TechSpot

Cannot access anti-virus websites

Inactive
By Mkicken
Dec 18, 2012
  1. Hi There!

    I am looking of some help with an annoying issue I experience; namely I cannot access anti-virus websites and I now I don't feel confortable using my laptop anymore as I suspect a virus. I followed several guides on this forum though I guess it needs some specific tuning. Any expert that can help me with this?

    Cheers,

    Marcel
     
  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Mkicken

    Mkicken TS Rookie Topic Starter

    Hi Broni,

    Thanks for you swift reply!

    I followed the steps and installed ''Microsoft Security Essentials'' first. That gave already (without forced scan) a notification some threads were removed. See below the log results - I think it already did the trick because I able to visite the anti-virus sites that were disabled before. Thanks a lot already for this!

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.12.19.07

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    dell :: GEBRUIK-WPS656N [administrator]

    19-12-2012 20:09:28
    mbam-log-2012-12-19 (20-09-28).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 191068
    Verstreken tijd: 7 minuut/minuten, 43 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421
    Run by dell at 20:43:57 on 2012-12-19
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2000.1060 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Cjhwhy] c:\users\dell\appdata\roaming\Cjhwhy.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoResolveTrack = dword:1
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{8BCF3821-D8E8-421B-9072-B9CC8B404232} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{8BCF3821-D8E8-421B-9072-B9CC8B404232}\34163716E656762716 : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
    R3 e1yexpress;Stuurprogramma voor Intel(R) Gigabit-netwerkverbindingen;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    SUnknown vyadjriy;vyadjriy; [x]
    .
    =============== Created Last 30 ================
    .
    2012-12-19 19:33:2260872----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{8f7429d5-63bc-4d6b-a551-c676fe9093c0}\offreg.dll
    2012-12-19 19:08:3422856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-12-19 19:08:34--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-12-19 19:07:44740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{1cdf18c7-1d6c-47c2-b471-53b6606be3b9}\gapaengine.dll
    2012-12-19 19:07:406812136----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{8f7429d5-63bc-4d6b-a551-c676fe9093c0}\mpengine.dll
    2012-12-19 19:07:06237072------w-c:\windows\system32\MpSigStub.exe
    2012-12-19 19:04:12--------d-----w-c:\program files\Microsoft Security Client
    2012-12-19 06:48:11--------d-----w-c:\windows\system32\wbem\en-US
    2012-12-18 23:16:559728----a-w-c:\windows\system32\Wdfres.dll
    2012-12-18 23:16:55526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-12-18 23:16:5547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-12-18 23:16:2173216----a-w-c:\windows\system32\WUDFSvc.dll
    2012-12-18 23:16:2166560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-12-18 23:16:21172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-12-18 23:16:21155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-12-18 23:16:20613888----a-w-c:\windows\system32\WUDFx.dll
    2012-12-18 23:16:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-12-18 23:16:20196608----a-w-c:\windows\system32\WUDFHost.exe
    2012-12-18 23:14:02245616----a-w-c:\windows\system32\drivers\volsnap.sys
    2012-12-18 21:58:24--------d-----w-c:\program files\Spybot - Search & Destroy
    2012-12-18 21:55:04--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-12-18 20:35:44--------d-sh--w-C:\$RECYCLE.BIN
    2012-12-18 20:28:3598816----a-w-c:\windows\sed.exe
    2012-12-18 20:28:35256000----a-w-c:\windows\PEV.exe
    2012-12-18 20:28:35208896----a-w-c:\windows\MBR.exe
    2012-12-17 21:23:39--------d-----w-c:\users\dell\appdata\roaming\SUPERAntiSpyware.com
    2012-12-06 21:01:21--------d-----w-c:\users\dell\appdata\roaming\Malwarebytes
    2012-12-06 21:01:09--------d-----w-c:\programdata\Malwarebytes
    2012-12-06 20:53:25276992----a-w-c:\windows\system32\wcncsvc.dll
    2012-12-06 20:51:591328640----a-w-c:\windows\system32\quartz.dll
    2012-12-06 20:50:591303408----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-12-06 20:49:56442880----a-w-c:\windows\system32\ntshrui.dll
    2012-12-06 20:49:36204288----a-w-c:\windows\system32\upnp.dll
    2012-12-06 20:49:3480384----a-w-c:\windows\system32\davclnt.dll
    2012-12-06 20:49:3473728----a-w-c:\windows\system32\wscsvc.dll
    2012-12-06 20:49:3451200----a-w-c:\windows\system32\wscapi.dll
    2012-12-06 20:49:34350720----a-w-c:\windows\system32\winhttp.dll
    2012-12-06 20:49:34204288----a-w-c:\windows\system32\WebClnt.dll
    2012-12-06 20:49:3414336----a-w-c:\windows\system32\slwga.dll
    2012-12-06 14:49:541170944----a-w-c:\windows\system32\d3d10warp.dll
    2012-12-06 14:49:53739840----a-w-c:\windows\system32\d2d1.dll
    2012-12-06 14:49:53218624----a-w-c:\windows\system32\d3d10_1core.dll
    2012-12-06 14:49:53161792----a-w-c:\windows\system32\d3d10_1.dll
    2012-12-06 14:49:531077248----a-w-c:\windows\system32\DWrite.dll
    2012-12-06 14:48:411137664----a-w-c:\windows\system32\mfc42.dll
    2012-12-06 14:48:401164288----a-w-c:\windows\system32\mfc42u.dll
    2012-12-06 14:48:392353664----a-w-c:\windows\system32\win32k.sys
    2012-12-06 14:48:16728448----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2012-12-06 14:48:16219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
    2012-12-06 14:48:16107520----a-w-c:\windows\system32\cdd.dll
    2012-12-06 14:48:10--------d--h--w-c:\programdata\Common Files
    2012-12-06 14:48:10--------d-----w-c:\users\dell\appdata\local\MFAData
    2012-12-06 14:48:10--------d-----w-c:\users\dell\appdata\local\Avg2013
    2012-12-06 14:48:10--------d-----w-c:\programdata\MFAData
    2012-12-06 14:47:2726496----a-w-c:\windows\system32\drivers\Diskdump.sys
    2012-12-06 14:47:25123904----a-w-c:\windows\system32\poqexec.exe
    2012-12-06 14:47:2447104----a-w-c:\windows\system32\appinfo.dll
    2012-12-06 14:47:24101760----a-w-c:\windows\system32\consent.exe
    2012-12-03 16:36:00--------d-----w-c:\users\dell\appdata\local\Adobe
    2012-12-03 16:35:19--------d-----w-c:\users\dell\appdata\local\Google
    2012-12-03 16:34:0248648----a-w-c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\Markup.dll
    2012-12-03 16:33:58856712----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2012-12-03 16:29:59280064----a-w-c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
    2012-12-03 16:11:42697272----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-12-03 16:11:4173656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-03 15:35:31--------d-----w-c:\windows\system32\wbem\Performance
    2012-12-03 15:34:042422272----a-w-c:\windows\system32\wucltux.dll
    2012-12-03 15:32:22--------d-----w-c:\users\dell\appdata\local\ElevatedDiagnostics
    2012-12-03 10:54:3988576----a-w-c:\windows\system32\wudriver.dll
    2012-12-03 10:54:3233792----a-w-c:\windows\system32\wuapp.exe
    2012-12-03 10:54:32171904----a-w-c:\windows\system32\wuwebv.dll
    2012-12-03 10:49:23436792----a-w-c:\windows\system32\drivers\sptd.sys
    2012-12-03 10:48:54--------d-----w-c:\windows\system32\Adobe
    2012-12-03 10:48:51--------d-----w-c:\program files\PlayReady
    2012-12-03 10:48:47--------d-sh--w-c:\windows\Installer
    2012-12-03 10:48:34--------d-sh--wec:\programdata\Sjablonen
    2012-12-03 10:48:34--------d-sh--wec:\programdata\Menu Start
    2012-12-03 10:48:34--------d-sh--wec:\programdata\Favorieten
    2012-12-03 10:48:34--------d-sh--wec:\programdata\Documenten
    2012-12-03 10:48:34--------d-sh--wec:\programdata\Bureaublad
    2012-12-03 10:33:13--------d-----w-c:\windows\Panther
    2012-12-03 10:24:10--------d-----w-C:\Windows.old.000
    .
    ==================== Find3M ====================
    .
    2012-10-16 20:34:37559104----a-w-c:\windows\apppatch\AcLayers.dll
    2012-09-25 21:55:1778336----a-w-c:\windows\system32\synceng.dll
    .
    ============= FINISH: 20:44:45,87 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3-12-2012 11:50:34
    System Uptime: 19-12-2012 20:32:45 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0H635N
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 793/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 55,756 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Broadcom USH
    Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
    Manufacturer:
    Name: Broadcom USH
    PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
    Service:
    .
    Class GUID:
    Description: Base System-apparaat
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
    Manufacturer:
    Name: Base System-apparaat
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&371F484D&0&0BF0
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI - Nederlands
    Adobe Shockwave Player 11.5
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Malwarebytes Anti-Malware versie 1.65.1.1000
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    PlayReady PC Runtime x86
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Very well :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.