Any site but Microsoft?

[drmcl]

Not sure if this is quite the right place, but it must be close. I
cannot access ANY website that has the word 'Microsoft' in the address.
That is all the obvious ones like www.microsoft.com,msdn.microsoft.com
and even any news items that have Microsoft in the link, the browser
finds the site, then nearly loads it but then just hangs their forever.
All other sites load as normal, just not microsoft, not even my MS
forums. Any ideas? I've run the usual suspects (spybot, ad-aware) and
turned off the firewall, but it makes no difference.

 

[Noel Paton]

sounds like a HOSTS file problem to me - check the file using the utility in
HiJackThis, and see whit you find


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[drmcl]

sounds like a HOSTS file problem to me - check the file using the utility in
HiJackThis, and see whit you find

This is what I found. does it loook OK?

Logfile of HijackThis v1.99.1
Scan saved at 23:43:18, on 17/07/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
G:\Program Files\Microsoft Virtual Server\vmh.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk
SE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
g:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
G:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mstsc.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
g:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox
Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] g:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "g:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
G:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program
Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137084230152
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual
Server VMRC Control) -
http://b2bcode:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} (PortDetector
Control) - http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CounterMonitor - b2bcode - G:\Visual Studio 2005
Projects\CounterMonitor\CounterMonitor\bin\Debug\countermonitor.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. -
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. -
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
O23 - Service: FileWatcherService - b2bcode - G:\Visual Studio 2005
Projects\CounterMonitor\FileWatcherService\FileWatcherService\bin\Debug\filewatcherservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program
Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) -
Unknown owner - C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file
missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner -
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"
-sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER)
(MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft
SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft
SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program
Files\Dell\SysMgt\oma\bin\omsad32.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown
owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) -
Unknown owner - C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Virtual Machine Helper (vmh) - Unknown owner -
G:\Program Files\Microsoft Virtual Server\vmh.exe" -service (file
missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[drmcl]

sounds like a HOSTS file problem to me - check the file using the utility in
HiJackThis, and see whit you find

This is what I found. does it loook OK?

Logfile of HijackThis v1.99.1
Scan saved at 23:43:18, on 17/07/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
G:\Program Files\Microsoft Virtual Server\vmh.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk
SE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
g:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
G:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mstsc.exe
G:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
g:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox
Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] g:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "g:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
G:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program
Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137084230152
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual
Server VMRC Control) -
http://b2bcode:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} (PortDetector
Control) - http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CounterMonitor - b2bcode - G:\Visual Studio 2005
Projects\CounterMonitor\CounterMonitor\bin\Debug\countermonitor.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. -
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. -
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
O23 - Service: FileWatcherService - b2bcode - G:\Visual Studio 2005
Projects\CounterMonitor\FileWatcherService\FileWatcherService\bin\Debug\filewatcherservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program
Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) -
Unknown owner - C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file
missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner -
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"
-sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER)
(MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft
SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft
SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program
Files\Dell\SysMgt\oma\bin\omsad32.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown
owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) -
Unknown owner - C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Virtual Machine Helper (vmh) - Unknown owner -
G:\Program Files\Microsoft Virtual Server\vmh.exe" -service (file
missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Tom Willett]

Which part of Noel's reply about not posting the log here did you not
understand?

 

[Noel Paton]

Check the time-stamps, Tom - he posted both at the same time, near enough -
I simply responded to the first I saw

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[drmcl]

Sorry folks, seem to have erred on the log thing. Humble apologies. I
have now registered and posted the log at tomcyote.org. Why is posting
them here a big no-no?
Also, i did find a hosts file on the PC but it looked like the default
with one with an entry for localhost and the rest were commented out.
My primary objective here is to get to windowsupdate as its been a few
days since I've done my update duty!

Thanks all (dunno how the double post happened either)

 

[Tom Willett]

Gotcha. Guess he also doesn't know how to post <grin>

Tom

 

[Chuck Davis]

Check the time-stamps, Tom - he posted both at the same time, near
enough - I simply responded to the first I saw

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

Wehn doing house calls for our computer club, I always submit the log file
on the HijackThis web site for their automated analysis. This provides an
analysis in about 20 seconds. It has been a success most of the time.
http://www.hijackthis.de

 

[Noel Paton]

Wehn doing house calls for our computer club, I always submit the log file
on the HijackThis web site for their automated analysis. This provides an
analysis in about 20 seconds. It has been a success most of the time.

automated tools tend not to be terribly effective - but they are good for
first-port-of-call pointers. The problem is that many of them aren't updated
often enough, and well enough, and removal of some malware can cause more
problems than it solves if not approached in the correct manner.

the site you mention is 'OK' - just - but is cashing in on the HJT name
without, AFAIK, the author's approval, and should for that reason if no
other, be avoided

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[drmcl]

Hi guys. This is now getting really interesting.

I've got a HJT over in the other forum which may now be irrelevant as
i no longer think it is malware but the source is very very interesting
so i am looking here for some thoughts. Basically nothing in my house,
none of my 3 pc will connect to any site that has anything to do with
microsoft. Even more disturbing, my PSP browser will not connect to
Microsoft. So that leads me to beleive it must be the router or my ISP.
My nice neighbour let me connect to his wireless router and hey presto,
hello www.microsoft.com. So, the big question, is it my router or is
the problem with the ISP. your thoughts are greatly appreciated - and
has anyone else heard of this weird anomaly?

Dave

 

[drmcl]

Fixed. Reset the router back to factory defaults and now we are fine
again. Wonder what it was?

 

[Noel Paton]

Probably some wag decided to filter on MS in the Admin tools of your
router - what model is it??


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[Robert Aldwinckle]

....

sounds like a HOSTS file problem to me - check the file using the utility in HiJackThis, and see whit you find

It's also a symptom associated with one of the popular toolbars.
E.g. Google or Yahoo. (I can never remember which toolbar is associated
with which symptom. <w>) They both apparently can cause unexpected
problems, so a recommendation could be to try removing them both
and see if the symptom changes.

It's not clear to me whether it is the uninstall of the third-party product
which fixes the problem or whether just disabling the interferer
would be sufficient. If the latter, testing by disabling all BHO
(ref. KB298931) or some, e.g. using BHODemon, might be tried
to improve a symptom description.


FYI

Robert
---

 

[drmcl]

Hi Noel, It's a DLink DSL-G604T which I thought was fairly secure -
hidden ssid, WEP enabled and access only to specific MAC addresses.
Obviously, now that it has been reset, I don't know which bit was
causing the problem as this guy has a lot of settings, but it is
generally odd that a router gets hit as opposed to the PC. Bit_torrent
or PSP homebrew is probably where the problem origin lies I think.
What is the deal with HJT log posting? I thought every little would
help but this appears to have been a big no-no, which unwritten law did
I transgress here?

Dave

 

[Noel Paton]

Sorry about the delayed response - I've had some server issues here

HJT logs should only be posted to specialist forums - where trained
volunteers can help much faster, much more effectively, and with much less
interference.
It also keeps the search engines free of the inevitable huge number of
entries for CLSID numbers, etc so that the informative nature of UseNet
doesn't get polluted too much with cries for help. Usenet is a one/many
thing, while forums tend much more to being a one/one thing unless people
want to deliberately dip in.

WRT your router, I just wanted to avoid it (actually, I rather like some
of the D-Link stuff)

More seriously, I wanted to check whether it had filtering capability that
could take out an IP or a block of IP's in such a fashion - it does (page 47
in the manual I downloaded), as should most decent routers - and whether is
was easy to accidentally invoke such a block....
In your case, blocking microsoft.com would have required blocking the IP
207.46.250.119 for at least port 80 (HTTP) and blocking 207.46.248.109 for
msdn.microsoft.com
Since the router can block ranges of IP, I suspect that a whole block of
IP's were embargoed - maybe 207.46.0.0-207.46.255.255.... possibly in a
misguided attempt to block call-back by some of the MS software on some of
the machines on the network.
The question would then become "who knew the admin logon/password for the
router?" since without this information, it would be very difficult for
anyone on either side of the router to change the configuration. The obvious
reaction is to change the admin logon details, and keep them to yourself

HTH

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's