Can't Access Microsoft Update Site - ReDirect

[cuervo1.8k]

The computer I am looking at cannot access the Microsoft update site. It redirects to IP 72.14.205.100. I ran DDR yet I cannot find the malware redirecting me. Here is the DDS info:

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/30/2005 1:09:18 PM
System Uptime: 9/18/2010 2:06:35 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0WC297
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 127.309 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1613: 6/21/2010 4:48:28 AM - System Checkpoint
RP1614: 6/22/2010 5:48:29 AM - System Checkpoint
RP1615: 6/23/2010 5:54:21 AM - System Checkpoint
RP1616: 6/24/2010 6:10:01 AM - System Checkpoint
RP1617: 6/25/2010 12:54:39 PM - System Checkpoint
RP1618: 6/26/2010 1:26:23 PM - System Checkpoint
RP1619: 6/27/2010 2:25:04 PM - System Checkpoint
RP1620: 6/28/2010 3:39:15 PM - System Checkpoint
RP1621: 6/29/2010 4:27:27 PM - System Checkpoint
RP1622: 6/30/2010 4:38:22 PM - System Checkpoint
RP1623: 7/1/2010 5:26:35 PM - System Checkpoint
RP1624: 7/2/2010 6:27:35 PM - System Checkpoint
RP1625: 7/3/2010 7:26:34 PM - System Checkpoint
RP1626: 7/4/2010 8:26:34 PM - System Checkpoint
RP1627: 7/5/2010 9:26:35 PM - System Checkpoint
RP1628: 7/7/2010 12:15:51 PM - System Checkpoint
RP1629: 7/7/2010 3:07:27 PM - Software Distribution Service 3.0
RP1630: 7/8/2010 4:03:52 PM - System Checkpoint
RP1631: 7/10/2010 8:21:13 AM - System Checkpoint
RP1632: 7/11/2010 9:02:51 AM - System Checkpoint
RP1633: 7/12/2010 9:05:29 AM - System Checkpoint
RP1634: 7/13/2010 10:16:17 AM - System Checkpoint
RP1635: 7/14/2010 10:22:30 AM - System Checkpoint
RP1636: 7/15/2010 11:09:05 AM - System Checkpoint
RP1637: 7/16/2010 11:43:09 AM - System Checkpoint
RP1638: 7/17/2010 12:22:09 PM - System Checkpoint
RP1639: 7/18/2010 1:22:09 PM - System Checkpoint
RP1640: 7/19/2010 5:27:45 PM - System Checkpoint
RP1641: 7/20/2010 6:22:10 PM - System Checkpoint
RP1642: 7/21/2010 6:55:25 PM - System Checkpoint
RP1643: 7/22/2010 7:55:25 PM - System Checkpoint
RP1644: 7/23/2010 8:07:55 PM - System Checkpoint
RP1645: 7/24/2010 8:55:24 PM - System Checkpoint
RP1646: 7/25/2010 9:55:24 PM - System Checkpoint
RP1647: 7/26/2010 10:55:24 PM - System Checkpoint
RP1648: 7/27/2010 11:55:26 PM - System Checkpoint
RP1649: 7/29/2010 12:55:42 AM - System Checkpoint
RP1650: 7/30/2010 1:55:42 AM - System Checkpoint
RP1651: 7/31/2010 2:55:41 AM - System Checkpoint
RP1652: 8/1/2010 3:55:41 AM - System Checkpoint
RP1653: 8/2/2010 4:55:41 AM - System Checkpoint
RP1654: 8/3/2010 5:55:42 AM - System Checkpoint
RP1655: 8/4/2010 6:55:42 AM - System Checkpoint
RP1656: 8/5/2010 10:04:04 AM - System Checkpoint
RP1657: 8/6/2010 10:38:28 AM - System Checkpoint
RP1658: 8/7/2010 11:37:24 AM - System Checkpoint
RP1659: 8/8/2010 12:37:23 PM - System Checkpoint
RP1660: 8/9/2010 1:16:50 PM - System Checkpoint
RP1661: 8/10/2010 1:37:24 PM - System Checkpoint
RP1662: 8/11/2010 2:50:54 PM - System Checkpoint
RP1663: 8/12/2010 3:01:03 PM - System Checkpoint
RP1664: 8/13/2010 4:25:37 PM - System Checkpoint
RP1665: 8/14/2010 4:37:26 PM - System Checkpoint
RP1666: 8/15/2010 5:41:32 PM - System Checkpoint
RP1667: 8/16/2010 5:43:35 PM - System Checkpoint
RP1668: 8/17/2010 6:38:32 PM - System Checkpoint
RP1669: 8/18/2010 2:00:24 PM - Installed SHARP MX/DX Series Printer Driver
RP1670: 8/18/2010 2:01:47 PM - Installed SHARP MX/DX Series Printer Driver
RP1671: 8/18/2010 2:04:26 PM - Printer Driver SHARP MX-3100N PCL6 Installed
RP1672: 8/18/2010 2:09:19 PM - Installed SHARP MX Series Printer Driver
RP1673: 8/18/2010 2:11:27 PM - Printer Driver SHARP MX-M363N PCL5e Installed
RP1674: 8/19/2010 8:03:34 AM - Installed Java(TM) 6 Update 21
RP1675: 8/19/2010 11:06:01 AM - Installed SHARP MX/DX Series PC-Fax Driver
RP1676: 8/19/2010 11:08:03 AM - Printer Driver SHARP MX-3100N FAX Installed
RP1677: 8/20/2010 11:19:18 AM - System Checkpoint
RP1678: 8/21/2010 12:19:18 PM - System Checkpoint
RP1679: 8/22/2010 1:19:18 PM - System Checkpoint
RP1680: 8/23/2010 1:31:48 PM - System Checkpoint
RP1681: 8/24/2010 4:46:53 PM - System Checkpoint
RP1682: 8/25/2010 5:21:29 PM - System Checkpoint
RP1683: 8/26/2010 5:29:06 PM - System Checkpoint
RP1684: 8/27/2010 5:39:10 PM - System Checkpoint
RP1685: 8/28/2010 6:19:43 PM - System Checkpoint
RP1686: 8/29/2010 7:19:44 PM - System Checkpoint
RP1687: 8/30/2010 8:20:49 PM - System Checkpoint
RP1688: 8/31/2010 9:19:44 PM - System Checkpoint
RP1689: 9/1/2010 10:19:52 PM - System Checkpoint
RP1690: 9/2/2010 11:19:52 PM - System Checkpoint
RP1691: 9/4/2010 12:19:55 AM - System Checkpoint
RP1692: 9/5/2010 1:19:55 AM - System Checkpoint
RP1693: 9/6/2010 2:19:54 AM - System Checkpoint
RP1694: 9/7/2010 3:19:54 AM - System Checkpoint
RP1695: 9/8/2010 4:19:54 AM - System Checkpoint
RP1696: 9/9/2010 5:20:03 AM - System Checkpoint
RP1697: 9/10/2010 6:20:03 AM - System Checkpoint
RP1698: 9/11/2010 7:20:03 AM - System Checkpoint
RP1699: 9/12/2010 8:20:04 AM - System Checkpoint
RP1700: 9/13/2010 12:14:12 PM - System Checkpoint
RP1701: 9/14/2010 12:30:31 PM - System Checkpoint
RP1702: 9/15/2010 1:21:10 PM - System Checkpoint
RP1703: 9/16/2010 3:59:14 PM - System Checkpoint
RP1704: 9/17/2010 4:20:13 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe® Photoshop® Album Starter Edition 3.2
Annual Parts Return
Anzio Lite 12.5
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDDRV_Installer
Crash Analysis Tool
Critical Update for Windows Media Player 11 (KB959772)
Dell Software Uninstall
Dell Support Center (Support Software)
getPlus(R)_ocx
Graphical Interface 4.3
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Color LaserJet CP3505
HP LaserJet Fonts
HP Proactive Services
HP Update
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 21
KhalInstallWrapper
KhalSetup
Logitech Communications Manager
Logitech SetPoint
Logitech Updater
Mainstay WinFlow 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Operating System Communication Components
Panda Security for Desktops
Parts Order Entry
PowerDVD 5.1
Retrospect Client 7.6
SalesMate
SCAT Launch Pad
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SHARP MX-B,M283/M363/M453/M503/M623/M753 Series PCL5e Printer Driver
SHARP MX/DX Series PC-Fax Driver
SHARP MX/DX Series PCL/PS Printer Driver
Spelling Dictionaries Support For Adobe Reader 9
StormFront
Suzuki Connect AMDSG Templates
Suzuki Connect Applications Install Package
Suzuki Connect Core Install package
Suzuki Pass-Thru Reprogramming Tool
Suzuki Shared Components
Tech2 Reflash Application V3.0.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VB Runtime
Virtual Print Engine 3
Virtual Print Engine 3 Installation
w481complete
WarrantyClaimEntry
WarrantyWizard Subaru
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/18/2010 12:35:36 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
9/18/2010 12:35:05 PM, error: Service Control Manager [7022] - The Windows Search service hung on starting.
9/18/2010 12:31:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/18/2010 12:31:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/18/2010 12:26:10 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

[cuervo1.8k]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 14:27:41.45 on Sat 09/18/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.969 [GMT -4:00]

AV: Panda Security for Desktops *On-access scanning enabled* (Updated) {208F4477-D1F0-411A-8D21-0367EC0D3D43}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Software\AVTC\PavSrvX86.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Software\AVTC\SrvLoad.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Panda Software\AVTC\PSCtrlC.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mDefault_Page_URL = hxxp://www.dell.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Panda Controller Client] "c:\program files\panda software\avtc\PSCtrlC.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV .exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\panda software\avtc\pavlsp.dll
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\qa
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
Trusted Zone: scat.suz.com\cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.co.jp\scan
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\qa
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {171B10C1-475C-11D4-8E21-005004718DC0} - hxxps://www.scat.suz.com/cab/Prjaos.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {194129C5-CA7D-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/wsndctl.CAB
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://powerkatalyst.jdpa.com/download/CfxIEAx.cab
DPF: {2345F907-F5CF-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/scatdp2a.CAB
DPF: {2D361311-74CA-11D2-B3F4-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatdp2.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {399548B6-253E-11D2-BE13-000000000000} - hxxps://www.scat.suz.com/cab/vpectrl3.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {43241AD9-3A89-4815-9A9C-7D9B549AA13A} - hxxps://www.scat.suz.com/cab/prj481E.CAB
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://67.151.197.153/XTSAC.cab
DPF: {4772479E-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w481.CAB
DPF: {477247AA-D3FB-11D3-9261-00104B6943CA} - hxxps://www.scat.suz.com/CAB/w4831.CAB
DPF: {477247B6-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w4832.CAB
DPF: {477247C2-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w4841.CAB
DPF: {477247DA-D3FB-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/CAB/w485.CAB
DPF: {4EA5AA95-5B42-11DA-A56E-0003FFDCDC17} - hxxps://www.scat.suz.com/cab/sd.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {531CD468-D7BF-11D3-9261-00104B6943CA} - hxxps://www.suzukiconnect.com/cab/Scatdp4.CAB
DPF: {55E14374-97C6-11D1-BF85-0060083BE8BF} - hxxps://www.suzukiconnect.com/CAB/prjTitlebar2.cab
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
DPF: {5DE9821B-6881-40B1-9A78-EEBE4A8B1BD8} - hxxps://www.suzukiconnect.com/COMMON/installer/scm.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264503984042
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264503968699
DPF: {71E098B7-728F-11D2-B3F4-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatdp1.CAB
DPF: {7FE4F4D9-141D-11D6-9FC3-00010262094C} - hxxps://www.suzukiconnect.com/cab/w489.CAB
DPF: {87FA653D-4C13-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/ScatUpdater.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8EBAC640-ECA5-404C-AFD9-18D61BE4AF82} - hxxps://www.scat.suz.com/cab/ctlepc.CAB
DPF: {915DB736-2591-11D3-8E1F-005004718DC0} - hxxps://www.suzukiconnect.com/cab/scatdp3.cab
DPF: {AFFC1B04-97F4-11DA-A56E-0003FFDDDC17} - hxxps://www.suzukiconnect.com/CAB/w486.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CBCF1FEA-4905-11D4-8E21-005004718DC0} - hxxps://www.scat.suz.com/cab/w281ctlE.CAB
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4C4A875-FD4E-11D4-AC39-00010262094C} - hxxps://www.scat.suz.com/cab/Scatdp1a.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://proquest.webex.com/client/T23SP33EP5/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA712BDB-7FE5-11D3-8E1F-005004718DC0} - hxxps://www.scat.suz.com/cab/login.CAB
DPF: {F25620FB-9C81-11D1-BF85-0060083BE8BF} - hxxps://www.scat.suz.com/cab/priStatusBox.CAB
DPF: {F789E003-CC28-11CF-AEF7-444553540000} - hxxps://www.scat.suz.com/cab/vpectrl.cab
DPF: {FDC1DAA5-BC3E-11D2-B3F6-0060083BE8BF} - hxxps://www.scat.suz.com/cab/Scatchk1.CAB
TCP: NameServer = 93.188.164.72,93.188.166.222
TCP: {8C2B14CE-A6AB-4E9C-BCD5-0EC5082DC5D7} = 93.188.164.72,93.188.166.222
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\prof iles\ip6xkn2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ip6xkn2c.default\ext ensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2007-7-28 36744]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sy s [2010-6-12 51208]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2007-1-13 3712]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda software\avtc\PSCtrlS.exe [2007-8-4 383232]
R2 PAVAGENTE;Panda AdminSecure Communications Agent;c:\program files\panda software\panda administrator 3\pav_agent\Pagent.exe [2010-6-12 468224]
R2 PavAtScheduler;Panda AdminSecure Scheduler;c:\program files\panda software\panda administrator 3\scheduler\pavsched.exe [2010-6-12 255232]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-6-24 172168]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2006-6-24 62768]
R2 PavSrv;Panda Antivirus Service;c:\program files\panda software\avtc\pavsrvx86.exe [2010-6-12 183040]
R2 Retrospect Client;Retrospect Client;c:\program files\retrospect\retrospect client\RemotSvc.exe [2008-12-1 61440]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavReport;Panda Antivirus Report Service;c:\program files\panda software\panda administrator 3\pavreport\PavReport.exe [2010-6-12 926976]
S3 PDIBUSB;USB Driver for PC Diagnosis System;c:\windows\system32\drivers\PDIBUSB.sys [2005-10-5 12657]

=============== Created Last 30 ================


==================== Find3M ====================

2010-08-18 12:40:26 98304 ----a-w- c:\windows\system32\SR0DLMON.dll
2010-08-18 12:40:26 77492 ----a-w- c:\windows\system32\SCN2PM.dll
2010-08-18 12:40:26 53248 ----a-w- c:\windows\system32\SCN2PMR.dll
2010-08-18 12:40:26 51855 ----a-w- c:\windows\system32\SCN2PMUI.dll
2010-08-18 12:40:26 45056 ----a-w- c:\windows\system32\SR0DMTNT.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 14:29:39.60 ===============

[Mosaic1]

It looks like your Name Servers have been changed. We can fix those, but if there's more to this if the malware is still present. it will put them right back.



Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista or Windows 7). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.[/QUOTE]

[cuervo1.8k]

Sorry I forgot about this one. After I posted the results, I found the DNS problem and forgot to update the ticket. It was the last thing to be removed as I had found all the other things using OTL and RSIT along with manual searches of the registry. (Just my process of doing things.)