRES.DLL
    2010-02-15 21:51:07 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
    2010-02-15 21:51:07 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
    2010-02-15 08:28:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-02-15 04:02:26 0 d-----w- c:\program files\Windows Media Connect 2
    2010-02-15 03:59:54 0 d-----w- c:\windows\system32\LogFiles
    2010-02-15 03:55:09 128000 ----a-w- c:\windows\system32\dllcache\dhtmled.ocx
    2010-02-15 03:52:52 200064 ----a-w- c:\windows\system32\dllcache\rmcast.sys
    2010-02-15 03:50:58 450048 ----a-w- c:\windows\system32\dllcache\aclayers.dll
    2010-02-15 03:50:18 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-15 03:36:48 0 d-----w- c:\windows\system32\scripting
    2010-02-15 03:36:48 0 d-----w- c:\windows\l2schemas
    2010-02-15 03:36:46 0 d-----w- c:\windows\system32\en
    2010-02-15 03:36:44 0 d-----w- c:\windows\system32\bits
    2010-02-15 03:29:29 0 d-----w- c:\program files\CCleaner
    2010-02-15 03:24:18 0 d-----w- c:\windows\network diagnostic
    2010-02-15 03:19:53 0 d-----w- c:\program files\Yahoo!
    2010-02-15 03:18:46 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-02-15 03:16:59 788992 ----a-w- c:\windows\system32\dllcache\sprb0407.dll
    2010-02-15 03:00:01 336256 ----a-w- c:\windows\system32\dllcache\srv.sys
    2010-02-15 02:27:56 0 d-----w- c:\program files\Symantec
    2010-02-15 02:27:56 0 d-----w- c:\program files\common files\Symantec Shared
    2010-02-15 02:27:11 0 d-----w- c:\program files\Norton Security Suite
    2010-02-15 02:27:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-02-15 02:26:58 0 d-----w- c:\program files\NortonInstaller
    2010-02-15 02:26:58 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-02-15 02:04:30 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-02-15 02:04:00 0 d--h--w- c:\program files\WindowsUpdate
    2010-02-15 02:03:10 0 d-----w- c:\program files\common files\MSSoap
    2010-02-15 02:01:39 0 d-----w- c:\program files\Online Services
    2010-02-15 02:01:33 0 d-----w- c:\program files\Messenger
    2010-02-15 02:01:30 0 d-----w- c:\program files\MSN Gaming Zone
    2010-02-15 02:00:57 0 d-----w- c:\program files\Windows NT
    2010-02-14 16:48:40 0 d-----w- c:\program files\common files\ODBC
    2010-02-14 16:48:37 0 d-----w- c:\program files\common files\SpeechEngines
    2010-02-14 16:48:13 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-02-15 22:09:58 107776 ----a-w- c:\windows\system32\drivers\ac97ich4.sys
    2010-02-15 02:27:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-02-15 02:27:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-02-15 02:27:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-02-15 02:27:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-02-15 02:27:49 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-02-15 02:27:48 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-02-15 02:27:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-02-15 02:02:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2000-04-20 03:00:02 6995 ----a-w- c:\windows\inf\RAMDISK.SYS

    ============= FINISH: 13:03:22.14 ===============
     
    Last edited: 2010/03/07
    c3p0u812,
    #1
  2. 2010/03/07
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    Removed other log file as it said I didnt need to post it.
     
    Last edited: 2010/03/07
    c3p0u812,
    #2


  3. to hide this advert.

  4. 2010/03/07
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #3
  5. 2010/03/07
    Dennis L Lifetime Subscription

    Dennis L Inactive Alumni

    Joined:
    2002/06/07
    Messages:
    2,557
    Likes Received:
    2
    Dennis L,
    #4
  6. 2010/03/07
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    I haven't used the p2p. I just wanted sp3 back and since I couldn't get any microsoft updates it seemed like an alternative.

    But it just isn't my windows updates, its any download that comes from microsoft.com

    I appreciate your reply.

    Hope I can get to the bottom of this soon!
     
    c3p0u812,
    #5
  7. 2010/03/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    First, check if you have very same issue in Safe Mode with Networking.
    What browser/version are we talking about here?
     
    broni,
    #6
  8. 2010/03/08
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    I use both ie7 and also google chrome, but no microsoft updates work on those 2 or firefox either.

    I just tried the safe mode with networking and that also didn't work.
     
    c3p0u812,
    #7
  9. 2010/03/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/03/11
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    3/11/2010 8:16:14 AM
    mbam-log-2010-03-11 (08-16-14).txt

    Scan type: Quick Scan
    Objects scanned: 100566
    Time elapsed: 11 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\spool\prtprocs\w32x86\000031b8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spool\prtprocs\w32x86\00005d9b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
    c3p0u812,
    #9
  11. 2010/03/11
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-03-11 09:22:20
    Windows 5.1.2600 Service Pack 2
    Running: bm2vzp3v.exe; Driver: C:\DOCUME~1\eibbor\LOCALS~1\Temp\pflyqfod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 892DED40 ZwAlertResumeThread
    SSDT 892B37D8 ZwAlertThread
    SSDT 89316538 ZwAllocateVirtualMemory
    SSDT 892F6880 ZwAssignProcessToJobObject
    SSDT 89365500 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB8DDC130]
    SSDT 892DBA08 ZwCreateMutant
    SSDT 892F66A0 ZwCreateSymbolicLinkObject
    SSDT 892FD110 ZwCreateThread
    SSDT 892E6C00 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB8DDC3B0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB8DDC910]
    SSDT 89316690 ZwDuplicateObject
    SSDT 892B79F0 ZwFreeVirtualMemory
    SSDT 892DBAF8 ZwImpersonateAnonymousToken
    SSDT 892DEC80 ZwImpersonateThread
    SSDT 898838F0 ZwLoadDriver
    SSDT 892DD068 ZwMapViewOfSection
    SSDT 892B8B88 ZwOpenEvent
    SSDT 892D21A8 ZwOpenProcess
    SSDT 89303318 ZwOpenProcessToken
    SSDT 892E6DC8 ZwOpenSection
    SSDT 892D20D8 ZwOpenThread
    SSDT 892F6790 ZwProtectVirtualMemory
    SSDT 893032E0 ZwResumeThread
    SSDT 892D2F00 ZwSetContextThread
    SSDT 892D2FC0 ZwSetInformationProcess
    SSDT 892E6CA0 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB8DDCB60]
    SSDT 892B8AC8 ZwSuspendProcess
    SSDT 892B38B8 ZwSuspendThread
    SSDT 893283C8 ZwTerminateProcess
    SSDT 892D2E20 ZwTerminateThread
    SSDT 892DAAD8 ZwUnmapViewOfSection
    SSDT 892B7AE0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2010-03-11 13:24:53

    ---- EOF - GMER 1.0.15 ----
     
    c3p0u812,
    #10
  12. 2010/03/11
    c3p0u812

    c3p0u812 Inactive Thread Starter

    Joined:
    2010/03/07
    Messages:
    7
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:31:33 AM, on 3/11/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\eibbor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\eibbor\My Documents\Downloads\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9932A34-064F-449E-858B-55F8A6841BF0}: NameServer = 93.188.165.106,93.188.161.74
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.106,93.188.161.74
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.106,93.188.161.74
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 5279 bytes
     
    c3p0u812,
    #11
  13. 2010/03/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...