Inactive Cannot access anti-virus websites

[Mkicken]

Hi There!

I am looking of some help with an annoying issue I experience; namely I cannot access anti-virus websites and I now I don't feel confortable using my laptop anymore as I suspect a virus. I followed several guides on this forum though I guess it needs some specific tuning. Any expert that can help me with this?

Cheers,

Marcel

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Mkicken]

Hi Broni,

Thanks for you swift reply!

I followed the steps and installed ''Microsoft Security Essentials'' first. That gave already (without forced scan) a notification some threads were removed. See below the log results - I think it already did the trick because I able to visite the anti-virus sites that were disabled before. Thanks a lot already for this!

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Databaseversie: v2012.12.19.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
dell :: GEBRUIK-WPS656N [administrator]

19-12-2012 20:09:28
mbam-log-2012-12-19 (20-09-28).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 191068
Verstreken tijd: 7 minuut/minuten, 43 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by dell at 20:43:57 on 2012-12-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2000.1060 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Cjhwhy] c:\users\dell\appdata\roaming\Cjhwhy.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{8BCF3821-D8E8-421B-9072-B9CC8B404232} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{8BCF3821-D8E8-421B-9072-B9CC8B404232}\34163716E656762716 : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 e1yexpress;Stuurprogramma voor Intel(R) Gigabit-netwerkverbindingen;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
SUnknown vyadjriy;vyadjriy; [x]
.
=============== Created Last 30 ================
.
2012-12-19 19:33:2260872----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{8f7429d5-63bc-4d6b-a551-c676fe9093c0}\offreg.dll
2012-12-19 19:08:3422856----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-19 19:08:34--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-12-19 19:07:44740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{1cdf18c7-1d6c-47c2-b471-53b6606be3b9}\gapaengine.dll
2012-12-19 19:07:406812136----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{8f7429d5-63bc-4d6b-a551-c676fe9093c0}\mpengine.dll
2012-12-19 19:07:06237072------w-c:\windows\system32\MpSigStub.exe
2012-12-19 19:04:12--------d-----w-c:\program files\Microsoft Security Client
2012-12-19 06:48:11--------d-----w-c:\windows\system32\wbem\en-US
2012-12-18 23:16:559728----a-w-c:\windows\system32\Wdfres.dll
2012-12-18 23:16:55526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-12-18 23:16:5547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-18 23:16:2173216----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-18 23:16:2166560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-18 23:16:21172032----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-18 23:16:21155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-18 23:16:20613888----a-w-c:\windows\system32\WUDFx.dll
2012-12-18 23:16:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-18 23:16:20196608----a-w-c:\windows\system32\WUDFHost.exe
2012-12-18 23:14:02245616----a-w-c:\windows\system32\drivers\volsnap.sys
2012-12-18 21:58:24--------d-----w-c:\program files\Spybot - Search & Destroy
2012-12-18 21:55:04--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-12-18 20:35:44--------d-sh--w-C:\$RECYCLE.BIN
2012-12-18 20:28:3598816----a-w-c:\windows\sed.exe
2012-12-18 20:28:35256000----a-w-c:\windows\PEV.exe
2012-12-18 20:28:35208896----a-w-c:\windows\MBR.exe
2012-12-17 21:23:39--------d-----w-c:\users\dell\appdata\roaming\SUPERAntiSpyware.com
2012-12-06 21:01:21--------d-----w-c:\users\dell\appdata\roaming\Malwarebytes
2012-12-06 21:01:09--------d-----w-c:\programdata\Malwarebytes
2012-12-06 20:53:25276992----a-w-c:\windows\system32\wcncsvc.dll
2012-12-06 20:51:591328640----a-w-c:\windows\system32\quartz.dll
2012-12-06 20:50:591303408----a-w-c:\windows\system32\drivers\tcpip.sys
2012-12-06 20:49:56442880----a-w-c:\windows\system32\ntshrui.dll
2012-12-06 20:49:36204288----a-w-c:\windows\system32\upnp.dll
2012-12-06 20:49:3480384----a-w-c:\windows\system32\davclnt.dll
2012-12-06 20:49:3473728----a-w-c:\windows\system32\wscsvc.dll
2012-12-06 20:49:3451200----a-w-c:\windows\system32\wscapi.dll
2012-12-06 20:49:34350720----a-w-c:\windows\system32\winhttp.dll
2012-12-06 20:49:34204288----a-w-c:\windows\system32\WebClnt.dll
2012-12-06 20:49:3414336----a-w-c:\windows\system32\slwga.dll
2012-12-06 14:49:541170944----a-w-c:\windows\system32\d3d10warp.dll
2012-12-06 14:49:53739840----a-w-c:\windows\system32\d2d1.dll
2012-12-06 14:49:53218624----a-w-c:\windows\system32\d3d10_1core.dll
2012-12-06 14:49:53161792----a-w-c:\windows\system32\d3d10_1.dll
2012-12-06 14:49:531077248----a-w-c:\windows\system32\DWrite.dll
2012-12-06 14:48:411137664----a-w-c:\windows\system32\mfc42.dll
2012-12-06 14:48:401164288----a-w-c:\windows\system32\mfc42u.dll
2012-12-06 14:48:392353664----a-w-c:\windows\system32\win32k.sys
2012-12-06 14:48:16728448----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2012-12-06 14:48:16219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
2012-12-06 14:48:16107520----a-w-c:\windows\system32\cdd.dll
2012-12-06 14:48:10--------d--h--w-c:\programdata\Common Files
2012-12-06 14:48:10--------d-----w-c:\users\dell\appdata\local\MFAData
2012-12-06 14:48:10--------d-----w-c:\users\dell\appdata\local\Avg2013
2012-12-06 14:48:10--------d-----w-c:\programdata\MFAData
2012-12-06 14:47:2726496----a-w-c:\windows\system32\drivers\Diskdump.sys
2012-12-06 14:47:25123904----a-w-c:\windows\system32\poqexec.exe
2012-12-06 14:47:2447104----a-w-c:\windows\system32\appinfo.dll
2012-12-06 14:47:24101760----a-w-c:\windows\system32\consent.exe
2012-12-03 16:36:00--------d-----w-c:\users\dell\appdata\local\Adobe
2012-12-03 16:35:19--------d-----w-c:\users\dell\appdata\local\Google
2012-12-03 16:34:0248648----a-w-c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\Markup.dll
2012-12-03 16:33:58856712----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-12-03 16:29:59280064----a-w-c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
2012-12-03 16:11:42697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-03 16:11:4173656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-03 15:35:31--------d-----w-c:\windows\system32\wbem\Performance
2012-12-03 15:34:042422272----a-w-c:\windows\system32\wucltux.dll
2012-12-03 15:32:22--------d-----w-c:\users\dell\appdata\local\ElevatedDiagnostics
2012-12-03 10:54:3988576----a-w-c:\windows\system32\wudriver.dll
2012-12-03 10:54:3233792----a-w-c:\windows\system32\wuapp.exe
2012-12-03 10:54:32171904----a-w-c:\windows\system32\wuwebv.dll
2012-12-03 10:49:23436792----a-w-c:\windows\system32\drivers\sptd.sys
2012-12-03 10:48:54--------d-----w-c:\windows\system32\Adobe
2012-12-03 10:48:51--------d-----w-c:\program files\PlayReady
2012-12-03 10:48:47--------d-sh--w-c:\windows\Installer
2012-12-03 10:48:34--------d-sh--wec:\programdata\Sjablonen
2012-12-03 10:48:34--------d-sh--wec:\programdata\Menu Start
2012-12-03 10:48:34--------d-sh--wec:\programdata\Favorieten
2012-12-03 10:48:34--------d-sh--wec:\programdata\Documenten
2012-12-03 10:48:34--------d-sh--wec:\programdata\Bureaublad
2012-12-03 10:33:13--------d-----w-c:\windows\Panther
2012-12-03 10:24:10--------d-----w-C:\Windows.old.000
.
==================== Find3M ====================
.
2012-10-16 20:34:37559104----a-w-c:\windows\apppatch\AcLayers.dll
2012-09-25 21:55:1778336----a-w-c:\windows\system32\synceng.dll
.
============= FINISH: 20:44:45,87 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3-12-2012 11:50:34
System Uptime: 19-12-2012 20:32:45 (0 hours ago)
.
Motherboard: Dell Inc. | | 0H635N
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 793/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 55,756 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Service:
.
Class GUID:
Description: Base System-apparaat
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
Manufacturer:
Name: Base System-apparaat
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI - Nederlands
Adobe Shockwave Player 11.5
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Malwarebytes Anti-Malware versie 1.65.1.1000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
PlayReady PC Runtime x86
.
==== End Of File ===========================

 

[Broni]

Very well

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.