Jump to content

Netta83

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the log from DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Run by Netta at 16:02:38 on 2012-03-31 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: mantech.com Trusted Zone: mantech.com\psportal Trusted Zone: mantech.com\psweb DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://ehqpm1.everest.nu/dwa7W.cab DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5570/mcfscan.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{2BE82E51-258F-46BE-A445-1FEB0E675EAD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\netta\application data\mozilla\firefox\profiles\xlq94w1m.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\netta\application data\mozilla\firefox\profiles\xlq94w1m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox FF - Ext: AVG Security Toolbar em:version=3.011.025.005 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-03-31 19:35:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-31 03:06:54 2 ----a-w- c:\windows\system32\tracert.com 2012-03-31 03:06:54 2 ----a-w- c:\windows\system32\cmd.com 2012-03-31 03:06:53 2 ----a-w- c:\windows\system32\tasklist.com 2012-03-31 03:06:53 2 ----a-w- c:\windows\system32\ping.com 2012-03-31 03:06:53 -------- d-----w- c:\program files\winupdates 2012-03-31 01:41:42 -------- d-----w- c:\documents and settings\netta\local settings\application data\PCHealth 2012-03-31 00:10:54 -------- d-----w- c:\documents and settings\netta\application data\AVG Secure Search 2012-03-30 20:51:56 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-03-30 20:48:18 -------- dc----w- c:\documents and settings\all users\Microsoft 2012-03-30 20:48:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-03-30 20:35:09 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2012-03-30 20:31:04 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2012-03-30 20:26:10 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2012-03-30 20:16:16 105472 ------w- c:\windows\system32\dllcache\mup.sys 2012-03-30 20:07:51 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2012-03-30 20:07:26 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys 2012-03-30 20:07:04 3072 ------w- c:\windows\system32\iacenc.dll 2012-03-30 20:07:04 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-03-30 20:01:01 45568 ------w- c:\windows\system32\dllcache\wab.exe 2012-03-30 19:27:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-03-30 19:19:05 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-03-29 16:51:18 -------- d-----w- c:\windows\system32\cache 2012-03-28 17:59:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-28 17:37:56 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{af4339c6-799e-45cb-aece-b376d46883d8}\mpengine.dll 2012-03-28 14:05:55 -------- dc----w- c:\documents and settings\all users\application data\AVG Secure Search 2012-03-28 14:05:35 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-03-28 14:05:08 -------- d-----w- c:\program files\AVG Secure Search 2012-03-28 14:03:49 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files 2012-03-28 04:45:13 -------- d-----w- c:\windows\system32\scripting 2012-03-28 04:45:08 -------- d-----w- c:\windows\l2schemas 2012-03-28 04:45:02 -------- d-----w- c:\windows\system32\en 2012-03-28 04:45:00 -------- d-----w- c:\windows\system32\bits 2012-03-28 03:00:50 -------- d-----w- c:\windows\EHome 2012-03-28 00:18:31 -------- d-----w- c:\documents and settings\netta\application data\Malwarebytes 2012-03-28 00:14:27 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes 2012-03-28 00:14:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-28 00:14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 23:24:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2012-03-27 23:24:57 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys . ==================== Find3M ==================== . 2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 16:06:04.76 ===============
  2. Here is the MBAM LOG: mbam-log-2012-03-30 (19-44-04) Database version: v2012.03.29.06 Scan type: Quick Scan Scan options disabled: P2P Registry Keys Detected: 1 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MYWEBSEARCH) - > Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY (PUM.DISABLE.SECURITYCENTER) -> BAD: (1) GOOD: (0) -> QUARANTINED AND REPAIRED SUCCESSFULLY HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY (PUM.DISABLE.SECURITYCENTER) -> BAD: (1) GOOD: (0) -> QUARANTINED AND REPAIRED SUCCESSFULLY FOLDERS DETECTED: 1 C:\PROGRAM FILES\winupdates (worm.P2P) -> Quarantined and deleted successfully Files Detected: 5 C:\Documents and Settings\Netta\Desktop\Speedscan_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully C:\Windows\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully C:\Windows\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully C:\Windows\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully C:\Windows\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully Thank you!
  3. After scanning the above, I rebooted my pc and cable modem twice, no luck. I typed in ipconfig /release and ipconfig /renew, but no luck. I did type in ipconfig /all and nothing came up, no gateway or ip address showed up. Please help...
  4. Hello all, I just quick scanned my Win XP laptop with MWB trial version app. Well, it found 9 infected files some were in my registry and program files. After removing them & rebooting when I tried to access the web I get an error message: error 105. Unable to resolve dns server address. I don't know what to do....this is the only PC I have. Please help
  5. Also, it appears I had several worms on my PC. A few were in my registry and program files.
  6. Hello all, I just scanned my Win XP laptop wit MWB it found a total of 9 infected files, I removed those files, and rebooted my laptop. When I tried to log onto the internet after rebooting, I get the following: error 105(net:: err_name_not_resolved):unable to resolve the servers DNS address." I've rebooted my pc and cable modem twice, no luck. I typed in ipconfig /release and ipconfig /renew, but no luck. I did type in ipconfig /all and nothing came up, no gateway or ip address showed up. Please help... Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.