Jump to content

After removing malware unable to access internet

Netta83

By Netta83
in Resolved Malware Removal Logs

 Share

Recommended Posts

Netta83

Netta83

Posted
Posted

Hello all,

I just quick scanned my Win XP laptop with MWB trial version app. Well, it found 9 infected files some were in my registry and program files. After removing them & rebooting when I tried to access the web I get an error message: error 105. Unable to resolve dns server address. I don't know what to do....this is the only PC I have. Please help

Link to post
Share on other sites
Netta83

Netta83

Posted
  • Author
Posted

Here is the MBAM LOG:

mbam-log-2012-03-30 (19-44-04)

Database version: v2012.03.29.06

Scan type: Quick Scan

Scan options disabled: P2P

Registry Keys Detected: 1

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MYWEBSEARCH) - > Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY (PUM.DISABLE.SECURITYCENTER) -> BAD: (1) GOOD: (0) -> QUARANTINED AND REPAIRED SUCCESSFULLY

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY (PUM.DISABLE.SECURITYCENTER) -> BAD: (1) GOOD: (0) -> QUARANTINED AND REPAIRED SUCCESSFULLY

FOLDERS DETECTED: 1

C:\PROGRAM FILES\winupdates (worm.P2P) -> Quarantined and deleted successfully

Files Detected: 5

C:\Documents and Settings\Netta\Desktop\Speedscan_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully

C:\Windows\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully

C:\Windows\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully

C:\Windows\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully

C:\Windows\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully

Thank you!

Link to post
Share on other sites
Netta83

Netta83

Posted
  • Author
Posted

Here is the log from DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Run by Netta at 16:02:38 on 2012-03-31

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: mantech.com

Trusted Zone: mantech.com\psportal

Trusted Zone: mantech.com\psweb

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab

DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://ehqpm1.everest.nu/dwa7W.cab

DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5570/mcfscan.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{2BE82E51-258F-46BE-A445-1FEB0E675EAD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\netta\application data\mozilla\firefox\profiles\xlq94w1m.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\netta\application data\mozilla\firefox\profiles\xlq94w1m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

FF - Ext: AVG Security Toolbar em:version=3.011.025.005 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast -

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-03-31 19:35:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-31 03:06:54 2 ----a-w- c:\windows\system32\tracert.com

2012-03-31 03:06:54 2 ----a-w- c:\windows\system32\cmd.com

2012-03-31 03:06:53 2 ----a-w- c:\windows\system32\tasklist.com

2012-03-31 03:06:53 2 ----a-w- c:\windows\system32\ping.com

2012-03-31 03:06:53 -------- d-----w- c:\program files\winupdates

2012-03-31 01:41:42 -------- d-----w- c:\documents and settings\netta\local settings\application data\PCHealth

2012-03-31 00:10:54 -------- d-----w- c:\documents and settings\netta\application data\AVG Secure Search

2012-03-30 20:51:56 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-03-30 20:48:18 -------- dc----w- c:\documents and settings\all users\Microsoft

2012-03-30 20:48:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-03-30 20:35:09 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2012-03-30 20:31:04 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2012-03-30 20:26:10 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2012-03-30 20:16:16 105472 ------w- c:\windows\system32\dllcache\mup.sys

2012-03-30 20:07:51 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2012-03-30 20:07:26 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys

2012-03-30 20:07:04 3072 ------w- c:\windows\system32\iacenc.dll

2012-03-30 20:07:04 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-03-30 20:01:01 45568 ------w- c:\windows\system32\dllcache\wab.exe

2012-03-30 19:27:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-03-30 19:19:05 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-03-29 16:51:18 -------- d-----w- c:\windows\system32\cache

2012-03-28 17:59:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-28 17:37:56 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{af4339c6-799e-45cb-aece-b376d46883d8}\mpengine.dll

2012-03-28 14:05:55 -------- dc----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-03-28 14:05:35 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-03-28 14:05:08 -------- d-----w- c:\program files\AVG Secure Search

2012-03-28 14:03:49 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files

2012-03-28 04:45:13 -------- d-----w- c:\windows\system32\scripting

2012-03-28 04:45:08 -------- d-----w- c:\windows\l2schemas

2012-03-28 04:45:02 -------- d-----w- c:\windows\system32\en

2012-03-28 04:45:00 -------- d-----w- c:\windows\system32\bits

2012-03-28 03:00:50 -------- d-----w- c:\windows\EHome

2012-03-28 00:18:31 -------- d-----w- c:\documents and settings\netta\application data\Malwarebytes

2012-03-28 00:14:27 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-28 00:14:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 00:14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 23:24:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2012-03-27 23:24:57 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

.

==================== Find3M ====================

.

2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 16:06:04.76 ===============

Link to post
Share on other sites
  • 1 month later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello netta83,

Due to your posting 2 additional posts (after your original) and NOT waiting for an expert-helper to reply to your original posting, your topic was easily overlooked.

Please advise if you have since resolved your issues.

If not and if you need guided help,

run a fresh run of MBAM, do an Update run, then press Scanner and do a quick scan.

Then run a fresh DDS run. Copy & Paste the new MBAM log and the new DDS logs.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.