Jackx99

I AM HAVING THE SAME PROBLEMS, I AM ALSO UNABLE TO UPDATE ADAWARE OR MY ZONE ALARM FIRE WALL. I'VE RUN ADAWARE, MALWARE BYTES (IT CAN UPDATE), AVAST REGULAR AND IN BOOT MODE (IT CAN UPDATE),AVG FREE (BUT CAN'T UPDATE), AVIRA ANTIVIR (CAN ONLY UPDATE MANUALLY) SUSPECT SAME UNKNOWN ATTACK AS DESCRIBED BY Jackx99 LOTS OF PROBLEMS STARTED WHEN MY SON ACCIDENTALLY DOWN LOADED SOMETHING CALL "SECURE 2009"? FIRST THING WE NOTICED WAS START MENU WAS ERASED AND THEN DISCOVERED MULTIPLE VIRUS AND TROJAN PROBLEMS. WHEN I FOUND YOUR SERVICE I THOUGHT IT MIGHT HELP TO BY PASS THE UPDATE PROBLEM BUT IT HASN'T. HELP PLEASE,THANKS,CHET I've check my system in a boot mode with Pc Cleanup,it have detected same Tcp-ip trojan and other minor menace,I've deleted it and insert a new free DNS address because the cleaning of the system can delete my DNS,now my Pc work like a new.. :thumbup I'm sorry Tarun.....I've forgot it....

I,I'msory for the delay but my work kill me.... So,I've downloaded the Anti Malware toolkit and performed the full scan of my system But.......the final log file of Malwarebytes ask to me 3 Problem....3 Tcp-ip Trojan......I've fix it,but at the restart of my system my browser can't connect!!! I've seen in the properties of my connection that the DNS was clean.......and without it my browser don't work,but if I don't fix the 3 Tcp-ip trojan my browser redirect me to www.msn.com all the time I check Microsoft Windows Update......my question is....how I insert the originally DNS after the fix of the trojan???

It was became a strange thing that I haven't see before.....if I can to connect to Microsoft Windows Update window,IE redirect me to www.msn.com all the time I try......so I've also try to go to this page trough google,but nothing I've downloaded HijackThis v2.0.2 and I'have scan my system,this is the log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2.12.59, on 10/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Intel\ASF Agent\ASFAgent.exe C:\Programmi\AskBarDis\bar\bin\AskService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Programmi\Dell\OpenManage\Client\Iap.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Programmi\Microsoft Windows OneCare Live\winss.exe C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\system32\RunDll32.exe C:\Programmi\Dell AIO Printer A920\dlbkbmgr.exe C:\Programmi\Java\jre6\bin\jusched.exe C:\Programmi\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Programmi\Dell AIO Printer A920\dlbkbmon.exe C:\Programmi\Windows Live\Messenger\usnsvc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\roberta.EXPODOMAIN\Documenti\Immagini\IMMAGINI X BRONZETTI\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLpha.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmi\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLpha.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programmi\LphantBar\tbLpha.dll O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Programmi\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CLI Server] cliserver.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NielsenOnline] C:\Programmi\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\RunOnce: [spybotDeletingA3561] command /c del "C:\WINDOWS\SchedLgU.Txt" O4 - HKLM\..\RunOnce: [spybotDeletingC5777] cmd /c del "C:\WINDOWS\SchedLgU.Txt" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Net Message Sender.lnk = C:\Programmi\Net Message Sender\NetMessageSend.exe O4 - Global Startup: PalStart.lnk = C:\Programmi\Paltalk Messenger\palstart.exe O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmi\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programmi\Paltalk Messenger\Paltalk.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159360573656 O16 - DPF: {878A0D61-48D2-11D3-A75D-00A0245382DE} (WebIdCli Class) - http://www.wmponline.com/WICli.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (IPCAM Object) - http://82.91.126.100/view.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EXPODOMAIN O17 - HKLM\Software\..\Telephony: DomainName = EXPODOMAIN O17 - HKLM\System\CCS\Services\Tcpip\..\{2DCA5175-AE06-4A7A-B4A1-1667ECB04CDA}: NameServer = 69.50.176.198,85.255.112.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7E5A57-0A5A-44A4-9818-D5BA04983816}: NameServer = 192.168.2.10,195.110.96.66 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EXPODOMAIN O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EXPODOMAIN O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EXPODOMAIN O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = EXPODOMAIN O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Programmi\Intel\ASF Agent\ASFAgent.exe O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Programmi\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programmi\Intel\NCS\Sync\NetSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Windows Server IP Verification Service (WSIVS) - Unknown owner - C:\WINDOWS\system32\wsivs.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.citizenwatch.com/COI/English/bl.gif O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ROBERT~1.EXP/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 13826 bytes I'm sorry but this is the first time can I used this program,and I don't know it,are You able to "read" this report? Be patient for my noob questions.. Thanks.

I've Windows One Care firewall installed,I've tryed with it disabled but nothing.... Now I'm begin to check my Pc with some antivirus,anti spyware, ecc I would do like to see if my Pc was infected....... -I've run Spybot S&D....it have detected some minor menace,and I've fix it; -I've run Avira antivir....it have detected 2 menace,I've move to quarantine; Now I re-check with other program....

I've try with all the Win XP update list,and with some different update file....

No,no proxy connection is set.

Hi,I'm a new member.... I've downloaded the WUD 20 minutes ago,I've installed it,I've loaded the Update List,but when I press the "download" button it don't start the Updates and it visualize the message "Enable to connect to remote server" . Please help me,thanks. @@Edited Topic Title@@ I've also downloaded the beta version of WUD 2.40 built 1275....but it visualize to me the same message.