PDA

View Full Version : Certain Webpages & A.V Updates Don't Download



Curbd
24-08-2009, 06:09 PM
Hello everyone,

For the past few hours I have been trying to fix an issue on a small laptop, that has recently changed from dial-up to broadband.

All of a sudden, AVG (free) and Comodo do not update, and in a browser (I have tried I.E and Chrome) I cannot load websites such as microsoft.com.

I have tried the norton removal fix, seen here (http://www.tomshardware.com/forum/page-239121_45_50.html), with no luck.

Any help would be greatly appreciated.

Thanks

wainuitech
24-08-2009, 06:24 PM
Seems you can get onto certain websites only -- try downloading from my sig : Malwarebytes, Spyware Terminator.


You may have a infected laptop - Malware.

You prob wont be able to if the laptop has spyware, as it will be stopping you downloading. Try these direct links - Malwarebytes (http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=d49fd60277a310d3a9a041a8d62808b8&lop=link&ltype=dl_dlnow&pid=11091568&mfgId=6290020&merId=6290020&pguid=M0avagoPjAEAAAZcHYUAAABR&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Dd49fd60277a310d3a9a041a8d628 08b8%26part%3Ddl-10804572) & Spyware Terminator (http://dnl.spywareterminator.com/dnl/config/339/SpywareTerminator_Setup.exe), also spybot S&D. IF those links dont work use another PC to get them and put them on a USB drive to install.

Also get Ccleaner, run Ccleaner, then run ALL Antimalware programs in full scan modes.

Get hijack this (http://free.antivirus.com/hijackthis/) - run it , select save a file, then copy/paste the complete log back here.

Curbd
24-08-2009, 06:27 PM
Thanks, I will download and install the software soon..

I just started the computer up in safe mode with networking, signed in as administrator, and I am able to access the MS website. Hope it's of help. I feel one step closer already

Thanks

wainuitech
24-08-2009, 06:30 PM
Sounds a lot like spyware - Some spyware wont run in safe mode, thus allowing access.

Curbd
24-08-2009, 07:25 PM
Currently scanning with Spyware Terminator and Malwarebytes.
SWT has found 1 critical so far, and MWB has found 4.

Hope it all works out :) :)

Thanks

wainuitech
24-08-2009, 07:37 PM
Only Takes one infection ;) - Dont forget to post a Hijack log -- Hopefully Speedy will be about to take a look at it for you - He's the "man" here to advise on those better.

Curbd
24-08-2009, 08:26 PM
Hmm.. Didn't solve the issue, I removed all files that came up on the reports...

Speedy Gonzales
24-08-2009, 08:43 PM
Yup post a log, when youre ready. And I'll check it out

If you want, boot into safe mode / networking. And get teamviewer (www.teamviewer.com) Once its installed and running, send me a PM with the ID and password. I'll check it out from here

Curbd
24-08-2009, 09:17 PM
After putting the HJT log onto my portable drive, and putting it into the 'worthwhile' computer (:P), Mcafee came up with 'Detected: W32/Conficker.worm!inf (Virus)', clearly the laptop still has some infestations on it eh?

And here's the log, hope you have some luck with it!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:18 PM, on 8/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader\Reader_sl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\private\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: Registration Imagine Fashion Designer.LNK = D:\Support\Register\RegistrationReminder.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251103403145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4741 bytes


Thanks a plenty!

wainuitech
24-08-2009, 09:23 PM
Conflicker eh!!! Hmmm OK download From Here (http://www.eset.com/download/free-virus-remover.php) - in the drop down box ( select a tool) - locate Conflicker.

Download it and run it.

Curbd
24-08-2009, 09:26 PM
Thanks, I just ran it but the comp gave me a b.s.o.d :P,
I'll boot back into safe mode and try then.

Thanks for your help!

Curbd
24-08-2009, 09:30 PM
Thanks, I just tried to run it but it threw a BSOD at my face :P
I'm booting into safe mode now...

Thanks

Edit: Sorry about the double post, forgot about second pages here :P

Speedy Gonzales
24-08-2009, 09:31 PM
Hmm you can tick these entries as well. Then tick fix checked

Close browsers / disable system restore

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\private\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - Startup: Registration Imagine Fashion Designer.LNK = D:\Support\Register\RegistrationReminder.exe

Hmm the portable drive may have conficker then. I dont think its in this log / on this laptop. If that eset tool doesnt fix it, get trojan remover / malwarebytes. Update both then scan

Blam
24-08-2009, 09:34 PM
Not good. Hopefully it hasn't infected any critical system files....which may have caused the BSOD!

What did it say on the BSOD?
(Disable automatic restart, right click my computer>properties>advanced>under Startup and recovery select settings>Untick Auto Restart)

Disable system restore too, right click my computer>system restore tab>disable system restore on all drives.

Blam

Curbd
24-08-2009, 09:34 PM
In safe mode I still receive a fatal system error...

I'll follow your lead with those instructions. Cheers

Curbd
24-08-2009, 10:01 PM
The BSOD says:

STOP: c000021a {Fatal System Error}
The Windows SubSystem process terminated unexpectedly with a status of 0xc0000005 (0x7c9106c3 0x0053ed04).
The system has been shut down.

No more luck, but, we'll get there I'm sure!