Windows Update and security sites do not open. Secutiry downloads do not start.

  • Thread starter Thread starter Dima
  • Start date Start date
Thanks PA Bear for your suggestions!
I renamed the file HOSTS, rebooted. The behavior persisted.
I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I do a
Repair Install by booting from the Windows XP CD?
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:uCP1qZxxIHA.5620@TK2MSFTNGP04.phx.gbl...
> As Frank suggested, open Windows Explorer to
> C:\Windows\System32\drivers\etc
> <=this folder | Right-click on the file HOSTS (not LMHOSTS no extension)
> |
> Rename it to OLDHOSTS | Reboot.
>
> If the behavior persists, you've most likely got a hijackware infection.
> (I suspect you may have already done a Repair Install because of this
> infection If so, only a format & reinstall would have fixed it.)
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis
> log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
> this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Dima wrote:
>> Hello!
>> Google shows correct search results at first, but then in a second the
>> page
>> replaces the search results with ads.
>>
>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>> Ñледующее: news:OlZLp3oxIHA.1980@TK2MSFTNGP02.phx.gbl...
>>> CrystalBall© sez...
>>>
>>> Updates are not installed successfully from Windows Update, from
>>> Microsoft
>>> Update, or by using Automatic Updates after you repair a Windows XP
>>> installation:
>>> http://support.microsoft.com/kb/943144
>>>
>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>> installs. --
>>> ~PA Bear
>>>
>>> Dima wrote:
>>>> Thanks Robear for replying!
>>>> This problem began before I installed WinXP SP3.
>>>> IE7 was installed before WinXP SP3 was installed.
>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file 0081.0000)
>>>> are
>>>> installed.
>>>> There is no third-party firewall.
>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>> installed
>>>> WinXP SP3.
>>>> Regards,
>>>> Dima
>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>> news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>
>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>
>>>>> What anti-virus application or security suite is installed? What
>>>>> anti-spyware applications (other than Defender)? What third-party
>>>>> firewall (if any)? Were any of these applications running when you
>>>>> installed WinXP SP3?
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> AumHa VSOP & Admin http://aumha.net
>>>>> DTS-L http://dts-l.net/
>>>>>
>>>>>
>>>>> Dima wrote:
>>>>>> Thanks Frank Saunders for suggesting!
>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>> https://www.microsoft.com:443, and then clicked OK. I could connect
>>>>>> to
>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>> Sincerely,
>>>>>> Dima
>>>>>>
>>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>>> Ñообщил/Ñообщила в
>>>>>> новоÑÑ‚ÑÑ… Ñледующее:
>>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>>> Hello!
>>>>>>>> Windows Update site, www.lavasoft.com and some other security sites
>>>>>>>> do
>>>>>>>> not
>>>>>>>> open. Windows Update downloads do not start even manually. Google
>>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>>> Windows XP SP3. IE 7. Automatically downloaded updates do not
>>>>>>>> install
>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>> /scannow
>>>>>>>> does
>>>>>>>> not
>>>>>>>> find any discrepancies.
>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>> How to eliminate the problem?
>>>>>>>> Sincerely,
>>>>>>>> Dima
>>>>>>>
>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>
>>>>>>> --
>>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>>> Do not reply with email
>
 
A Repair Install (or upgrade Repair Install) is not going to help. Unless
you're willing to post your HijackThis log in an appropriate forum for
assistance (see my last reply), you'll have to format & reinstall Windows.

Dima wrote:
> Thanks PA Bear for your suggestions!
> I renamed the file HOSTS, rebooted. The behavior persisted.
> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I do
> a
> Repair Install by booting from the Windows XP CD?
> Regards,
> Dima
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:uCP1qZxxIHA.5620@TK2MSFTNGP04.phx.gbl...
>> As Frank suggested, open Windows Explorer to
>> C:\Windows\System32\drivers\etc
>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no extension)
>>>
>> Rename it to OLDHOSTS | Reboot.
>>
>> If the behavior persists, you've most likely got a hijackware infection.
>> (I suspect you may have already done a Repair Install because of this
>> infection If so, only a format & reinstall would have fixed it.)
>>
>> Unexplained computer behavior may be caused by deceptive software
>> http://support.microsoft.com/kb/827315
>>
>> Run a /thorough/ check for hijackware, including posting your hijackthis
>> log
>> to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine2.blogspot.com/
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. **Post your log to
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://castlecops.com/forum67.html,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>> review
>> by an expert in such matters, not here.**
>>
>> If the procedures look too complex - and there is no shame in admitting
>> this
>> isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> Dima wrote:
>>> Hello!
>>> Google shows correct search results at first, but then in a second the
>>> page
>>> replaces the search results with ads.
>>>
>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>> Ñледующее: news:OlZLp3oxIHA.1980@TK2MSFTNGP02.phx.gbl...
>>>> CrystalBall© sez...
>>>>
>>>> Updates are not installed successfully from Windows Update, from
>>>> Microsoft
>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>> installation:
>>>> http://support.microsoft.com/kb/943144
>>>>
>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>> installs. --
>>>> ~PA Bear
>>>>
>>>> Dima wrote:
>>>>> Thanks Robear for replying!
>>>>> This problem began before I installed WinXP SP3.
>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file 0081.0000)
>>>>> are
>>>>> installed.
>>>>> There is no third-party firewall.
>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>> installed
>>>>> WinXP SP3.
>>>>> Regards,
>>>>> Dima
>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>>> news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>
>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>
>>>>>> What anti-virus application or security suite is installed? What
>>>>>> anti-spyware applications (other than Defender)? What third-party
>>>>>> firewall (if any)? Were any of these applications running when you
>>>>>> installed WinXP SP3?
>>>>>> --
>>>>>> ~Robear Dyer (PA Bear)
>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>> DTS-L http://dts-l.net/
>>>>>>
>>>>>>
>>>>>> Dima wrote:
>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could connect
>>>>>>> to
>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>> Sincerely,
>>>>>>> Dima
>>>>>>>
>>>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>>>> Ñообщил/Ñообщила в
>>>>>>> новоÑÑ‚ÑÑ… Ñледующее:
>>>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>>>> Hello!
>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>> sites
>>>>>>>>> do
>>>>>>>>> not
>>>>>>>>> open. Windows Update downloads do not start even manually. Google
>>>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>>>> Windows XP SP3. IE 7. Automatically downloaded updates do not
>>>>>>>>> install
>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>> /scannow
>>>>>>>>> does
>>>>>>>>> not
>>>>>>>>> find any discrepancies.
>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>> How to eliminate the problem?
>>>>>>>>> Sincerely,
>>>>>>>>> Dima
>>>>>>>>
>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>>>> Do not reply with email
 
Hello!
http://forums.subratam.org/index.php?showforum=7 does not reply to the problem
and my Logfile of Trend Micro HijackThis v2.0.2.
http://aumha.net/viewforum.php?f=30 does not send a confirmation message to my
e-mail.
http://forums.spybot.info/forumdisplay.php?f=22 and
http://castlecops.com/forum67.html do not open on my computer.
Please, help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:52, on 07.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINNT\TEMP\AOD0FC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\hkcmd.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINNT\system32\ctfmon.exe
d:\Program Files\CA\CA Internet Security Suite\CA
Anti-Spyware\CAPPActiveProtection.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
d:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINNT\system32\cidaemon.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Documents and Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe
D:\Temp\QIP\qip.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\KopnichevDI\Рабочий Ñтол\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = СÑылки
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend
Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security
Suite\cctray\cctray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MAgent] C:\Documents and Settings\KopnichevDI\Application
Data\Mail.Ru\Agent\MAgent.exe -CU
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} -
C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} -
C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra button: Mail.Ru Ðгент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} -
C:\Documents and Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe
(HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru Ðгент -
{7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and
Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O15 - Trusted Zone: http://support.corp.lukoil.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
http://www.samsung.com/plugin/vmpin...tftlcd/web3d/le26r71bxxeu/page_le26r74bd.html
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) -
http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer
Diagnostics) -
http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192176634437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191398084875
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://my.foto.mail.ru/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
Control) - http://kopn.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload
Tool) -
http://cid-08b54cabdb21c061.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) -
http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://energyintel.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://upload-v5.streamload.com/Upload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msk.lukoil.com
O17 - HKLM\Software\..\Telephony: DomainName = msk.lukoil.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msk.lukoil.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = msk.lukoil.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =
corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
O23 - Service: CaCCProvSP - CA, Inc. - d:\Program Files\CA\CA Internet Security
Suite\ccprovsp.exe
O23 - Service: Журнал Ñобытий (Eventlog) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\system32\services.exe
O23 - Service: HP MFP Digital Sending Software (HPMfpDigitalSendingSoftware) -
Unknown owner - C:\Program Files\Hewlett-Packard\HP MFP Digital Sending
Software\hpbs2e.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Служба COM запиÑи компакт-диÑков IMAPI (ImapiService) -
ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINNT\system32\imapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA,
Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - КорпорациÑ
МайкроÑофт - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. -
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Plug and Play (PlugPlay) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\system32\services.exe
O23 - Service: PPCtlPriv - CA, Inc. - d:\Program Files\CA\CA Internet Security
Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ДиÑпетчер ÑеанÑа Ñправки Ð´Ð»Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð½Ð¾Ð³Ð¾ рабочего Ñтола
(RDSessMgr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINNT\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ÐžÐ¿Ð¾Ð²ÐµÑ‰ÐµÐ½Ð¸Ñ Ð¸ журналы производительноÑти (SysmonLog) - КорпорациÑ
МайкроÑофт - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\system32\tlntsvr.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program
Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ДиÑпетчер Ñлужебных программ (UtilMan) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\System32\UtilMan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Теневое копирование тома (VSS) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
C:\WINNT\System32\vssvc.exe
O23 - Service: Ðдаптер производительноÑти WMI (WmiApSrv) - КорпорациÑ
МайкроÑофт - C:\WINNT\system32\wbem\wmiapsrv.exe
--
End of file - 13282 bytes
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
news:ugXXrc1xIHA.5580@TK2MSFTNGP04.phx.gbl...
>A Repair Install (or upgrade Repair Install) is not going to help. Unless
>you're willing to post your HijackThis log in an appropriate forum for
>assistance (see my last reply), you'll have to format & reinstall Windows.
>
> Dima wrote:
>> Thanks PA Bear for your suggestions!
>> I renamed the file HOSTS, rebooted. The behavior persisted.
>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I do a
>> Repair Install by booting from the Windows XP CD?
>> Regards,
>> Dima
>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>> news:uCP1qZxxIHA.5620@TK2MSFTNGP04.phx.gbl...
>>> As Frank suggested, open Windows Explorer to
>>> C:\Windows\System32\drivers\etc
>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no extension)
>>>>
>>> Rename it to OLDHOSTS | Reboot.
>>>
>>> If the behavior persists, you've most likely got a hijackware infection.
>>> (I suspect you may have already done a Repair Install because of this
>>> infection If so, only a format & reinstall would have fixed it.)
>>>
>>> Unexplained computer behavior may be caused by deceptive software
>>> http://support.microsoft.com/kb/827315
>>>
>>> Run a /thorough/ check for hijackware, including posting your hijackthis
>>> log
>>> to an appropriate forum.
>>>
>>> Checking for/Help with Hijackware
>>> http://aumha.org/a/parasite.htm
>>> http://aumha.org/a/quickfix.htm
>>> http://aumha.net/viewtopic.php?t=5878
>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>> http://mvps.org/winhelp2002/unwanted.htm
>>> http://inetexplorer.mvps.org/data/prevention.htm
>>> http://inetexplorer.mvps.org/tshoot.html
>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> http://defendingyourmachine2.blogspot.com/
>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>
>>> When all else fails, HijackThis v2.0.2
>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
>>> It will help you to both identify and remove any hijackware/spyware with
>>> assistance from an expert. **Post your log to
>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>> http://castlecops.com/forum67.html,
>>> http://forums.subratam.org/index.php?showforum=7,
>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>> review
>>> by an expert in such matters, not here.**
>>>
>>> If the procedures look too complex - and there is no shame in admitting
>>> this
>>> isn't your cup of tea - take the machine to a local, reputable and
>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>> AumHa VSOP & Admin http://aumha.net
>>> DTS-L http://dts-l.net/
>>>
>>>
>>> Dima wrote:
>>>> Hello!
>>>> Google shows correct search results at first, but then in a second the
>>>> page
>>>> replaces the search results with ads.
>>>>
>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>>> Ñледующее: news:OlZLp3oxIHA.1980@TK2MSFTNGP02.phx.gbl...
>>>>> CrystalBall© sez...
>>>>>
>>>>> Updates are not installed successfully from Windows Update, from
>>>>> Microsoft
>>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>>> installation:
>>>>> http://support.microsoft.com/kb/943144
>>>>>
>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>> installs. --
>>>>> ~PA Bear
>>>>>
>>>>> Dima wrote:
>>>>>> Thanks Robear for replying!
>>>>>> This problem began before I installed WinXP SP3.
>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file 0081.0000)
>>>>>> are
>>>>>> installed.
>>>>>> There is no third-party firewall.
>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>> installed
>>>>>> WinXP SP3.
>>>>>> Regards,
>>>>>> Dima
>>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>>>> news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>
>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>
>>>>>>> What anti-virus application or security suite is installed? What
>>>>>>> anti-spyware applications (other than Defender)? What third-party
>>>>>>> firewall (if any)? Were any of these applications running when you
>>>>>>> installed WinXP SP3?
>>>>>>> --
>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>> DTS-L http://dts-l.net/
>>>>>>>
>>>>>>>
>>>>>>> Dima wrote:
>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could connect
>>>>>>>> to
>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>> Sincerely,
>>>>>>>> Dima
>>>>>>>>
>>>>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>>>>> Ñообщил/Ñообщила в
>>>>>>>> новоÑÑ‚ÑÑ… Ñледующее:
>>>>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>> Hello!
>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security sites
>>>>>>>>>> do
>>>>>>>>>> not
>>>>>>>>>> open. Windows Update downloads do not start even manually. Google
>>>>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>>>>> Windows XP SP3. IE 7. Automatically downloaded updates do not
>>>>>>>>>> install
>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>> /scannow
>>>>>>>>>> does
>>>>>>>>>> not
>>>>>>>>>> find any discrepancies.
>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>> How to eliminate the problem?
>>>>>>>>>> Sincerely,
>>>>>>>>>> Dima
>>>>>>>>>
>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>>>>> Do not reply with email
>
 
We do not interpret or work with HijackThis logs in the public newsgroups.

> http://forums.subratam.org/index.php?showforum=7 does not reply to the
> problem

Allow a minimum of three (3) days for a reply to your posts in any forum.

> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
> to
> my e-mail.

Assuming you registered successfully, look for a confirmation email from
aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the
username you registered and I'll look into it.

> http://forums.spybot.info/forumdisplay.php?f=22 and
> http://castlecops.com/forum67.html do not open on my computer.

Possibly due to the infection(s).

Use another machine to post to any of these forums. It is not safe to have
the infected machine connected to the internet.

Again, a format & reinstall WILL resolve the problems.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Dima wrote:
> Hello!
> http://forums.subratam.org/index.php?showforum=7 does not reply to the
> problem and my Logfile of Trend Micro HijackThis v2.0.2.
> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
> to
> my e-mail.
> http://forums.spybot.info/forumdisplay.php?f=22 and
> http://castlecops.com/forum67.html do not open on my computer.
> Please, help!
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 9:12:52, on 07.06.2008
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
> Boot mode: Normal
> <snip>
>
>> A Repair Install (or upgrade Repair Install) is not going to help.
>> Unless
>> you're willing to post your HijackThis log in an appropriate forum for
>> assistance (see my last reply), you'll have to format & reinstall
>> Windows.
>>
>> Dima wrote:
>>> Thanks PA Bear for your suggestions!
>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I
>>> do a Repair Install by booting from the Windows XP CD?
>>> Regards,
>>> Dima
>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>> news:uCP1qZxxIHA.5620@TK2MSFTNGP04.phx.gbl...
>>>> As Frank suggested, open Windows Explorer to
>>>> C:\Windows\System32\drivers\etc
>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no
>>>> extension)
>>>>>
>>>> Rename it to OLDHOSTS | Reboot.
>>>>
>>>> If the behavior persists, you've most likely got a hijackware
>>>> infection.
>>>> (I suspect you may have already done a Repair Install because of this
>>>> infection If so, only a format & reinstall would have fixed it.)
>>>>
>>>> Unexplained computer behavior may be caused by deceptive software
>>>> http://support.microsoft.com/kb/827315
>>>>
>>>> Run a /thorough/ check for hijackware, including posting your
>>>> hijackthis
>>>> log
>>>> to an appropriate forum.
>>>>
>>>> Checking for/Help with Hijackware
>>>> http://aumha.org/a/parasite.htm
>>>> http://aumha.org/a/quickfix.htm
>>>> http://aumha.net/viewtopic.php?t=5878
>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>> http://inetexplorer.mvps.org/tshoot.html
>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>> http://defendingyourmachine2.blogspot.com/
>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>
>>>> When all else fails, HijackThis v2.0.2
>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
>>>> use.
>>>> It will help you to both identify and remove any hijackware/spyware
>>>> with
>>>> assistance from an expert. **Post your log to
>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>> http://castlecops.com/forum67.html,
>>>> http://forums.subratam.org/index.php?showforum=7,
>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>> review
>>>> by an expert in such matters, not here.**
>>>>
>>>> If the procedures look too complex - and there is no shame in admitting
>>>> this
>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>> AumHa VSOP & Admin http://aumha.net
>>>> DTS-L http://dts-l.net/
>>>>
>>>>
>>>> Dima wrote:
>>>>> Hello!
>>>>> Google shows correct search results at first, but then in a second the
>>>>> page
>>>>> replaces the search results with ads.
>>>>>
>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>>>> Ñледующее: news:OlZLp3oxIHA.1980@TK2MSFTNGP02.phx.gbl...
>>>>>> CrystalBall© sez...
>>>>>>
>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>> Microsoft
>>>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>>>> installation:
>>>>>> http://support.microsoft.com/kb/943144
>>>>>>
>>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>>> installs. --
>>>>>> ~PA Bear
>>>>>>
>>>>>> Dima wrote:
>>>>>>> Thanks Robear for replying!
>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file 0081.0000)
>>>>>>> are
>>>>>>> installed.
>>>>>>> There is no third-party firewall.
>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>>> installed
>>>>>>> WinXP SP3.
>>>>>>> Regards,
>>>>>>> Dima
>>>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>>>>> news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>
>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>
>>>>>>>> What anti-virus application or security suite is installed? What
>>>>>>>> anti-spyware applications (other than Defender)? What third-party
>>>>>>>> firewall (if any)? Were any of these applications running when you
>>>>>>>> installed WinXP SP3?
>>>>>>>> --
>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>
>>>>>>>>
>>>>>>>> Dima wrote:
>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could
>>>>>>>>> connect
>>>>>>>>> to
>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>> Sincerely,
>>>>>>>>> Dima
>>>>>>>>>
>>>>>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>>>>>> Ñообщил/Ñообщила в
>>>>>>>>> новоÑÑ‚ÑÑ… Ñледующее:
>>>>>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>>> Hello!
>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>>>> sites do
>>>>>>>>>>> not
>>>>>>>>>>> open. Windows Update downloads do not start even manually.
>>>>>>>>>>> Google
>>>>>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>>>>>> Windows XP SP3. IE 7. Automatically downloaded updates do not
>>>>>>>>>>> install
>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>> /scannow
>>>>>>>>>>> does
>>>>>>>>>>> not
>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>>> How to eliminate the problem?
>>>>>>>>>>> Sincerely,
>>>>>>>>>>> Dima
>>>>>>>>>>
>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>>>>>> Do not reply with email
 
Thanks Robear Dyer for replying!
A confirmation email from aumha@aumha.org is not in my inbox of "spam trap". The
username I registered is kop.
The format & reinstall WILL be the last resort. I do not want to loose rare
programs and settings.
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
news:O2KlKfGyIHA.4912@TK2MSFTNGP03.phx.gbl...
> We do not interpret or work with HijackThis logs in the public newsgroups.
>
>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>> problem
>
> Allow a minimum of three (3) days for a reply to your posts in any forum.
>
>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message to
>> my e-mail.
>
> Assuming you registered successfully, look for a confirmation email from
> aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the username
> you registered and I'll look into it.
>
>> http://forums.spybot.info/forumdisplay.php?f=22 and
>> http://castlecops.com/forum67.html do not open on my computer.
>
> Possibly due to the infection(s).
>
> Use another machine to post to any of these forums. It is not safe to have
> the infected machine connected to the internet.
>
> Again, a format & reinstall WILL resolve the problems.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Dima wrote:
>> Hello!
>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>> problem and my Logfile of Trend Micro HijackThis v2.0.2.
>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message to
>> my e-mail.
>> http://forums.spybot.info/forumdisplay.php?f=22 and
>> http://castlecops.com/forum67.html do not open on my computer.
>> Please, help!
>> Logfile of Trend Micro HijackThis v2.0.2
>> Scan saved at 9:12:52, on 07.06.2008
>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
>> Boot mode: Normal
>> <snip>
>>
>>> A Repair Install (or upgrade Repair Install) is not going to help. Unless
>>> you're willing to post your HijackThis log in an appropriate forum for
>>> assistance (see my last reply), you'll have to format & reinstall Windows.
>>>
>>> Dima wrote:
>>>> Thanks PA Bear for your suggestions!
>>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I
>>>> do a Repair Install by booting from the Windows XP CD?
>>>> Regards,
>>>> Dima
>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>> news:uCP1qZxxIHA.5620@TK2MSFTNGP04.phx.gbl...
>>>>> As Frank suggested, open Windows Explorer to
>>>>> C:\Windows\System32\drivers\etc
>>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no extension)
>>>>>>
>>>>> Rename it to OLDHOSTS | Reboot.
>>>>>
>>>>> If the behavior persists, you've most likely got a hijackware infection.
>>>>> (I suspect you may have already done a Repair Install because of this
>>>>> infection If so, only a format & reinstall would have fixed it.)
>>>>>
>>>>> Unexplained computer behavior may be caused by deceptive software
>>>>> http://support.microsoft.com/kb/827315
>>>>>
>>>>> Run a /thorough/ check for hijackware, including posting your hijackthis
>>>>> log
>>>>> to an appropriate forum.
>>>>>
>>>>> Checking for/Help with Hijackware
>>>>> http://aumha.org/a/parasite.htm
>>>>> http://aumha.org/a/quickfix.htm
>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>> http://defendingyourmachine2.blogspot.com/
>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>
>>>>> When all else fails, HijackThis v2.0.2
>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
>>>>> It will help you to both identify and remove any hijackware/spyware with
>>>>> assistance from an expert. **Post your log to
>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>> http://castlecops.com/forum67.html,
>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>>> review
>>>>> by an expert in such matters, not here.**
>>>>>
>>>>> If the procedures look too complex - and there is no shame in admitting
>>>>> this
>>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> AumHa VSOP & Admin http://aumha.net
>>>>> DTS-L http://dts-l.net/
>>>>>
>>>>>
>>>>> Dima wrote:
>>>>>> Hello!
>>>>>> Google shows correct search results at first, but then in a second the
>>>>>> page
>>>>>> replaces the search results with ads.
>>>>>>
>>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>>>>> Ñледующее: news:OlZLp3oxIHA.1980@TK2MSFTNGP02.phx.gbl...
>>>>>>> CrystalBall© sez...
>>>>>>>
>>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>>> Microsoft
>>>>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>>>>> installation:
>>>>>>> http://support.microsoft.com/kb/943144
>>>>>>>
>>>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>>>> installs. --
>>>>>>> ~PA Bear
>>>>>>>
>>>>>>> Dima wrote:
>>>>>>>> Thanks Robear for replying!
>>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file 0081.0000)
>>>>>>>> are
>>>>>>>> installed.
>>>>>>>> There is no third-party firewall.
>>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>>>> installed
>>>>>>>> WinXP SP3.
>>>>>>>> Regards,
>>>>>>>> Dima
>>>>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>>>>>>>> news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>>
>>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>>
>>>>>>>>> What anti-virus application or security suite is installed? What
>>>>>>>>> anti-spyware applications (other than Defender)? What third-party
>>>>>>>>> firewall (if any)? Were any of these applications running when you
>>>>>>>>> installed WinXP SP3?
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Dima wrote:
>>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could connect
>>>>>>>>>> to
>>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>>> Sincerely,
>>>>>>>>>> Dima
>>>>>>>>>>
>>>>>>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>>>>>>> Ñообщил/Ñообщила в
>>>>>>>>>> новоÑÑ‚ÑÑ… Ñледующее:
>>>>>>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>>>> Hello!
>>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>>>>> sites do
>>>>>>>>>>>> not
>>>>>>>>>>>> open. Windows Update downloads do not start even manually. Google
>>>>>>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>>>>>>> Windows XP SP3. IE 7. Automatically downloaded updates do not
>>>>>>>>>>>> install
>>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>>> /scannow
>>>>>>>>>>>> does
>>>>>>>>>>>> not
>>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>>>> How to eliminate the problem?
>>>>>>>>>>>> Sincerely,
>>>>>>>>>>>> Dima
>>>>>>>>>>>
>>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>>>>>>> Do not reply with email
>
 
Thank you, Dima. I have activated your account at AumHa Forums
(http://aumha.net) manually. You should be able to log-in and post now.

NB: Before you post your HijackThis log, see
http://aumha.net/viewtopic.php?t=4075
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Dima wrote:
> Thanks Robear Dyer for replying!
> A confirmation email from aumha@aumha.org is not in my inbox of "spam
> trap". The username I registered is kop.
> The format & reinstall WILL be the last resort. I do not want to loose
> rare
> programs and settings.
>
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
> Ñледующее: news:O2KlKfGyIHA.4912@TK2MSFTNGP03.phx.gbl...
>> We do not interpret or work with HijackThis logs in the public
>> newsgroups.
>>
>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>> problem
>>
>> Allow a minimum of three (3) days for a reply to your posts in any forum.
>>
>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
>>> to my e-mail.
>>
>> Assuming you registered successfully, look for a confirmation email from
>> aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the
>> username you registered and I'll look into it.
>>
>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>> http://castlecops.com/forum67.html do not open on my computer.
>>
>> Possibly due to the infection(s).
>>
>> Use another machine to post to any of these forums. It is not safe to
>> have
>> the infected machine connected to the internet.
>>
>> Again, a format & reinstall WILL resolve the problems.
>> --
>> Dima wrote:
>>> Hello!
>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>> problem and my Logfile of Trend Micro HijackThis v2.0.2.
>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
>>> to my e-mail.
>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>> http://castlecops.com/forum67.html do not open on my computer.
>>> Please, help!
>>> Logfile of Trend Micro HijackThis v2.0.2
>>> Scan saved at 9:12:52, on 07.06.2008
>>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>>> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
>>> Boot mode: Normal
>>> <snip>
>>>> A Repair Install (or upgrade Repair Install) is not going to help.
>>>> Unless
>>>> you're willing to post your HijackThis log in an appropriate forum for
>>>> assistance (see my last reply), you'll have to format & reinstall
>>>> Windows. Dima wrote:
>>>>> Thanks PA Bear for your suggestions!
>>>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>>>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should
>>>>> I
>>>>> do a Repair Install by booting from the Windows XP CD?
>>>>>
>>>>>> As Frank suggested, open Windows Explorer to
>>>>>> C:\Windows\System32\drivers\etc
>>>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no
>>>>>> extension) Rename it to OLDHOSTS | Reboot.
>>>>>>
>>>>>> If the behavior persists, you've most likely got a hijackware
>>>>>> infection. (I suspect you may have already done a Repair Install
>>>>>> because of this infection If so, only a format & reinstall would
>>>>>> have
>>>>>> fixed it.) Unexplained computer behavior may be caused by deceptive
>>>>>> software
>>>>>> http://support.microsoft.com/kb/827315
>>>>>>
>>>>>> Run a /thorough/ check for hijackware, including posting your
>>>>>> hijackthis log
>>>>>> to an appropriate forum.
>>>>>>
>>>>>> Checking for/Help with Hijackware
>>>>>> http://aumha.org/a/parasite.htm
>>>>>> http://aumha.org/a/quickfix.htm
>>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>> http://defendingyourmachine2.blogspot.com/
>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>
>>>>>> When all else fails, HijackThis v2.0.2
>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
>>>>>> use. It will help you to both identify and remove any
>>>>>> hijackware/spyware with assistance from an expert. **Post your log
>>>>>> to
>>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>>> http://castlecops.com/forum67.html,
>>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>>>> review
>>>>>> by an expert in such matters, not here.**
>>>>>>
>>>>>> If the procedures look too complex - and there is no shame in
>>>>>> admitting
>>>>>> this
>>>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>>> --
>>>>>> Dima wrote:
>>>>>>> Google shows correct search results at first, but then in a second
>>>>>>> the
>>>>>>> page replaces the search results with ads.
>>>>>>>
>>>>>>>> CrystalBall© sez...
>>>>>>>>
>>>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>>>> Microsoft
>>>>>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>>>>>> installation:
>>>>>>>> http://support.microsoft.com/kb/943144
>>>>>>>>
>>>>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>>>>> installs.
>>>>>>>>
>>>>>>>> Dima wrote:
>>>>>>>>> Thanks Robear for replying!
>>>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file
>>>>>>>>> 0081.0000)
>>>>>>>>> are
>>>>>>>>> installed.
>>>>>>>>> There is no third-party firewall.
>>>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>>>>> installed
>>>>>>>>> WinXP SP3.
>>>>>>>>>
>>>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>>>
>>>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>>>
>>>>>>>>>> What anti-virus application or security suite is installed? What
>>>>>>>>>> anti-spyware applications (other than Defender)? What
>>>>>>>>>> third-party
>>>>>>>>>> firewall (if any)? Were any of these applications running when
>>>>>>>>>> you
>>>>>>>>>> installed WinXP SP3?
>>>>>>>>>> --
>>>>>>>>>> Dima wrote:
>>>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could
>>>>>>>>>>> connect to
>>>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>>>>
>>>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>>>>>> sites do
>>>>>>>>>>>>> not
>>>>>>>>>>>>> open. Windows Update downloads do not start even manually.
>>>>>>>>>>>>> Google shows adds in the beginning of search results. Ad-Aware
>>>>>>>>>>>>> 2008 (definition file 0081.0000) does not remove the problem.
>>>>>>>>>>>>> OS is Windows XP SP3. IE 7. Automatically downloaded updates
>>>>>>>>>>>>> do
>>>>>>>>>>>>> not install
>>>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>>>> /scannow
>>>>>>>>>>>>> does
>>>>>>>>>>>>> not
>>>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>>>>> How to eliminate the problem?
 
My colleague Bill Castner agrees with me: Format & reinstall =>
http://aumha.net/viewtopic.php?f=30&t=33760
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

PA Bear [MS MVP] wrote:
> Thank you, Dima. I have activated your account at AumHa Forums
> (http://aumha.net) manually. You should be able to log-in and post now.
>
> NB: Before you post your HijackThis log, see
> http://aumha.net/viewtopic.php?t=4075
>
> Dima wrote:
>> Thanks Robear Dyer for replying!
>> A confirmation email from aumha@aumha.org is not in my inbox of "spam
>> trap". The username I registered is kop.
>> The format & reinstall WILL be the last resort. I do not want to loose
>> rare
>> programs and settings.
>>
>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>> Ñледующее: news:O2KlKfGyIHA.4912@TK2MSFTNGP03.phx.gbl...
>>> We do not interpret or work with HijackThis logs in the public
>>> newsgroups.
>>>
>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>>> problem
>>>
>>> Allow a minimum of three (3) days for a reply to your posts in any
>>> forum.
>>>
>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation
>>>> message
>>>> to my e-mail.
>>>
>>> Assuming you registered successfully, look for a confirmation email from
>>> aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the
>>> username you registered and I'll look into it.
>>>
>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>
>>> Possibly due to the infection(s).
>>>
>>> Use another machine to post to any of these forums. It is not safe to
>>> have
>>> the infected machine connected to the internet.
>>>
>>> Again, a format & reinstall WILL resolve the problems.
>>> --
>>> Dima wrote:
>>>> Hello!
>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>>> problem and my Logfile of Trend Micro HijackThis v2.0.2.
>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation
>>>> message
>>>> to my e-mail.
>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>> Please, help!
>>>> Logfile of Trend Micro HijackThis v2.0.2
>>>> Scan saved at 9:12:52, on 07.06.2008
>>>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>>>> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
>>>> Boot mode: Normal
>>>> <snip>
>>>>> A Repair Install (or upgrade Repair Install) is not going to help.
>>>>> Unless
>>>>> you're willing to post your HijackThis log in an appropriate forum for
>>>>> assistance (see my last reply), you'll have to format & reinstall
>>>>> Windows. Dima wrote:
>>>>>> Thanks PA Bear for your suggestions!
>>>>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>>>>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should
>>>>>> I
>>>>>> do a Repair Install by booting from the Windows XP CD?
>>>>>>
>>>>>>> As Frank suggested, open Windows Explorer to
>>>>>>> C:\Windows\System32\drivers\etc
>>>>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no
>>>>>>> extension) Rename it to OLDHOSTS | Reboot.
>>>>>>>
>>>>>>> If the behavior persists, you've most likely got a hijackware
>>>>>>> infection. (I suspect you may have already done a Repair Install
>>>>>>> because of this infection If so, only a format & reinstall would
>>>>>>> have
>>>>>>> fixed it.) Unexplained computer behavior may be caused by deceptive
>>>>>>> software
>>>>>>> http://support.microsoft.com/kb/827315
>>>>>>>
>>>>>>> Run a /thorough/ check for hijackware, including posting your
>>>>>>> hijackthis log
>>>>>>> to an appropriate forum.
>>>>>>>
>>>>>>> Checking for/Help with Hijackware
>>>>>>> http://aumha.org/a/parasite.htm
>>>>>>> http://aumha.org/a/quickfix.htm
>>>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>> http://defendingyourmachine2.blogspot.com/
>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>
>>>>>>> When all else fails, HijackThis v2.0.2
>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
>>>>>>> use. It will help you to both identify and remove any
>>>>>>> hijackware/spyware with assistance from an expert. **Post your log
>>>>>>> to
>>>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>>>> http://castlecops.com/forum67.html,
>>>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>>>>> review
>>>>>>> by an expert in such matters, not here.**
>>>>>>>
>>>>>>> If the procedures look too complex - and there is no shame in
>>>>>>> admitting
>>>>>>> this
>>>>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>>>> --
>>>>>>> Dima wrote:
>>>>>>>> Google shows correct search results at first, but then in a second
>>>>>>>> the
>>>>>>>> page replaces the search results with ads.
>>>>>>>>
>>>>>>>>> CrystalBall© sez...
>>>>>>>>>
>>>>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>>>>> Microsoft
>>>>>>>>> Update, or by using Automatic Updates after you repair a Windows
>>>>>>>>> XP
>>>>>>>>> installation:
>>>>>>>>> http://support.microsoft.com/kb/943144
>>>>>>>>>
>>>>>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>>>>>> installs.
>>>>>>>>>
>>>>>>>>> Dima wrote:
>>>>>>>>>> Thanks Robear for replying!
>>>>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file
>>>>>>>>>> 0081.0000)
>>>>>>>>>> are
>>>>>>>>>> installed.
>>>>>>>>>> There is no third-party firewall.
>>>>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>>>>>> installed
>>>>>>>>>> WinXP SP3.
>>>>>>>>>>
>>>>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>>>>
>>>>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>>>>
>>>>>>>>>>> What anti-virus application or security suite is installed?
>>>>>>>>>>> What
>>>>>>>>>>> anti-spyware applications (other than Defender)? What
>>>>>>>>>>> third-party
>>>>>>>>>>> firewall (if any)? Were any of these applications running when
>>>>>>>>>>> you
>>>>>>>>>>> installed WinXP SP3?
>>>>>>>>>>> --
>>>>>>>>>>> Dima wrote:
>>>>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could
>>>>>>>>>>>> connect to
>>>>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>>>>>
>>>>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>>>>>>> sites do
>>>>>>>>>>>>>> not
>>>>>>>>>>>>>> open. Windows Update downloads do not start even manually.
>>>>>>>>>>>>>> Google shows adds in the beginning of search results.
>>>>>>>>>>>>>> Ad-Aware
>>>>>>>>>>>>>> 2008 (definition file 0081.0000) does not remove the problem.
>>>>>>>>>>>>>> OS is Windows XP SP3. IE 7. Automatically downloaded updates
>>>>>>>>>>>>>> do
>>>>>>>>>>>>>> not install
>>>>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>>>>> /scannow
>>>>>>>>>>>>>> does
>>>>>>>>>>>>>> not
>>>>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>>>>>> How to eliminate the problem?
 
Thanks for replying!
Why format? Should a fresh OS install help alone?
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
news:%23Nmn97XyIHA.524@TK2MSFTNGP05.phx.gbl...
> My colleague Bill Castner agrees with me: Format & reinstall =>
> http://aumha.net/viewtopic.php?f=30&t=33760
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
> PA Bear [MS MVP] wrote:
>> Thank you, Dima. I have activated your account at AumHa Forums
>> (http://aumha.net) manually. You should be able to log-in and post now.
>>
>> NB: Before you post your HijackThis log, see
>> http://aumha.net/viewtopic.php?t=4075
>>
>> Dima wrote:
>>> Thanks Robear Dyer for replying!
>>> A confirmation email from aumha@aumha.org is not in my inbox of "spam
>>> trap". The username I registered is kop.
>>> The format & reinstall WILL be the last resort. I do not want to loose
>>> rare
>>> programs and settings.
>>>
>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>> Ñледующее: news:O2KlKfGyIHA.4912@TK2MSFTNGP03.phx.gbl...
>>>> We do not interpret or work with HijackThis logs in the public
>>>> newsgroups.
>>>>
>>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>>>> problem
>>>>
>>>> Allow a minimum of three (3) days for a reply to your posts in any forum.
>>>>
>>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
>>>>> to my e-mail.
>>>>
>>>> Assuming you registered successfully, look for a confirmation email from
>>>> aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the
>>>> username you registered and I'll look into it.
>>>>
>>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>>
>>>> Possibly due to the infection(s).
>>>>
>>>> Use another machine to post to any of these forums. It is not safe to
>>>> have
>>>> the infected machine connected to the internet.
>>>>
>>>> Again, a format & reinstall WILL resolve the problems.
>>>> --
>>>> Dima wrote:
>>>>> Hello!
>>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to the
>>>>> problem and my Logfile of Trend Micro HijackThis v2.0.2.
>>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation message
>>>>> to my e-mail.
>>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>>> Please, help!
>>>>> Logfile of Trend Micro HijackThis v2.0.2
>>>>> Scan saved at 9:12:52, on 07.06.2008
>>>>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>>>>> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
>>>>> Boot mode: Normal
>>>>> <snip>
>>>>>> A Repair Install (or upgrade Repair Install) is not going to help.
>>>>>> Unless
>>>>>> you're willing to post your HijackThis log in an appropriate forum for
>>>>>> assistance (see my last reply), you'll have to format & reinstall
>>>>>> Windows. Dima wrote:
>>>>>>> Thanks PA Bear for your suggestions!
>>>>>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>>>>>> I have done an upgrade reinstall of Windows XP SP2 in Windows. Should
>>>>>>> I
>>>>>>> do a Repair Install by booting from the Windows XP CD?
>>>>>>>
>>>>>>>> As Frank suggested, open Windows Explorer to
>>>>>>>> C:\Windows\System32\drivers\etc
>>>>>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no
>>>>>>>> extension) Rename it to OLDHOSTS | Reboot.
>>>>>>>>
>>>>>>>> If the behavior persists, you've most likely got a hijackware
>>>>>>>> infection. (I suspect you may have already done a Repair Install
>>>>>>>> because of this infection If so, only a format & reinstall would
>>>>>>>> have
>>>>>>>> fixed it.) Unexplained computer behavior may be caused by deceptive
>>>>>>>> software
>>>>>>>> http://support.microsoft.com/kb/827315
>>>>>>>>
>>>>>>>> Run a /thorough/ check for hijackware, including posting your
>>>>>>>> hijackthis log
>>>>>>>> to an appropriate forum.
>>>>>>>>
>>>>>>>> Checking for/Help with Hijackware
>>>>>>>> http://aumha.org/a/parasite.htm
>>>>>>>> http://aumha.org/a/quickfix.htm
>>>>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>> http://defendingyourmachine2.blogspot.com/
>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>
>>>>>>>> When all else fails, HijackThis v2.0.2
>>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
>>>>>>>> use. It will help you to both identify and remove any
>>>>>>>> hijackware/spyware with assistance from an expert. **Post your log
>>>>>>>> to
>>>>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>>>>> http://castlecops.com/forum67.html,
>>>>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>>>>>> review
>>>>>>>> by an expert in such matters, not here.**
>>>>>>>>
>>>>>>>> If the procedures look too complex - and there is no shame in
>>>>>>>> admitting
>>>>>>>> this
>>>>>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>>>>> --
>>>>>>>> Dima wrote:
>>>>>>>>> Google shows correct search results at first, but then in a second
>>>>>>>>> the
>>>>>>>>> page replaces the search results with ads.
>>>>>>>>>
>>>>>>>>>> CrystalBall© sez...
>>>>>>>>>>
>>>>>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>>>>>> Microsoft
>>>>>>>>>> Update, or by using Automatic Updates after you repair a Windows XP
>>>>>>>>>> installation:
>>>>>>>>>> http://support.microsoft.com/kb/943144
>>>>>>>>>>
>>>>>>>>>> NB: Also applies to clean installs, upgrade installs, and Recovery
>>>>>>>>>> installs.
>>>>>>>>>>
>>>>>>>>>> Dima wrote:
>>>>>>>>>>> Thanks Robear for replying!
>>>>>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file
>>>>>>>>>>> 0081.0000)
>>>>>>>>>>> are
>>>>>>>>>>> installed.
>>>>>>>>>>> There is no third-party firewall.
>>>>>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when I
>>>>>>>>>>> installed
>>>>>>>>>>> WinXP SP3.
>>>>>>>>>>>
>>>>>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>>>>>
>>>>>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>>>>>
>>>>>>>>>>>> What anti-virus application or security suite is installed? What
>>>>>>>>>>>> anti-spyware applications (other than Defender)? What
>>>>>>>>>>>> third-party
>>>>>>>>>>>> firewall (if any)? Were any of these applications running when
>>>>>>>>>>>> you
>>>>>>>>>>>> installed WinXP SP3?
>>>>>>>>>>>> --
>>>>>>>>>>>> Dima wrote:
>>>>>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could
>>>>>>>>>>>>> connect to
>>>>>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other security
>>>>>>>>>>>>>>> sites do
>>>>>>>>>>>>>>> not
>>>>>>>>>>>>>>> open. Windows Update downloads do not start even manually.
>>>>>>>>>>>>>>> Google shows adds in the beginning of search results. Ad-Aware
>>>>>>>>>>>>>>> 2008 (definition file 0081.0000) does not remove the problem.
>>>>>>>>>>>>>>> OS is Windows XP SP3. IE 7. Automatically downloaded updates
>>>>>>>>>>>>>>> do
>>>>>>>>>>>>>>> not install
>>>>>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>>>>>> /scannow
>>>>>>>>>>>>>>> does
>>>>>>>>>>>>>>> not
>>>>>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>>>>>>>>>> How to eliminate the problem?
>
 
Only formatting & reinstalling Windows will resolve the massive infections
and rootkit(s).

Dima wrote:
> Thanks for replying!
> Why format? Should a fresh OS install help alone?
> Regards,
> Dima
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
> Ñледующее: news:%23Nmn97XyIHA.524@TK2MSFTNGP05.phx.gbl...
>> My colleague Bill Castner agrees with me: Format & reinstall =>
>> http://aumha.net/viewtopic.php?f=30&t=33760
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>> PA Bear [MS MVP] wrote:
>>> Thank you, Dima. I have activated your account at AumHa Forums
>>> (http://aumha.net) manually. You should be able to log-in and post now.
>>>
>>> NB: Before you post your HijackThis log, see
>>> http://aumha.net/viewtopic.php?t=4075
>>>
>>> Dima wrote:
>>>> Thanks Robear Dyer for replying!
>>>> A confirmation email from aumha@aumha.org is not in my inbox of "spam
>>>> trap". The username I registered is kop.
>>>> The format & reinstall WILL be the last resort. I do not want to loose
>>>> rare
>>>> programs and settings.
>>>>
>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>>> Ñледующее: news:O2KlKfGyIHA.4912@TK2MSFTNGP03.phx.gbl...
>>>>> We do not interpret or work with HijackThis logs in the public
>>>>> newsgroups.
>>>>>
>>>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to
>>>>>> the
>>>>>> problem
>>>>>
>>>>> Allow a minimum of three (3) days for a reply to your posts in any
>>>>> forum.
>>>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation
>>>>>> message to my e-mail.
>>>>>
>>>>> Assuming you registered successfully, look for a confirmation email
>>>>> from
>>>>> aumha@aumha.org in your inbox of "spam trap". If no joy, tell me the
>>>>> username you registered and I'll look into it.
>>>>>
>>>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>>>
>>>>> Possibly due to the infection(s).
>>>>>
>>>>> Use another machine to post to any of these forums. It is not safe to
>>>>> have
>>>>> the infected machine connected to the internet.
>>>>>
>>>>> Again, a format & reinstall WILL resolve the problems.
>>>>> --
>>>>> Dima wrote:
>>>>>> Hello!
>>>>>> http://forums.subratam.org/index.php?showforum=7 does not reply to
>>>>>> the
>>>>>> problem and my Logfile of Trend Micro HijackThis v2.0.2.
>>>>>> http://aumha.net/viewforum.php?f=30 does not send a confirmation
>>>>>> message to my e-mail.
>>>>>> http://forums.spybot.info/forumdisplay.php?f=22 and
>>>>>> http://castlecops.com/forum67.html do not open on my computer.
>>>>>> Please, help!
>>>>>> Logfile of Trend Micro HijackThis v2.0.2
>>>>>> Scan saved at 9:12:52, on 07.06.2008
>>>>>> Platform: Windows XP SP3 (WinNT 5.01.2600)
>>>>>> MSIE: Internet Explorer v7.00 (7.00.6000.16640)
>>>>>> Boot mode: Normal
>>>>>> <snip>
>>>>>>> A Repair Install (or upgrade Repair Install) is not going to help.
>>>>>>> Unless
>>>>>>> you're willing to post your HijackThis log in an appropriate forum
>>>>>>> for
>>>>>>> assistance (see my last reply), you'll have to format & reinstall
>>>>>>> Windows. Dima wrote:
>>>>>>>> Thanks PA Bear for your suggestions!
>>>>>>>> I renamed the file HOSTS, rebooted. The behavior persisted.
>>>>>>>> I have done an upgrade reinstall of Windows XP SP2 in Windows.
>>>>>>>> Should
>>>>>>>> I
>>>>>>>> do a Repair Install by booting from the Windows XP CD?
>>>>>>>>
>>>>>>>>> As Frank suggested, open Windows Explorer to
>>>>>>>>> C:\Windows\System32\drivers\etc
>>>>>>>>> <=this folder | Right-click on the file HOSTS (not LMHOSTS no
>>>>>>>>> extension) Rename it to OLDHOSTS | Reboot.
>>>>>>>>>
>>>>>>>>> If the behavior persists, you've most likely got a hijackware
>>>>>>>>> infection. (I suspect you may have already done a Repair Install
>>>>>>>>> because of this infection If so, only a format & reinstall would
>>>>>>>>> have
>>>>>>>>> fixed it.) Unexplained computer behavior may be caused by
>>>>>>>>> deceptive
>>>>>>>>> software
>>>>>>>>> http://support.microsoft.com/kb/827315
>>>>>>>>>
>>>>>>>>> Run a /thorough/ check for hijackware, including posting your
>>>>>>>>> hijackthis log
>>>>>>>>> to an appropriate forum.
>>>>>>>>>
>>>>>>>>> Checking for/Help with Hijackware
>>>>>>>>> http://aumha.org/a/parasite.htm
>>>>>>>>> http://aumha.org/a/quickfix.htm
>>>>>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>>>>>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>> http://defendingyourmachine2.blogspot.com/
>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>
>>>>>>>>> When all else fails, HijackThis v2.0.2
>>>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool
>>>>>>>>> to
>>>>>>>>> use. It will help you to both identify and remove any
>>>>>>>>> hijackware/spyware with assistance from an expert. **Post your
>>>>>>>>> log
>>>>>>>>> to
>>>>>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>>>>>> http://castlecops.com/forum67.html,
>>>>>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums
>>>>>>>>> for
>>>>>>>>> review
>>>>>>>>> by an expert in such matters, not here.**
>>>>>>>>>
>>>>>>>>> If the procedures look too complex - and there is no shame in
>>>>>>>>> admitting
>>>>>>>>> this
>>>>>>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>>>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>>>>>> --
>>>>>>>>> Dima wrote:
>>>>>>>>>> Google shows correct search results at first, but then in a
>>>>>>>>>> second
>>>>>>>>>> the
>>>>>>>>>> page replaces the search results with ads.
>>>>>>>>>>
>>>>>>>>>>> CrystalBall© sez...
>>>>>>>>>>>
>>>>>>>>>>> Updates are not installed successfully from Windows Update, from
>>>>>>>>>>> Microsoft
>>>>>>>>>>> Update, or by using Automatic Updates after you repair a Windows
>>>>>>>>>>> XP installation:
>>>>>>>>>>> http://support.microsoft.com/kb/943144
>>>>>>>>>>>
>>>>>>>>>>> NB: Also applies to clean installs, upgrade installs, and
>>>>>>>>>>> Recovery
>>>>>>>>>>> installs.
>>>>>>>>>>>
>>>>>>>>>>> Dima wrote:
>>>>>>>>>>>> Thanks Robear for replying!
>>>>>>>>>>>> This problem began before I installed WinXP SP3.
>>>>>>>>>>>> IE7 was installed before WinXP SP3 was installed.
>>>>>>>>>>>> Office scan 8.710.1002 and Ad-Aware 2008 (definition file
>>>>>>>>>>>> 0081.0000)
>>>>>>>>>>>> are
>>>>>>>>>>>> installed.
>>>>>>>>>>>> There is no third-party firewall.
>>>>>>>>>>>> Ad-Aware 2008 and Office scan 8.710.1002 were not running when
>>>>>>>>>>>> I
>>>>>>>>>>>> installed
>>>>>>>>>>>> WinXP SP3.
>>>>>>>>>>>>
>>>>>>>>>>>>> Did this problem begin after you installed WinXP SP3?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>>>>>>>>>>
>>>>>>>>>>>>> What anti-virus application or security suite is installed?
>>>>>>>>>>>>> What
>>>>>>>>>>>>> anti-spyware applications (other than Defender)? What
>>>>>>>>>>>>> third-party
>>>>>>>>>>>>> firewall (if any)? Were any of these applications running
>>>>>>>>>>>>> when
>>>>>>>>>>>>> you
>>>>>>>>>>>>> installed WinXP SP3?
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Dima wrote:
>>>>>>>>>>>>>> Thanks Frank Saunders for suggesting!
>>>>>>>>>>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>>>>>>>>>>> https://www.microsoft.com:443, and then clicked OK. I could
>>>>>>>>>>>>>> connect to
>>>>>>>>>>>>>> www.microsoft.com, and I did not receive an error message.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>>>>> Windows Update site, www.lavasoft.com and some other
>>>>>>>>>>>>>>>> security
>>>>>>>>>>>>>>>> sites do
>>>>>>>>>>>>>>>> not
>>>>>>>>>>>>>>>> open. Windows Update downloads do not start even manually.
>>>>>>>>>>>>>>>> Google shows adds in the beginning of search results.
>>>>>>>>>>>>>>>> Ad-Aware 2008 (definition file 0081.0000) does not remove
>>>>>>>>>>>>>>>> the problem. OS is Windows XP SP3. IE 7. Automatically
>>>>>>>>>>>>>>>> downloaded updates do
>>>>>>>>>>>>>>>> not install
>>>>>>>>>>>>>>>> too. Office scan 8.710.1002 is not finding any viruses. SFC
>>>>>>>>>>>>>>>> /scannow
>>>>>>>>>>>>>>>> does
>>>>>>>>>>>>>>>> not
>>>>>>>>>>>>>>>> find any discrepancies.
>>>>>>>>>>>>>>>> Other peer computers in our network do not have the
>>>>>>>>>>>>>>>> problem.
>>>>>>>>>>>>>>>> How to eliminate the problem?
 
Hello!
CA Anti-Spyware finds "Dialer HC" but requires a subscribtion to remove.
It shows "These are the locations where this spyware resides on your computer.
key hkey_users\CAHive_S-1-5-21-16...
key hkey_users\CAHive_S-1-5-21-18...
key hkey_users\CAHive_S-1-5-21-21... "
I removed other threats by deleting registry keys.
There is no any CAHive in hkey_users in the regedit.
Where are the keys in the regedit?
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
> Did this problem begin after you installed WinXP SP3?
>
> Was IE7 installed before or after WinXP SP3 was installed?
>
> What anti-virus application or security suite is installed? What anti-spyware
> applications (other than Defender)? What third-party firewall (if any)? Were
> any of these applications running when you installed WinXP SP3?
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
>
> Dima wrote:
>> Thanks Frank Saunders for suggesting!
>> I do not use a firewall. I clicked Start, clicked Run, typed
>> https://www.microsoft.com:443, and then clicked OK. I could connect to
>> www.microsoft.com, and I did not receive an error message.
>> Sincerely,
>> Dima
>>
>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org> Ñообщил/Ñообщила в
>> новоÑÑ‚ÑÑ… Ñледующее:
>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>> Hello!
>>>> Windows Update site, www.lavasoft.com and some other security sites do not
>>>> open. Windows Update downloads do not start even manually. Google shows
>>>> adds in the beginning of search results. Ad-Aware 2008 (definition file
>>>> 0081.0000) does not remove the problem. OS is Windows XP SP3. IE 7.
>>>> Automatically downloaded updates do not install too.
>>>> Office scan 8.710.1002 is not finding any viruses. SFC /scannow does not
>>>> find any discrepancies.
>>>> Other peer computers in our network do not have the problem.
>>>> How to eliminate the problem?
>>>> Sincerely,
>>>> Dima
>>>
>>> Make sure your firewall is not blocking port 443.
>>>
>>> --
>>> Frank Saunders MS-MVP IE,OE/WM
>>> Do not reply with email
>
 
Only formatting & reinstalling Windows will resolve the massive infections
and rootkit(s).

Dima wrote:
> Hello!
> CA Anti-Spyware finds "Dialer HC" but requires a subscribtion to remove.
> It shows "These are the locations where this spyware resides on your
> computer. key hkey_users\CAHive_S-1-5-21-16...
> key hkey_users\CAHive_S-1-5-21-18...
> key hkey_users\CAHive_S-1-5-21-21... "
> I removed other threats by deleting registry keys.
> There is no any CAHive in hkey_users in the regedit.
> Where are the keys in the regedit?
> Regards,
> Dima
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
> Ñледующее: news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>> Did this problem begin after you installed WinXP SP3?
>>
>> Was IE7 installed before or after WinXP SP3 was installed?
>>
>> What anti-virus application or security suite is installed? What
>> anti-spyware applications (other than Defender)? What third-party
>> firewall (if any)? Were any of these applications running when you
>> installed WinXP SP3? --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>>
>> Dima wrote:
>>> Thanks Frank Saunders for suggesting!
>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>> https://www.microsoft.com:443, and then clicked OK. I could connect to
>>> www.microsoft.com, and I did not receive an error message.
>>> Sincerely,
>>> Dima
>>>
>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>> Hello!
>>>>> Windows Update site, www.lavasoft.com and some other security sites do
>>>>> not open. Windows Update downloads do not start even manually. Google
>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>> (definition file 0081.0000) does not remove the problem. OS is Windows
>>>>> XP SP3. IE 7. Automatically downloaded updates do not install too.
>>>>> Office scan 8.710.1002 is not finding any viruses. SFC /scannow does
>>>>> not
>>>>> find any discrepancies.
>>>>> Other peer computers in our network do not have the problem.
>>>>> How to eliminate the problem?
>>>>> Sincerely,
>>>>> Dima
>>>>
>>>> Make sure your firewall is not blocking port 443.
>>>>
>>>> --
>>>> Frank Saunders MS-MVP IE,OE/WM
>>>> Do not reply with email
 
Hello!
I reinstalled Windows. The problems disappeared. Local accounts work fine.
But domain administrative accounts do not have access to many files in the
c:\Windows folder and cannot load a profile. The security tab in the files
properties show the administrative group has full access to the files. I
gave the domain accounts the administrative rights on my computer.
How to make domain account have a real access to the Windows?
Regards,
Dima
"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:%23KPqycfyIHA.3384@TK2MSFTNGP03.phx.gbl...
> Only formatting & reinstalling Windows will resolve the massive infections
> and rootkit(s).
>
> Dima wrote:
>> Hello!
>> CA Anti-Spyware finds "Dialer HC" but requires a subscribtion to remove.
>> It shows "These are the locations where this spyware resides on your
>> computer. key hkey_users\CAHive_S-1-5-21-16...
>> key hkey_users\CAHive_S-1-5-21-18...
>> key hkey_users\CAHive_S-1-5-21-21... "
>> I removed other threats by deleting registry keys.
>> There is no any CAHive in hkey_users in the regedit.
>> Where are the keys in the regedit?
>> Regards,
>> Dima
>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>> Ñледующее: news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>> Did this problem begin after you installed WinXP SP3?
>>>
>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>
>>> What anti-virus application or security suite is installed? What
>>> anti-spyware applications (other than Defender)? What third-party
>>> firewall (if any)? Were any of these applications running when you
>>> installed WinXP SP3? --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>> AumHa VSOP & Admin http://aumha.net
>>> DTS-L http://dts-l.net/
>>>
>>>
>>> Dima wrote:
>>>> Thanks Frank Saunders for suggesting!
>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>> https://www.microsoft.com:443, and then clicked OK. I could connect to
>>>> www.microsoft.com, and I did not receive an error message.
>>>> Sincerely,
>>>> Dima
>>>>
>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>> Hello!
>>>>>> Windows Update site, www.lavasoft.com and some other security sites
>>>>>> do
>>>>>> not open. Windows Update downloads do not start even manually. Google
>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>> Windows
>>>>>> XP SP3. IE 7. Automatically downloaded updates do not install too.
>>>>>> Office scan 8.710.1002 is not finding any viruses. SFC /scannow does
>>>>>> not
>>>>>> find any discrepancies.
>>>>>> Other peer computers in our network do not have the problem.
>>>>>> How to eliminate the problem?
>>>>>> Sincerely,
>>>>>> Dima
>>>>>
>>>>> Make sure your firewall is not blocking port 443.
>>>>>
>>>>> --
>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>> Do not reply with email
>
 
You should begin a new thread in an appropriate newsgroup (e.g., WinXP
General WinXP Security Admin) for the new issues, Dima. This has nothing
to do with IE.
--
~PA Bear, replying from IE General newsgroup

Dima wrote:
> Hello!
> I reinstalled Windows. The problems disappeared. Local accounts work fine.
> But domain administrative accounts do not have access to many files in the
> c:\Windows folder and cannot load a profile. The security tab in the files
> properties show the administrative group has full access to the files. I
> gave the domain accounts the administrative rights on my computer.
> How to make domain account have a real access to the Windows?
>
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:%23KPqycfyIHA.3384@TK2MSFTNGP03.phx.gbl...
>> Only formatting & reinstalling Windows will resolve the massive
>> infections
>> and rootkit(s).
>>
>> Dima wrote:
>>> Hello!
>>> CA Anti-Spyware finds "Dialer HC" but requires a subscribtion to remove.
>>> It shows "These are the locations where this spyware resides on your
>>> computer. key hkey_users\CAHive_S-1-5-21-16...
>>> key hkey_users\CAHive_S-1-5-21-18...
>>> key hkey_users\CAHive_S-1-5-21-21... "
>>> I removed other threats by deleting registry keys.
>>> There is no any CAHive in hkey_users in the regedit.
>>> Where are the keys in the regedit?
>>> Regards,
>>> Dima
>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ…
>>> Ñледующее: news:ekO9iDnxIHA.6096@TK2MSFTNGP06.phx.gbl...
>>>> Did this problem begin after you installed WinXP SP3?
>>>>
>>>> Was IE7 installed before or after WinXP SP3 was installed?
>>>>
>>>> What anti-virus application or security suite is installed? What
>>>> anti-spyware applications (other than Defender)? What third-party
>>>> firewall (if any)? Were any of these applications running when you
>>>> installed WinXP SP3? --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>> AumHa VSOP & Admin http://aumha.net
>>>> DTS-L http://dts-l.net/
>>>>
>>>>
>>>> Dima wrote:
>>>>> Thanks Frank Saunders for suggesting!
>>>>> I do not use a firewall. I clicked Start, clicked Run, typed
>>>>> https://www.microsoft.com:443, and then clicked OK. I could connect to
>>>>> www.microsoft.com, and I did not receive an error message.
>>>>> Sincerely,
>>>>> Dima
>>>>>
>>>>> "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>>>>> Ñообщил/Ñообщила в новоÑÑ‚ÑÑ… Ñледующее:
>>>>> news:CB6C3564-770A-4223-941B-AD9153ECA6AB@microsoft.com...
>>>>>> "Dima" <kopn@bk.ruDelete> wrote in message
>>>>>> news:urvMzxgxIHA.5176@TK2MSFTNGP04.phx.gbl...
>>>>>>> Hello!
>>>>>>> Windows Update site, www.lavasoft.com and some other security sites
>>>>>>> do
>>>>>>> not open. Windows Update downloads do not start even manually.
>>>>>>> Google
>>>>>>> shows adds in the beginning of search results. Ad-Aware 2008
>>>>>>> (definition file 0081.0000) does not remove the problem. OS is
>>>>>>> Windows
>>>>>>> XP SP3. IE 7. Automatically downloaded updates do not install too.
>>>>>>> Office scan 8.710.1002 is not finding any viruses. SFC /scannow does
>>>>>>> not
>>>>>>> find any discrepancies.
>>>>>>> Other peer computers in our network do not have the problem.
>>>>>>> How to eliminate the problem?
>>>>>>> Sincerely,
>>>>>>> Dima
>>>>>>
>>>>>> Make sure your firewall is not blocking port 443.
>>>>>>
>>>>>> --
>>>>>> Frank Saunders MS-MVP IE,OE/WM
>>>>>> Do not reply with email
 
Back
Top