[ Done ] Can't navigate to Windows Update - MSN.com instead

  • 21 Replies
  • 7804 Views
*

Offline bte52

  • Bronze Member
  • 13
[ Done ] Can't navigate to Windows Update - MSN.com instead
« on: November 18, 2008, 01:37:06 PM »
Recently noticed that I can't navigate Microsoft Windows Update. Any attempt to do so is directed to msn.com. I have run malwarebytes, spybot search and destroy several times normally and in safe mode. No luck. Here is my HiJack This log and thank you very much:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:13 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Verizon\CallAssistant\VZVidgetEngine.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Verizon\CallAssistant\VZVidgetEngineMonitor.exe
C:\Program Files\Verizon\CallAssistant\VZCallAssistant.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ed\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VZVidgets] C:\Program Files\Verizon\CallAssistant\VZVidgetEngine.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - https://prod3.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://www.carad.com/images/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152221148109
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} (LinksysViewer Control) - http://kittycam5976.mylinksyscam.com:1024/img/LinksysViewer.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://pilot.vehicledata.com/WebForms/Reports/InventoryReports/arview2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftware/Install/LCX-26CHD/isetup.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.gmacinspections.com/VIW/aspx/directinspect/ImageUploader3.cab
O16 - DPF: {C20E8541-3280-40DC-BC3E-D988F63CD907} (LinksysAlertCfg Control) - http://kittycam5976.mylinksyscam.com:1024/adm/LinksysAlertCfg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vinsolutions.webex.com/client/T25L/sales/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11726 bytes
« Last Edit: November 24, 2008, 10:55:22 AM by bamajim »

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: Can't navigate to Windows Update - MSN.com instead
« Reply #1 on: November 19, 2008, 02:37:42 PM »
bte52

1. Go HERE and download File Lister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • As the program runs, it will appear that nothing is happening.
  • When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.

2. Do you use a router?

2008-2010
Rights cannot exist without morals

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #2 on: November 19, 2008, 04:43:05 PM »
Hello bamajim....thanks for your kind reply. I am off today and not the office. I will do as instructed tomorrow and post the results. The affected desktop PC is running windows XP Pro and is on a network at a automobile dealership. I am able to independently install software on my PC, however it shares a Comcast Cable Internet connection and our DMS (Dealership Management System) through a router.

Ed

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #3 on: November 20, 2008, 07:35:49 AM »
File Lister Results

File Lister
+
+ Version 1.0.4
+
+  By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>>  11/20/2008 8:33:05 AM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"VZVidgets"="C:\\Program Files\\Verizon\\CallAssistant\\VZVidgetEngine.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VZVidgets]


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

10/23/2008 8:14:01 AM    0    C:\Oregon Scientific
11/20/2008 8:33:05 AM    237    32    C:\Files.txt
11/18/2008 10:36:52 AM    1063407616    38    C:\hiberfil.sys
10/24/2008 4:49:14 PM    959623    C:\WINDOWS\$NtUninstallKB958644$
10/24/2008 4:49:14 PM    622215    C:\WINDOWS\$NtUninstallKB958644$\spuninst
10/24/2008 4:49:05 PM    10062    32    C:\WINDOWS\KB958644.log
11/18/2008 8:54:59 AM    309874    32    C:\WINDOWS\ntbtlog.txt
10/23/2008 7:18:17 AM    212480    32    C:\WINDOWS\pcdlib32.dll
10/23/2008 7:19:33 AM    651    32    C:\WINDOWS\photoimpression.ini
11/18/2008 9:25:53 AM    1409    32    C:\WINDOWS\QTFont.for
11/18/2008 9:25:53 AM    54156    34    C:\WINDOWS\QTFont.qfn

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======


====== Folders under "\Program Files" Last 30 Days======

10/23/2008 7:18:17 AM    1658    C:\Program Files\ArcSoft
10/23/2008 7:18:17 AM    1658    C:\Program Files\ArcSoft\PhotoImpression
10/23/2008 7:18:34 AM    101    C:\Program Files\ArcSoft\PhotoImpression\albums
10/23/2008 8:13:35 AM    1557    C:\Program Files\ArcSoft\PhotoImpression\config
11/6/2008 2:03:11 PM    6714102    C:\Program Files\Citrix
11/6/2008 2:03:11 PM    6714102    C:\Program Files\Citrix\GoToMeeting
11/6/2008 2:03:11 PM    6714102    C:\Program Files\Citrix\GoToMeeting\320
11/18/2008 8:57:01 AM    4047438    C:\Program Files\Malwarebytes' Anti-Malware
11/18/2008 8:57:02 AM    336247    C:\Program Files\Malwarebytes' Anti-Malware\Languages
11/18/2008 11:01:46 AM    53718562    C:\Program Files\Spybot - Search & Destroy
11/18/2008 11:01:49 AM    55992    C:\Program Files\Spybot - Search & Destroy\Dummies
11/18/2008 11:01:51 AM    483876    C:\Program Files\Spybot - Search & Destroy\Help
11/18/2008 11:01:49 AM    14260321    C:\Program Files\Spybot - Search & Destroy\Includes
11/18/2008 11:01:51 AM    86853    C:\Program Files\Spybot - Search & Destroy\Languages
11/18/2008 11:01:49 AM    2424432    C:\Program Files\Spybot - Search & Destroy\Plugins
11/18/2008 11:01:51 AM    536    C:\Program Files\Spybot - Search & Destroy\Skins
11/18/2008 11:01:51 AM    7017547    C:\Program Files\Spybot - Search & Destroy\Updates

====== Files under "\System32\Drivers" Last 30 Days======

11/18/2008 8:57:05 AM    15504    32    C:\WINDOWS\system32\drivers\mbam.sys
11/18/2008 8:57:02 AM    38496    32    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10/23/2008 7:17:22 AM    16128    32    C:\WINDOWS\system32\drivers\smalbase.sys
10/23/2008 7:17:22 AM    9216    32    C:\WINDOWS\system32\drivers\smalidt.sys

====== Files under "\User\Local Settings\Temp" Last 30 Days======

11/20/2008 8:13:24 AM    0    32    C:\Documents and Settings\Ed\Local Settings\Temp\JETE484.tmp
11/18/2008 11:39:54 AM    346    32    C:\Documents and Settings\Ed\Local Settings\Temp\jusched.log
11/20/2008 8:04:28 AM    58760    32    C:\Documents and Settings\Ed\Local Settings\Temp\symlcsv1.exe
11/18/2008 11:35:03 AM    32768    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF30CD.tmp
11/18/2008 11:35:04 AM    32768    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF4244.tmp
11/20/2008 7:59:40 AM    49152    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF4465.tmp
11/20/2008 7:59:40 AM    512    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF44C7.tmp
11/18/2008 11:34:59 AM    16384    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF4AEC.tmp
11/20/2008 7:59:26 AM    32768    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF4B13.tmp
11/20/2008 7:59:26 AM    16384    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF4CDB.tmp
11/20/2008 8:07:04 AM    16384    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF5A79.tmp
11/20/2008 8:07:04 AM    512    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF5AA3.tmp
11/20/2008 7:59:43 AM    49152    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF6B34.tmp
11/20/2008 7:59:43 AM    512    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DF6C05.tmp
11/20/2008 7:59:23 AM    32768    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DFBF0A.tmp
11/20/2008 8:17:16 AM    512    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DFC356.tmp
11/20/2008 8:06:57 AM    512    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DFDD50.tmp
11/18/2008 10:37:39 AM    16384    32    C:\Documents and Settings\Ed\Local Settings\Temp\~DFE5DA.tmp

====== Files and Folders under "All Users\Application Data" Last 30 Days======

11/18/2008 8:57:01 AM    1273852    C:\Documents and Settings\All Users\Application Data\Malwarebytes
11/18/2008 8:57:01 AM    1273852    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
NCO 2.0 IE BHO

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Symantec Intrusion Prevention

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
GoogleAFE

====== Services ( Services that are Whitelisted are not shown) ======

 Apple Mobile Device (Apple Mobile Device) "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"  - Auto

 Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"  - Auto

 Symantec Lic NetConnect service (CLTNetCnService) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  - Auto

 COM Host (comHost) "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"  - Manual

 DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe"  - Manual

 Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"  - Manual

 LiveUpdate Notice (LiveUpdate Notice) "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  - Auto

 Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe  - Manual

 Symantec RemoteAssist (Symantec RemoteAssist) "C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe"  - Manual


====== Running Processes ======

System Idle Process   
  •    

System   [4]   
smss.exe   [884]   \SystemRoot\System32\smss.exe
csrss.exe   [932]   
winlogon.exe   [956]   winlogon.exe
services.exe   [1004]   C:\WINDOWS\system32\services.exe
lsass.exe   [1016]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [1232]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1356]   
svchost.exe   [1480]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [1564]   
svchost.exe   [1724]   
CCSVCHST.EXE   [1788]   "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
spoolsv.exe   [152]   C:\WINDOWS\system32\spoolsv.exe
AppleMobileDeviceService.exe   [664]   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
AluSchedulerSvc.exe   [676]   "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
MDM.EXE   [760]   "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
svchost.exe   [840]   C:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe   [860]   
alg.exe   [748]   
explorer.exe   [2300]   C:\WINDOWS\Explorer.EXE
hkcmd.exe   [2772]   "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe   [2828]   "C:\WINDOWS\system32\igfxpers.exe"
jusched.exe   [2836]   "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
stsystra.exe   [2892]   "C:\WINDOWS\stsystra.exe"
DVDLauncher.exe   [2920]   "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
tfswctrl.exe   [2996]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
issch.exe   [3244]   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DMXLauncher.exe   [3256]   "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
GoogleDesktop.exe   [3356]   "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MediaDetect.exe   [3380]   "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
CCSVCHST.EXE   [3440]   /a /h ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QTTask.exe   [3504]   "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper.exe   [3512]   "C:\Program Files\iTunes\iTunesHelper.exe"
MMDiag.exe   [3544]   MMDiag.exe
netwaiting.exe   [3648]   "C:\Program Files\NetWaiting\netWaiting.exe"
ctfmon.exe   [3656]   "C:\WINDOWS\system32\ctfmon.exe"
msnmsgr.exe   [3664]   "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
VZVidgetEngine.exe   [3680]   "C:\Program Files\Verizon\CallAssistant\VZVidgetEngine.exe"
mim.exe   [3764]   "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe" -Embedding
DLG.exe   [3800]   "C:\Program Files\Digital Line Detect\DLG.exe"
soffice.exe   [184]   "C:\Program Files\OpenOffice.org 2.4\program\soffice.exe" -quickstart
soffice.bin   [192]   "C:\Program Files\OpenOffice.org 2.4\program\soffice.exe" -quickstart
VZVidgetEngineMonitor.exe   [536]   "C:\Program Files\Verizon\CallAssistant\VZVidgetEngineMonitor.exe" -Embedding
VZCallAssistant.exe   [600]   "C:\Program Files\Verizon\CallAssistant\VZCallAssistant.exe" -Embedding
GoogleDesktop.exe   [2648]   "GoogleDesktop.exe" /crawl /recent /ie /shell
iPodService.exe   [3392]   "C:\Program Files\iPod\bin\iPodService.exe"
usnsvc.exe   [2084]   "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
symlcsvc.exe   [2256]   C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
OUTLOOK.EXE   [580]   "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"  /recycle
WINWORD.EXE   [2320]   "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
iTunes.exe   [3576]   "C:\Program Files\iTunes\iTunes.exe"
AppleMobileDeviceHelper.exe   [3784]   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\29969169-1853576820293143576 --parentPipe
distnoted.exe   [1116]   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe"
iexplore.exe   [6068]   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
WLLoginProxy.exe   [4168]   "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe" -Embedding
iexplore.exe   [2704]   "C:\Program Files\Internet Explorer\iexplore.exe"
wscript.exe   [4360]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Ed\Desktop\FileLister\FileLister.vbe"
wmiprvse.exe   [2720]   
wmiprvse.exe   [5036]   

====== Uninstall List From Registry ======

WebEx
Adobe Flash Player ActiveX
Centra Client
Conexant HDA D110 MDC V.92 Modem
Core FTP LE 1.3c
Dell Digital Jukebox Driver
Dell Game Console
Dell Laser Printer 1100 Software Uninstall
ERALink32 4.2.3
Google Desktop
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
High Definition Audio Driver Package - KB835221
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft National Language Support Downlevel APIs
Intel(R) PRO Network Connections Drivers
LiveUpdate (Symantec Corporation)
RealPlayer
Learn2 Player (Uninstall Only)
Norton Internet Security (Symantec Corporation)
NCH Toolbox Uninstall
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
User Agent String Utility
Apple Software Update
Macromedia Flash Player
Sonic RecordNow Data
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Sonic DLA
QuickBooks Simple Start Special Edition
Lowrance GPS Data Manger V.6
QuickTime
Corel Paint Shop Pro X
Google Earth
Symantec Technical Support Web Controls
Google Toolbar for Internet Explorer
OpenOffice.org 2.4
Garmin WebUpdater
Component Framework
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Windows Media Player 10
Reynolds ERALink
WebFldrs XP
NetZeroInstallers
MSXML 4.0 SP2 (KB927978)
Google AFE
NetWaiting
Apple Mobile Device Support
SymNet
Windows Live Messenger
Norton Confidential Core
iTunes
Dell Driver Reset Tool
Lowrance LCX-26C HD Demo
Norton Protection Center
AOLIcon
PowerDVD 5.5
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Verizon Call Assistant - Version 2.7.55
Digital Content Portal
Photo Click
Microsoft Plus! Digital Media Edition Installer
Java 2 Runtime Environment, SE v1.4.2_03
EarthLink setup files
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
SPBBC 32bit
Norton AntiVirus
Get High Speed Internet!
DellSupport
Modem Helper
Intel(R) PROSet for Wired Connections
Musicmatch® Jukebox
Microsoft Silverlight
Intel(R) Graphics Media Accelerator Driver
Corel Photo Album 6
Microsoft Office Basic Edition 2003
Garmin WebUpdater
Microsoft Office Live Add-in beta
Symantec Real Time Storage Protection Component
EducateU
Windows Live installer
MSXML 4.0 SP2 (KB925672)
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Spelling Dictionaries Support For Adobe Reader 8
Windows Live Sign-in Assistant
Sonic RecordNow Copy
ccCommon
Spybot - Search & Destroy
MSXML 4.0 SP2 (KB936181)
Norton Internet Security
Microsoft .NET Framework 1.1
Norton AntiVirus Help
Digital Line Detect
LiveUpdate (Symantec Corporation)
Musicmatch for Windows Media Player
AppCore
Safari

======== Other Info ========

TOTAL PHYSICAL RAM: 1063 MB


*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #4 on: November 21, 2008, 08:10:21 AM »
bte52

Nothing showing up there. There is a possility there is something in your hosts file. But cecause you are on a DMS system it's probably a custom one, so I will need to proceed with caution.

Lets do this

Go start run type cmd and hit OK
type
ipconfig /flushdns (that space between g and / is needed)
then hit enter, type exit hit enter

See if that resolves it.

2008-2010
Rights cannot exist without morals

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #5 on: November 21, 2008, 08:38:44 AM »
Sorry bamajim.....no luck with flushdns. I just went to several other PC's in the dealership, including another right here in my office and they can navigate to Windows Update with no problem. Some run XP and some Vista. Granted, each in on a different port.

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #6 on: November 21, 2008, 08:41:26 AM »
bte52

Go HERE and Download System Repair Engineer by smallfrogs
Select local download1 or 2
  • Save it to your Desktop
  • Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
  • Open the sreng folder
  • Double click SREngPS.exe->>Click Run
  • At the main Window, in the left Pane,Select Smart Scan
  • At the next window make sure all of the boxes are checked and Select Scan
  • When the scan is complete Select Save reports
  • Save it to your desktop and Close the tool
  • Double Click SREngLog.txt copy and paste that log as a reply to this thread


Do not run any other options with this tool unless instructed to do so.

2008-2010
Rights cannot exist without morals

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #7 on: November 21, 2008, 08:55:02 AM »
I did as instructed however once all the files are extracted there is NOT a folder named sreng. There are four folders docs, lang, plugins and uploads. Additionally,there are nine .exe files and the closest one to what you said is SREngLdr.EXE

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #8 on: November 21, 2008, 09:03:31 AM »
OOOOPS....my error I downloaded the wrong file.

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #9 on: November 21, 2008, 09:41:25 AM »
Just an FYI bamajim the file found there is SREngLdr.EXE (not what you indicated).

The copy and paste of the log exceeds the 50000 character limit. The middle of the log has several hundred entries like this 127.0.0.1 and then a URL (many are adult orientated).

 HOSTS File
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com

Do you wish me to break up the log and send separately or email direct? Thanks again for all of your work.

Ed

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #10 on: November 21, 2008, 09:51:20 AM »
Just an FYI bamajim the file found there is SREngLdr.EXE (not what you indicated).

The copy and paste of the log exceeds the 50000 character limit. The middle of the log has several hundred entries like this 127.0.0.1 and then a URL (many are adult orientated).

 HOSTS File
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com

Do you wish me to break up the log and send separately or email direct? Thanks again for all of your work.

Ed
In your next reply attach the file
When you select Reply, at the bottom of the window you will see and additional options bar. Click on that and attach the file

2008-2010
Rights cannot exist without morals

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #11 on: November 21, 2008, 10:42:20 AM »
Here you go....attached

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #12 on: November 24, 2008, 07:08:06 AM »
Good Morning bamajim,

Don't want to get in your way but I found this I think it may be relevant to my problem. Once I've run malawarebytes several times the ONLY it finds now are 6 trojan.DNS changer items. It tells me that they're removed but when I run again they're back. Anyway, thanks for your help, here's the link:

http://forums.techguy.org/malware-removal-hijackthis-logs/770554-trojan-dns-changer-won-t.html

I've not touched anything and awaiting your next command.

Ed

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #13 on: November 24, 2008, 07:50:26 AM »
bte52

Please post the latest MBAM log please

2008-2010
Rights cannot exist without morals

*

Offline bte52

  • Bronze Member
  • 13
Re: [ In Progress ] Can't navigate to Windows Update - MSN.com instead
« Reply #14 on: November 24, 2008, 08:12:07 AM »
Malwarebytes' Anti-Malware 1.30
Database version: 1406
Windows 5.1.2600 Service Pack 3

11/24/2008 8:29:11 AM
mbam-log-2008-11-24 (08-29-11).txt

Scan type: Quick Scan
Objects scanned: 55379
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7c22555c-8d5b-443f-b954-970a36260fdf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7c22555c-8d5b-443f-b954-970a36260fdf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7c22555c-8d5b-443f-b954-970a36260fdf}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.224 85.255.112.64 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)