Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows update not accessible, redirects to google


  • Please log in to reply
2 replies to this topic

#1 iwanami

iwanami

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 19 January 2009 - 10:06 AM

Hello every one.
I'm having a little problem with a comp at work. I have seen a similar post here, but it didn't help. so here are my logs
Thank you very much


DDS:


DDS (Ver_09-01-18.01) - NTFSx86
Run by waelti at 16:06:00.88 on 19.01.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2038.1287 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\AddOn\Fujitsu\SSUtility\FJSSDMN.exe
C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Waelti\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ch/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\programme\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [LogitechSoftwareUpdate] c:\programme\logitech\video\ManifestEngine.exe boot
uRun: [MsnMsgr] "c:\programme\windows live\messenger\MsnMsgr.Exe" /background
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PSUtility] c:\addon\fujitsu\psutility\TrayManager.exe
mRun: [TvOutSwitch] c:\addon\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [LoadFUJ02E3] c:\programme\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [SSUtility] c:\addon\fujitsu\ssutility\FJSSDMN.exe
mRun: [IndicatorUtility] c:\programme\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFujitsuQuickTouch] c:\addon\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\programme\fujitsu\btnhnd\BtnHnd.exe
mRun: [NeroFilterCheck] c:\programme\gemeinsame dateien\ahead\lib\NeroCheck.exe
mRun: [ccApp] "c:\programme\gemeinsame dateien\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\programme\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TrayServer] c:\programme\magix\video_deluxe_15\TrayServer.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\programme\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\programme\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "c:\programme\adobe\photoshop elements 5.0\apdproxy.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\blueto~1.lnk - c:\programme\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\logite~1.lnk - c:\programme\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: NameServer = 85.255.116.43,85.255.112.145
TCP: {501938CE-3D6C-442D-9D85-46C594CDE7E9} = 85.255.116.43,85.255.112.145
TCP: {FCAF1E5E-6E6B-4F98-BC3B-2DE62B9D7ED3} = 85.255.116.43,85.255.112.145
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: FJWSEL - FJWSWNP.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PSUTY - PSUWNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\waelti\anwend~1\mozilla\firefox\profiles\dkcmebp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch
FF - component: c:\programme\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-5-19 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-19 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-5-19 35456]
R1 SAVRT;SAVRT;c:\programme\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\programme\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\gemeinsame dateien\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-11 99376]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2008-5-19 4864]
R3 NAVENG;NAVENG;c:\progra~1\gemein~1\symant~1\virusd~1\20090118.003\naveng.sys [2009-1-19 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\gemein~1\symant~1\virusd~1\20090118.003\navex15.sys [2009-1-19 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\programme\gemeinsame dateien\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R4 ccSetMgr;Symantec Settings Manager;c:\programme\gemeinsame dateien\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R4 SavRoam;SAVRoam;c:\programme\symantec antivirus\SavRoam.exe [2006-11-14 119904]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\programme\symantec antivirus\Rtvscan.exe [2006-11-14 1835104]
R4 WinDefend;Windows Defender;c:\programme\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\magix\common\database\bin\fbserver.exe [2008-9-21 1527900]
S3 SNL320XP;PHILIPS AJL305;c:\windows\system32\drivers\9kdUSBXP.sys [2008-12-3 17280]
S3 UPnPService;UPnPService;c:\programme\gemeinsame dateien\magix shared\upnpservice\UPnPService.exe [2008-9-21 544768]

=============== Created Last 30 ================

2009-01-19 14:36 401,920 a------- c:\windows\system32\CF7085.exe
2009-01-19 14:36 401,920 a------- c:\windows\system32\cmd.execf
2009-01-19 14:32 <DIR> --d----- c:\programme\trend micro
2009-01-19 09:39 73,216 a------- c:\windows\system32\drivers\gaopdxserv.sys
2009-01-02 00:23 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Trymedia
2008-12-31 23:52 <DIR> --d----- c:\programme\Legacy Interactive
2008-12-29 19:05 <DIR> --dshr-- C:\resycled
2008-12-29 19:05 224 ---shr-- C:\autorun.inf
2008-12-29 09:53 <DIR> --d----- c:\programme\ThreatFire
2008-12-27 20:34 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Azureus
2008-12-27 20:34 <DIR> --d----- c:\dokume~1\waelti\anwend~1\Azureus
2008-12-27 20:33 <DIR> --d----- c:\programme\Vuze
2008-12-27 20:33 <DIR> --d----- c:\programme\gemeinsame dateien\i4j_jres

==================== Find3M ====================

2008-12-11 08:53 395,074 a------- c:\windows\system32\perfh007.dat
2008-12-11 08:53 64,994 a------- c:\windows\system32\perfc007.dat
2008-10-24 12:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 13:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll

============= FINISH: 16:06:30.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 iwanami

iwanami
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 22 January 2009 - 02:55 AM

UP!

I need help fast, it's urgent... thank you

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:37 AM

Posted 30 January 2009 - 08:05 AM

Hello iwanami

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users