Jump to content

Cannot "Enable malicious website blocking"


Recommended Posts

I don't know whether this involves malware or not.  Everything was fine until I installed Adobe Photoshop Elements 10.  It told me to restart to complete the installation.  I did.  Now I have Adobe Photoshop Elements, but I can no longer enable malicious website blocking.

Link to post
Share on other sites

  • Root Admin

Please run the following scans and post back the logs and we'll take a look at what's going on.

 

STEP 01
Please create an mbam-check log:
 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


STEP 02

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment. 

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file

STEP 03

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:


  •  
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.



Thanks
 

 

Link to post
Share on other sites

Thanks for signing on to help me.  I will start following your instructions this evening.

 

As an aside, I should tell you my recent system history, which might or might not have something to do with the current problem.

 

Earlier this month, the customer support center helped me recover from a double rootkit infection.  Afterwards all was well except for this very problem, cannot enable malicious website blocking.  That (relatively minor) problem was solved by running fixdamage.exe.  However, I deleted Anti-Rootkit, including fixdamage.exe, per my helper's cleanup instructions.

 

This might be a distraction, or it might be a hint as to what is going on.  But I strongly suspect the Adobe installation (from a CD), which took a long time, consumed much hard disk space, and immediately preceded this problem.

Link to post
Share on other sites

  • Root Admin

Can you please zip and upload one or two of the newer dump files from here.  The system is actually crashing bad enough that it's leaving dump logs.  Hopefully we'll be able to determine what's causing it with one of the logs.

 

C:\WINDOWS\Minidump\Mini020513-01.dmp
C:\WINDOWS\Minidump\Mini020513-02.dmp
C:\WINDOWS\Minidump\Mini053113-01.dmp
C:\WINDOWS\Minidump\Mini053113-02.dmp
C:\WINDOWS\Minidump\Mini053113-03.dmp
C:\WINDOWS\Minidump\Mini053113-04.dmp
C:\WINDOWS\Minidump\Mini053113-05.dmp
C:\WINDOWS\Minidump\Mini053113-06.dmp

 

Thanks

Link to post
Share on other sites

  • Root Admin

Yeah they did look old based on the file name but wasn't sure.  If they're that old I'd go ahead and delete them then.

 

Please do a full disk check and run the following for me.

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
 

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 03

Please download AdwCleaner by Xplode to your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 04

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Link to post
Share on other sites

YIPPEE!!  MBAM is back to full protection!!  I think it was probably AdwCleaner that did it.

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Mon 06/24/2013 at 23:33:42.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/24/2013 at 23:36:28.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner[s1].txt

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 01:04:10
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - SYSTEM2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.6 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\x8343lfc.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[s1].txt - [1869 octets] - [25/06/2013 01:04:10]

########## EOF - C:\AdwCleaner[s1].txt - [1929 octets] ##########

 

checkup.txt

 Results of screen317's Security Check version 0.99.67 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2011  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Windows Defender   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 31 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (3.6.6) Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.