Jump to content

Irritating trojan.dnschanger - IE won't work, MwB won't update


Recommended Posts

So I had a weird browser hijack about a week ago. Ran MwB and it removed 12 items from vendor 'Trojan.DNSChanger'. They're still sitting in the MwB Quarantine tab.

I still have the following symptoms: MwB won't update: "PROGRAM_ERROR_UPDATING (2,0,I/O error) / The system cannot find the file specified." And IE won't browse - always says page cannot be found. Other browsers are fine. These symptoms persist in different network environments; I've reset routers to factory settings, etc., and run ipconfig /flushdns

So, I must rely on you guys.. I will follow the instructions as I best understand.. The Attach.txt follow below; I am attaching the DDS and ARK files as well.

Thanks in advance for your help.

- Chris

------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 7/8/2011 1:02:57 PM

System Uptime: 7/29/2011 1:48:02 PM (1 hours ago)

.

Motherboard: Apple Inc. | | Mac-F4238BC8

Processor: Intel® Core2 Duo CPU T7700 @ 2.40GHz | U2E1 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 84 GiB total, 25.444 GiB free.

D: is CDROM ()

E: is FIXED (HFS) - 22 GiB total, 10.146 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth Device (Personal Area Network)

Device ID: BTH\MS_BTHPAN\6&20EA9A14&1&2

Manufacturer: Microsoft

Name: Bluetooth Device (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\6&20EA9A14&1&2

Service: BthPan

.

==== System Restore Points ===================

.

RP24: 7/21/2011 6:19:38 PM - Installed TortoiseSVN 1.6.16.21511 (32 bit)

RP25: 7/24/2011 3:26:21 PM - Installed Java 6 Update 23

RP26: 7/24/2011 4:17:21 PM - Installed Java 6 Update 26

RP27: 7/25/2011 10:33:30 AM - Installed Orb Runtime libraries

RP28: 7/28/2011 2:48:20 AM - Windows Update

RP29: 7/29/2011 12:10:54 PM - Installed inSSIDer 2.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Boot Camp Services

CCleaner

Definition update for Microsoft Office 2010 (KB982726)

Dropbox

ESET Smart Security

Evernote v. 4.4.2

File Shredder 2.0

FreeMind

Google Apps Migration For Microsoft Outlook® 2.1.1.234

Google Apps Sync™ for Microsoft Outlook® 2.3.45.1407

Google Calendar Sync

Google Chrome

Google Talk Plugin

Google Update Helper

ImgBurn

inSSIDer 2.0

iTunes

Java Auto Updater

Java 6 Update 26

KeePass Password Safe 2.15

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Mozilla Firefox 5.0 (x86 en-GB)

NVIDIA Drivers

Orb Runtime libraries

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Skype™ 5.1

Speccy

TightVNC 2.0.3

TortoiseSVN 1.6.16.21511 (32 bit)

Update for Microsoft Office 2010 (KB2494150)

VirtualCloneDrive

VLC media player 1.1.10

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)

Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)

Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)

Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)

Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)

Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)

Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)

Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)

Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)

Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)

Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)

Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)

Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)

Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)

Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)

Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)

Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)

Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)

Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)

Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)

Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)

Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)

Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)

Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)

Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)

Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)

Windows Driver Package - Intel System (07/20/2007 1.2.76.0)

Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

7/29/2011 10:35:34 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

7/29/2011 1:44:03 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/29/2011 1:34:55 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

7/28/2011 3:16:53 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

7/28/2011 11:43:20 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

7/28/2011 1:07:49 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

7/26/2011 1:38:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/26/2011 1:38:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/26/2011 1:38:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/26/2011 1:38:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/26/2011 1:38:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/26/2011 1:38:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/26/2011 1:38:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/26/2011 1:38:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/26/2011 1:35:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/26/2011 1:35:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/24/2011 4:11:52 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

7/24/2011 4:11:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/24/2011 4:11:22 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Reboot, then update MBAM, run a Quick Scan, and post its log.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.