Ran some Malware removal, now getting several .dll not found errors on bootup

I seemed to have some type of malware infection recently. The first thing I had was some type of re-directing that was causing my computer to redirect to some page with the root URL: do_check.s3.amazonaws.com/index.html?AWSAccessKeyId=

I've had McAfee set up on my computer for awhile (I know it's not the best and hadn't had any issue in nearly 2-3 years), so I sort of forgot about MajorGeeks (the last time I got help here, I recall running HiJack This, Shredder, and CC Cleaner, amongst other things... those were di rigeur circa 2007, I think).

This time, I tried running some basic cleaners (SpyDoctor; Adaware), since McAfee was not recognizing an issue, but these didn't seem to help. I then somehow got infected with the ThinkPoint malware, as well (must have accidentally loaded it when I was trying to run these different spyware programs).

Then I found some instructions at 'comptuing.net' that I followed, before eventually finding my way back here. Here is what I ran per the instructions at computing.net

1) Ran a CC Cleaner and removed various backup programs.
2) Booted up in safe-mode w/networking and ran rxkill.exe
3) Also ran TDSSKiller and found the rootkit.win32 malware and removed it
4) Ran Malwarebytes and removed more problem files.
5) Ran Combofix, as well.

I'll add the individual log files for all of these below.

After running all of this, I've been getting a host of .dll errors when I boot up, and some programs (like Yahoo Messenger) have had issues running.

Initially, I saw a 'rundll32.exe' error, followed by a 'Run dll as an app' request. Since then, these are the .dll that I get errors for (computer says these .dll don't exist)

oposebevax.dll
rdbdeg.dll
o1dzaguwg.dll
nfbmm.dll

I wish I had remembered to check this forum first, but I hadn't had issues in such a long time.. ah well. Here are the logs.

Any and all help would be greatly appreciated.


TDSSKiller
ComboFix

 

Thanks. I'm at work until later this evening, but I'll find the MalwareBytes log file and attach it, and I'll get the SuperAntispyware and MGTools programs and run those as well.

BTW - A couple updates. I uninstalled IE 8.0 from the Windows components to try and load up a clean version of it (I use Fierfox and Chrome mostly, but was doing this to try and eliminate another source of explorer errors I was getting). I have no idea if that caused the following error, or this error just evolved from something else, but I could no longer boot up my computer in normal mode or even the last successful build mode; I can only boot up the computer in safe mode.

I've actually submitted a ticket with Microsoft Customer Care separately to see if they can shed light on that. Not sure if this is something that you have any clue about, as well. The blue screen I get when trying to startup in regular mode has the following errors:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

*** STOP: 0X000000D1 (0xBA5EC000,0x00000002, 0x00000000, 0xB9E8D741)

*** otsaf.sys - Address B9E8D741 base at B9E89000, DateStamp 4ce62b77

Along with that, it has a bunch of instructions saying that if this is seen repeatedly, it could be a bad piece of hardware or software that has been installed (which is why I suspected something with the IE 8 uninstall and reinstall).

 

Was not able to run the reports yesterday, as there was, of course, a power outage at my house last night (when it rains, it pours).

I did pull the MalwareBytes log this morning though. I'll run the other two tonight and post those logs afterwards.

Thanks.

 

I'm pretty sure I ran the removal. I ran the MalwareBytes again just to see, and this time no 'threats' were found (see updated MB log). So, here are the other two logs as well. Hopefully there's something I can do moving forward.

 

Well, that might explain things. I downloaded the version off the 'Read Me' link, but I must have somehow gotten an older version. Odd. I'll download that again later today and re-post the updated log.

 

I'm just taking precautions, but I will not remove usernames, etc. in future runs. As far as the update of MB is concerned, it won't allow me to run the update. I get the following error:

MBAM_ERROR_UPDATING (12007, 0, WinHTTPSendRequest)

I'll be out of town for the next few days to visit relatives. Thanks for all the help.

Happy Thanksgiving.

 

BTW - I tried uninstalling the program, running mbam-clean.exe, and then re-installing, per some instructions I've seen on the MalwareBytes site (see thread - http://forums.malwarebytes.org/index.php?showtopic=68196), but that method did not work.

I tried running their traceroute program, and got the following response for all three phases of the test

------------------------
Tracerouting: llnw.data-cdn.mbamupdates.com
Unable to resolve target system name llnw.data-cdn.mbamupdates.com.


DNS Info
Server: UnKnown
Address: 192.168.1.1

-------------------------

 

Sorry for the long delay. After returning from my extended Thanksgiving Holiday, I found that I could not even reboot my computer in safe mode. I can get to the option screen on the mode I want to boot up in, but when I would select "Safe Mode with Networking" or even simply "Safe Mode," the various .exe would start loading, and, before the page even got to scrolling (about 20-25 lines down), it would just hang.

I'll try to record the exact .exe that it hangs on, but it was something like "insys.exe" I had to hard stop the computer (power down) to be able to get off the screen.

At this point, I'm considering just trying to save the files off my computer and getting a new tower with Windows 7 running on it, as I was in need of a memory upgrade, anyway. If you think it's still salvageable, I can continue to try and fix this issue; I'm just hoping I can get my important files that I had not yet backed up (my last backup was about 3 months ago), off this one.

A few other details regarding my setup/situation..

- I access the internet via a wireless network.
- The hub computer runs Vista.
- The hub computer has also, apparently, been having some issues. Namely, the internet connection has slowed considerably, the CPU seems to be running slow, and several pages keep popping up windows that are variations of "google-analytics.com" or "googlesyndication.com." I'm assuming these are not legitimate google pages.
- I was just made aware of these issue upon my return, but it has been ongoing since about the same time my issues started (i.e., I'm not sure if they are related. Is it possible for these malware to be sent across the wireless connection?)

I can post the logs from the hub computer as well, if it might help. The issues on it don't seem as severe (i.e., no accidental Think Point installation), but if this malware can be spread via the connection, I think the first thing to do might be to fix the hub.

One reason I ask about the malware over the wireless issue is that I actually saw some odd behavior on my IPad recently that occurred while accessing the internet via WiFi. My IPad actually popped up some random pages while surfing some tech websites (Mashable) on the Safari browser. One random page was something regarding "lycos yellow pages" that offered up search results on a topic I had searched on google prior to going to Mashable, a very spyware/malware like behavior. I could not recreate this issue when accessing the internet via a different WiFi connection.

Thanks again for your patience and all of your help.