PDA

View Full Version : Internet Explorer unable to connect



breakawayjade
2009-05-06, 03:59
I posted this before but the thread got closed and I couldn't reply.

Here was my origional post:
Recently my internet explorer stopped working. It says something about not being connected to the internet. I know I am connected and I have been able to access and play on fulltilt poker, as well as download updates on spybot and malwarebytes anti-malware program. I am not able to access internet on safemode either. I only have the ability to use internet explorer when i log into administrator under safemode with networking. I have ran malwarebytes quite a bit and deleted a few things, but its been clean for the past 3 times. Any suggestions would be helpful!
-----------
My current malwarebytes is clean and clear. Here are my backlogs:

Malwarebytes' Anti-Malware 1.28
Database version: 1235
Windows 5.1.2600 Service Pack 3

4/21/2009 6:14:17 PM
mbam-log-2009-04-21 (18-14-17).txt

Scan type: Quick Scan
Objects scanned: 55892
Time elapsed: 16 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:
C:\WINDOWS\system32\xkpawsi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33476a99-1997-4e9b-bdfe-70137762d75d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nftdxibg (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33476a99-1997-4e9b-bdfe-70137762d75d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b452b01-12c9-4286-81d9-2308aeb3cd94} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b452b01-12c9-4286-81d9-2308aeb3cd94} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tmvzmgms (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmvzmgms (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\xkpawsi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\219198\219198.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Delete on reboot.


--------

Malwarebytes' Anti-Malware 1.28
Database version: 1235
Windows 5.1.2600 Service Pack 3

4/22/2009 9:26:41 AM
mbam-log-2009-04-22 (09-26-41).txt

Scan type: Quick Scan
Objects scanned: 0
Time elapsed: 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------

Malwarebytes' Anti-Malware 1.36
Database version: 2026
Windows 5.1.2600 Service Pack 3

4/22/2009 8:52:15 PM
mbam-log-2009-04-22 (20-52-15).txt

Scan type: Quick Scan
Objects scanned: 84283
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
C:\Program Files\websrvx\websrvx.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bc72906-a51e-4f1f-bcde-e46cf9fc4418} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1bc72906-a51e-4f1f-bcde-e46cf9fc4418} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b3fa56cf-b3f9-4328-9802-cfaacea86646} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b3fa56cf-b3f9-4328-9802-cfaacea86646} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b3fa56cf-b3f9-4328-9802-cfaacea86646} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5b452b01-12c9-4286-81d9-2308aeb3cd94} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1bc72906-a51e-4f1f-bcde-e46cf9fc4418} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dll32 (Trojan.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\219198 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Delete on reboot.
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\exvsstwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\179223\179223.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Delete on reboot.
C:\Program Files\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy40.exe (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2803f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2832f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft3242f44.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\f23567.dat (Trojan.KoobFace) -> Quarantined and deleted successfully.

tashi
2009-05-06, 05:37
Hello,

I posted this before but the thread got closed and I couldn't reply.


Shaba had responded with a link to this forum's FAQ. ;)
http://forums.spybot.info/showthread.php?t=48329

So if you could start a new topic providing the HJT log. :)

Cheers

breakawayjade
2009-05-06, 05:59
yeah except I cant download hjt to the user im having problems with because there is no internet....

breakawayjade
2009-05-06, 06:12
I read the article and it says this:

If you have lost your Internet connection on the infected computer, or otherwise cannot post from that machine; you can download HJT to a clean PC if you have one. <---I dont

Do not use a usb/external hard drive that has been connected to the infected machine to transfer media!

So....Does that mean that I cant download it and transfer it from the administrator to the infected user with a usb hard drive?