I have same problem

Robert I have the same issue. I ran malwarebytes and got this:

I had already ran the Malwarebytes scan and got this:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 -> Quarantined and deleted successfully.

Those IP addresses are to download.microsoft.com

Here is the nsloop up results:

C:\>nslookup download.microsoft.com
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.165: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 85.255.112.23: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 1.2.3.4: Timed out
*** Default servers are not available
Server: UnKnown
Address: 85.255.112.165

Non-authoritative answer:
Name: download.microsoft.com.san.rr.com
Address: 99.198.101.4

Also I did this:

C:\>ping -n 1 download.microsoft.com
Ping request could not find host download.microsoft.com. Please check the name a
nd try again.

Any ideas?? BTW, the dns is set up to obtain addresses automatically. I believe something is blocking it and whatever it is just started. I think I had some updates last month.

I saved the best for last. When I try to run windows update I am automatically sent to www.msn.com.

John

John

Posted from
NNTP-Posting-Host: 72.29.94.49.static.dimenoc.com

Don
[MS MVP- IE]

<John Ficquette> wrote in message news:200811814334jficquette@gmail.com...
> Robert I have the same issue. I ran malwarebytes and got this:
>
> I had already ran the Malwarebytes scan and got this:
>
> Registry Keys Infected:
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7d5dd
829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and
deleted successfully.
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2b96d
5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted
successfully.
>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b7e
48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and
deleted successfully.
>
> Registry Values Infected:
> (No malicious items detected)
>
> Registry Data Items Infected:
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DhcpNa
meServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23
1.2.3.4 -> Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interf
aces\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\DhcpNameSe
rver (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces
\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\DhcpNameSe
rver (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T cpip\Parameters\Interfaces
\{d930da9a-27b9-4498-8762-5665f3031cad}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 1.2.3.4 ->
Quarantined and deleted successfully.
>
> Those IP addresses are to download.microsoft.com
>
> Here is the nsloop up results:
>
> C:\>nslookup download.microsoft.com
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 85.255.112.165: Timed out
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 85.255.112.23: Timed out
> DNS request timed out.
> timeout was 2 seconds.
> *** Can't find server name for address 1.2.3.4: Timed out
> *** Default servers are not available
> Server: UnKnown
> Address: 85.255.112.165
>
> Non-authoritative answer:
> Name: download.microsoft.com.san.rr.com
> Address: 99.198.101.4
>
> Also I did this:
>
> C:\>ping -n 1 download.microsoft.com
> Ping request could not find host download.microsoft.com. Please check the
name a
> nd try again.
>
> Any ideas?? BTW, the dns is set up to obtain addresses automatically. I
believe something is blocking it and whatever it is just started. I think I
had some updates last month.
>
> I saved the best for last. When I try to run windows update I am
automatically sent to www.msn.com.
>
> John
>
> John

"Don Varnau" <don_04[at]varnau[dot]org> wrote in message news:u7e414ZQJHA.4032@TK2MSFTNGP03.phx.gbl...
> Posted from
> NNTP-Posting-Host: 72.29.94.49.static.dimenoc.com


And this time Google Groups doesn't have a clue.

http://groups.google.com/groups/sear....*&scorin g=d


BTW I recently reinstalled IE8 so this may be a coincidence but
it looks as if search on Message-ID has been dropped from
Google Groups' Advanced Search form.

That will make searching for context for these morons just about
impossible since more often than not they seem to choose to respond to
threads which have been deleted from the Communities web archive
AND they almost always rename the thread. ; ]


Robert
---


>
> Don
> [MS MVP- IE]
>
> <John Ficquette> wrote in message news:200811814334jficquette@gmail.com...
>> Robert I have the same issue. I ran malwarebytes and got this:

....

I found a thread, using the new google groups advanced search, a day or two
ago, by putting the Msg ID in the "this exact wording or phrase:" field. All
attempts to do that today have failed. :-(

Don
[MS MVP- IE]

"Robert Aldwinckle" <robald@techemail.com> wrote in message
news:eEYxoZbQJHA.4492@TK2MSFTNGP06.phx.gbl...
>
> "Don Varnau" <don_04[at]varnau[dot]org> wrote in message
news:u7e414ZQJHA.4032@TK2MSFTNGP03.phx.gbl...
> > Posted from
> > NNTP-Posting-Host: 72.29.94.49.static.dimenoc.com
>
>
> And this time Google Groups doesn't have a clue.
>
>
http://groups.google.com/groups/sear....*&scorin g=d
>
>
> BTW I recently reinstalled IE8 so this may be a coincidence but
> it looks as if search on Message-ID has been dropped from
> Google Groups' Advanced Search form.
>
> That will make searching for context for these morons just about
> impossible since more often than not they seem to choose to respond to
> threads which have been deleted from the Communities web archive
> AND they almost always rename the thread. ; ]
>
>
> Robert
> -
>
> > Don
> > [MS MVP- IE]
> >
> > <John Ficquette> wrote in message
news:200811814334jficquette@gmail.com...
> >> Robert I have the same issue. I ran malwarebytes and got this:

"Don Varnau" <don_04[at]varnau[dot]org> wrote in message news:%23UrQC9hQJHA.1164@TK2MSFTNGP02.phx.gbl...
>I found a thread, using the new google groups advanced search, a day or two
> ago, by putting the Msg ID in the "this exact wording or phrase:" field. All
> attempts to do that today have failed. :-(


That would probably only fiind responses made by OE users
who didn't fiddle with the default response header by either editing it
or by using a tool such as OE-QuoteFix. ; )

Actually I'm sort of surprised that it has taken this long for Google to drop
that feature. For a long time I've been imagining that they might offer it
only to users who were willing to pay for the extra service.


---