1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive cannot access any updates or microsoft sites

Discussion in 'Malware and Virus Removal Archive' started by werder, 2009/02/04.

  1. 2009/02/04
    werder

    werder Inactive Thread Starter

    Joined:
    2009/02/04
    Messages:
    2
    Likes Received:
    0
    [Inactive] cannot access any updates or microsoft sites

    I cannot access any update sites for several products and I am being redirected when I try to access the sites. This happens in both browsers (firefox and IE). I also have the attach log, but I cannot find an attachment button to attach it to my posting. Will send upon request or when I figure out what I'm doing wrong. Any help would be appreciated. Thanks.

    Doug W.







    DDS log:


    DDS (Ver_09-02-01.01) - NTFSx86
    Run by werder at 1:27:25.96 on Wed 02/04/2009
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1050 [GMT -5:00]

    AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Users\werder\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas49cc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Online Services\Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\werder\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 6\SnagItBHO.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 6\SnagItIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [CyberDefender Early Detection Center] "c:\users\werder\appdata\local\cyberdefender internet security\antispyware\cdas49cc.exe" /minimize
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "werder "
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe "
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [eFax 4.3] "c:\program files\efax\J2GDllCmd.exe" /R
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
    mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
    mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe "
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    TCP: NameServer = 208.67.220.220,208.67.222.222
    TCP: {92D7CAC9-165F-4CFE-BFE7-D469D3B965F5} = 208.67.220.220,208.67.222.222
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\werder\appdata\roaming\mozilla\firefox\profiles\92y8qu45.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ss=1&ltmpl=default&ltmplcache=2
    FF - component: c:\program files\online services\firefox\components\iamfamous.dll
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
    FF - plugin: c:\program files\cd and dvd\vlc media player\npvlc.dll
    FF - plugin: c:\program files\online services\firefox\plugins\npbittorrent.dll
    FF - plugin: c:\users\werder\program files\dna\plugins\npbtdna.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R2 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2008-10-16 67424]
    R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
    R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-2-24 2368]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-1-11 598856]
    R3 wrssweep;Webroots Volume Access Driver;c:\program files\webroot\washer\wrSSweep.sys [2009-1-11 21832]
    S3 BroadCamService;BroadCam Service;c:\program files\nch software\broadcam\broadCam.exe [2008-11-17 368644]

    =============== Created Last 30 ================

    2009-02-04 01:19 <DIR> --d----- c:\program files\Trend Micro
    2009-02-04 00:24 203,776 a------- c:\windows\system32\clrviddc.dll
    2009-02-03 22:31 <DIR> --d----- c:\program files\SpywareBlaster
    2009-01-25 23:59 <DIR> --d----- c:\program files\I-WayInfo
    2009-01-25 23:59 249,856 -------- c:\windows\Setup1.exe
    2009-01-25 23:59 73,216 a------- c:\windows\ST6UNST.EXE
    2009-01-25 23:46 255 ---shr-- C:\autorun.inf
    2009-01-25 19:21 <DIR> --dsh--- C:\found.001
    2009-01-23 23:55 <DIR> --d----- c:\program files\PolderbitS
    2009-01-20 22:53 <DIR> --d----- c:\program files\common files\xing shared
    2009-01-14 13:59 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-01-11 22:26 <DIR> --d----- c:\programdata\Webroot
    2009-01-11 22:26 <DIR> --d----- c:\progra~2\Webroot
    2009-01-11 11:53 658,432 a------- c:\windows\system32\cc3270mt.dll

    ==================== Find3M ====================

    2008-12-30 16:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-12-07 00:01 143,360 a------- c:\windows\inf\infstrng.dat
    2008-12-07 00:01 51,200 a------- c:\windows\inf\infpub.dat
    2008-12-07 00:00 86,016 a------- c:\windows\inf\infstor.dat
    2008-12-04 23:49 410,984 a------- c:\windows\system32\deploytk.dll
    2008-10-01 21:44 24,576 a------- c:\users\werder\config router backup.bin
    2008-06-12 04:44 665,600 a------- c:\windows\inf\drvindex.dat
    2008-06-02 18:21 724,984 a------- c:\users\werder\gotomypc_437.exe
    2008-04-13 01:13 174 a--sh--- c:\program files\desktop.ini
    2007-10-17 00:21 1,473,032 a------- c:\users\werder\couponprinter.exe
    2007-10-09 21:19 3,841,896 a------- c:\users\werder\msgrplus.exe
    2007-09-19 22:25 87,608 a------- c:\users\werder\appdata\roaming\inst.exe
    2007-09-19 22:25 47,360 a------- c:\users\werder\appdata\roaming\pcouffin.sys
    2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 1:27:53.55 ===============
     
    werder,
    #1
  2. 2009/02/06
    werder

    werder Inactive Thread Starter

    Joined:
    2009/02/04
    Messages:
    2
    Likes Received:
    0
    Fixed. Read some of the other fixes on here and downloaded combofix which did the trick. Ran it twice and was almost afraid to reboot, but when I did everything was working again. Quickly ran about 3 of my virus updates and now they all work again. Same with the microsoft update page. I must have downloaded some nasty virus; I'm going to have to be real careful sharing any future files. I even scan anything I download and still something must have slipped by me. There are some bad people out there. Thanks for the bbs; I couldn't even get to many sites without being redirected elsewhere.
    doug
     
    werder,
    #2


  3. to hide this advert.

  4. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Doug,

    I recommend you do a followup online scan. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...