Windows Update and security sites do not open. Secutiry downloads do not start.

Discussion in 'Internet Explorer' started by Dima, Jun 4, 2008.

  1. Dima

    Dima Guest

    Thanks PA Bear for your suggestions!
    I renamed the file HOSTS, rebooted. The behavior persisted.
    I have done an upgrade reinstall of Windows XP SP2 in Windows. Should I do a
    Repair Install by booting from the Windows XP CD?
    Regards,
    Dima
     
    Dima, Jun 5, 2008
    #21
    1. Advertisements

  2. A Repair Install (or upgrade Repair Install) is not going to help. Unless
    you're willing to post your HijackThis log in an appropriate forum for
    assistance (see my last reply), you'll have to format & reinstall Windows.
     
    PA Bear [MS MVP], Jun 5, 2008
    #22
    1. Advertisements

  3. Dima

    Dima Guest

    Hello!
    http://forums.subratam.org/index.php?showforum=7 does not reply to the problem
    and my Logfile of Trend Micro HijackThis v2.0.2.
    http://aumha.net/viewforum.php?f=30 does not send a confirmation message to my
    e-mail.
    http://forums.spybot.info/forumdisplay.php?f=22 and
    http://castlecops.com/forum67.html do not open on my computer.
    Please, help!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:12:52, on 07.06.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\cisvc.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\WINNT\TEMP\AOD0FC.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\igfxpers.exe
    C:\WINNT\system32\hkcmd.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINNT\system32\ctfmon.exe
    d:\Program Files\CA\CA Internet Security Suite\CA
    Anti-Spyware\CAPPActiveProtection.exe
    d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    d:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINNT\system32\cidaemon.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINNT\msagent\AgentSvr.exe
    C:\Documents and Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe
    D:\Temp\QIP\qip.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Documents and Settings\KopnichevDI\Рабочий Ñтол\hijackthis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://portal
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = СÑылки
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend
    Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE
    /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE
    /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil
    /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows
    Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security
    Suite\cctray\cctray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MAgent] C:\Documents and Settings\KopnichevDI\Application
    Data\Mail.Ru\Agent\MAgent.exe -CU
    O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
    Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
    Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
    Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
    Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} -
    C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network
    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} -
    C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra button: Mail.Ru Ðгент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} -
    C:\Documents and Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe
    (HKCU)
    O9 - Extra 'Tools' menuitem: Mail.Ru Ðгент -
    {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and
    Settings\KopnichevDI\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management
    Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program
    Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O15 - Trusted Zone: http://support.corp.lukoil.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
    http://www.samsung.com/plugin/vmpin...tftlcd/web3d/le26r71bxxeu/page_le26r74bd.html
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
    http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) -
    http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
    http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer
    Diagnostics) -
    http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192176634437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191398084875
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
    http://my.foto.mail.ru/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload
    Control) - http://kopn.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload
    Tool) -
    http://cid-08b54cabdb21c061.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
    O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) -
    http://plugin.fileopen.com/current/FileOpen.CAB
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
    http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    https://energyintel.webex.com/client/T25L/webex/ieatgpc.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
    http://upload-v5.streamload.com/Upload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msk.lukoil.com
    O17 - HKLM\Software\..\Telephony: DomainName = msk.lukoil.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msk.lukoil.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
    corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = msk.lukoil.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =
    corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
    corp.lukoil.com,comm.lukoil.com,msk.lukoil.com,lukoil
    O23 - Service: CaCCProvSP - CA, Inc. - d:\Program Files\CA\CA Internet Security
    Suite\ccprovsp.exe
    O23 - Service: Журнал Ñобытий (Eventlog) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\system32\services.exe
    O23 - Service: HP MFP Digital Sending Software (HPMfpDigitalSendingSoftware) -
    Unknown owner - C:\Program Files\Hewlett-Packard\HP MFP Digital Sending
    Software\hpbs2e.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
    32\IDriverT.exe
    O23 - Service: Служба COM запиÑи компакт-диÑков IMAPI (ImapiService) -
    ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINNT\system32\imapi.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA,
    Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - КорпорациÑ
    МайкроÑофт - C:\WINNT\system32\mnmsrvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. -
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Plug and Play (PlugPlay) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\system32\services.exe
    O23 - Service: PPCtlPriv - CA, Inc. - d:\Program Files\CA\CA Internet Security
    Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: ДиÑпетчер ÑеанÑа Ñправки Ð´Ð»Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð½Ð¾Ð³Ð¾ рабочего Ñтола
    (RDSessMgr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINNT\system32\sessmgr.exe
    O23 - Service: Смарт-карты (SCardSvr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
    Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: ÐžÐ¿Ð¾Ð²ÐµÑ‰ÐµÐ½Ð¸Ñ Ð¸ журналы производительноÑти (SysmonLog) - КорпорациÑ
    МайкроÑофт - C:\WINNT\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\system32\tlntsvr.exe
    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program
    Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: ДиÑпетчер Ñлужебных программ (UtilMan) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\System32\UtilMan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
    Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Теневое копирование тома (VSS) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт -
    C:\WINNT\System32\vssvc.exe
    O23 - Service: Ðдаптер производительноÑти WMI (WmiApSrv) - КорпорациÑ
    МайкроÑофт - C:\WINNT\system32\wbem\wmiapsrv.exe
    --
    End of file - 13282 bytes
    Regards,
    Dima
     
    Dima, Jun 7, 2008
    #23
  4. We do not interpret or work with HijackThis logs in the public newsgroups.
    Allow a minimum of three (3) days for a reply to your posts in any forum.
    Assuming you registered successfully, look for a confirmation email from
    in your inbox of "spam trap". If no joy, tell me the
    username you registered and I'll look into it.
    Possibly due to the infection(s).

    Use another machine to post to any of these forums. It is not safe to have
    the infected machine connected to the internet.

    Again, a format & reinstall WILL resolve the problems.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
    AumHa VSOP & Admin http://aumha.net
    DTS-L http://dts-l.net/

     
    PA Bear [MS MVP], Jun 7, 2008
    #24
  5. Dima

    Dima Guest

    Thanks Robear Dyer for replying!
    A confirmation email from is not in my inbox of "spam trap". The
    username I registered is kop.
    The format & reinstall WILL be the last resort. I do not want to loose rare
    programs and settings.
    Regards,
    Dima
     
    Dima, Jun 7, 2008
    #25
  6. PA Bear [MS MVP], Jun 7, 2008
    #26
  7. PA Bear [MS MVP], Jun 8, 2008
    #27
  8. Dima

    Dima Guest

    Thanks for replying!
    Why format? Should a fresh OS install help alone?
    Regards,
    Dima
     
    Dima, Jun 9, 2008
    #28
  9. Only formatting & reinstalling Windows will resolve the massive infections
    and rootkit(s).
     
    PA Bear [MS MVP], Jun 9, 2008
    #29
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.