[kremkrem]

Sorry, but you know, this F-Secure software uses Java Applet for scanning (that's ok) and IE to show the results (more than bad). In other words, it doesn't work.
Please, if you can, choose some software I can download without any extern downloaders, and it should work fine.
Those errors are caused by the problem we're trying to solve. I mention it just to make sure you know why I've got these problems.

[kevinf80]

Do you have an internet connection?

Did you set up the following Proxy

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 8.8.8.8:80

[kremkrem]

First, I have an internet connection. I post from the machine I have problems with, using Firefox. As I said in the very first post, the situation with my system is weird: there is a connection, but for most apps resolving hostnames doesn't work (but in Firefox works). So, I can connect using Firefox, or, sometimes, using raw IP.
Second... I barely understand the notation you just have used. But checked the Windows options... yes, I set the 8.8.8.8:80 proxy, I surely remember doing so. Found it was Google DNS server, and tried as a possible solution. But it didn't work, so I turned off using proxy for system (by unchecking a box). And the fact that the adress is typed, doesn't (or at least shouldn't) matter.

[kevinf80]

When you turned off the proxy by removing the tick from "Proxy server" under Lan settings did you put a tick in "Automatically detect setting" under automatic configuration? see attached image

Also what can you tell me about this program ALLPlayer did you install it? Read the information at the following links:

http://www.threatexpert.com/files/allupdate.exe.html

http://www.prevx.com/filenames/61275...PDATE.EXE.html

I ask about this program because it was installed by user not by malware...

Kevin

[kremkrem]

Yeah...
Well, I hadn't switched the "automaticly detect" option on, I forgot about that. Now I've done it.
AllPlayer... yup, that was me. I've installed it. Avast was suspicious about the allupdate.exe, so I've either blocked it or let it on in sandbox (because that one was default). Well, when I've reconsidered that, I concluded I don't really need it anymore. Therefore I uninstalled it.
In short: it didn't work.
Let's try something else. I don't really like the vision of reinstalling the system... especially that it came with machine, so I don't have the CD/DVD...
PS. I've noticed you like Ubuntu, while I personally love it. As a coincidence, I've got a liveUSB with 10.04 lucid on board. If you're thinking about trick involving it, feel free to do so, I like Ubuntu, and I'm not a moron who is scared by its bash (aka terminal).

[kevinf80]

I`m only looking for malware on your system, you mentioned having issues for approximately 8 months, All Player was installed February of this year so it was a definite suspect.

OK I`d like to see an in depth scan with an AV to check that Combofix missed nothing, as you had problems with ESET and F-Secure we can use Avast.

Right click on the Avast Icon next to your clock and select "open avast user interface"
On the interface select Scan Computer



On the next window select Boot time scan



Onthe next window select Schedule now



On the next window select Restart Computer



Let your system re-boot and carry out the boot time scan, let me know what it finds. Also tell me if Internet Explorer works now since turning on the "Automatically detect" option...

Regarding Ubuntu, I only use that for online banking and anything with financial implications, I just dont trust windows....(any version)

[kremkrem]

I've just done the on-boot scan. It said that it scanned everything (unlike the in-Windows scan), but found nothing.
I've just noted that your suspicion about AllPlayer was wrong, because I forgot to tell you, that the problem was caused by a stopped trial of installing an infected proxy software (that fact was mentioned by me in the very first post). Terrible thing I forgot the name of this application, but, as I searched on the net the day I got the problem, it was known to install rootkits and trojans.
But it was such a long time ago that I don't remember the name! Stupid, stupid, stupid, stupid, stupid, stupid, stupid, stupid.....
PS
It sometimes take time to answer, because there is big time difference between the place I live in and that forum's time (my time indicates 9 hours forward).

[kevinf80]

What is the status of your system now, is IE working? do have any issues/concerns

[kremkrem]

Nothing has changed: IE doesn't load any pages, services that haven't worked doesn't work, and ones that have worked work.

[kevinf80]

Run Fixit for Internet Explorer, available here http://support.microsoft.com/kb/318378 Lets see if IE responds to the fix

[kremkrem]

FixIt couldn't do anything because of failed attempt to connect to the (Microsoft) server. Dang, Microsoft sometimes really sucks.

[kevinf80]

Back up YOUR REGISTRY with ERUNT.....

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Next,

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

Code:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess]		

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000000

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDevMgrUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot.

Next,


Add the Windows Update Web site and the Microsoft Update Web site to the Trusted Sites list, follow these steps:

• Start Windows Internet Explorer:
• On the Tools menu, click Internet Options.
• Note If you are using Internet Explorer 7, and the menu is not available, press the ALT key on your keyboard to access the Internet Explorer Menu.
• Click the Security tab, and then click Trusted Sites.
• Click Sites, and then click to clear the Require server verification (https for all sites in this zone check box.
• In the Add this Web site to the zone box, type the following addresses, and then click Add after you type each address:
  
  http://*.windowsupdate.microsoft.com
  http://*.windowsupdate.com
  http://update.microsoft.com
  
• Click OK two times.

Try the updates again.

[kremkrem]

ERUNT... hey, I already know this app! Ok, I've done backup.
Now there's some neat register editing file... have run that.
Restart, added the 3 trusted sites and cleared the https: verification box.
Nothing changed. (try update? What did you mean? I've tried to run fixit again as an update, but nothing)

[kevinf80]

Do the following :

Select the Windows Key and R Key together, in the open box either type or copy and paste services.msc

In the new window scroll to Background Intelligence Service, what is the Status and Start up type? They should be Started and Automatic (delayed) respectively.

Also check the following dependencies:

Com + Event system this should be Started and Automatic

Remote Procedure Call (RPC) this also should be Started and Automatic

Let me know if the above are correct.....

[kremkrem]

I think I've managed to translate the service names right.
Background Intelligence Service (Usługa Inteligentnego Transferu w Tle)
Status: Started, Start up type: Automatic (delayed)

COM+ Event System (System Zdarzeń COM+)
Status: Started, Start up type: Automatic

Remote Procedure Call (RPC) (Zdalne wywoływanie procedur (RPC))
Status: Started, Start up type: Automatic