Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect virus with Win XP


  • This topic is locked This topic is locked
2 replies to this topic

#1 fujisan

fujisan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 18 November 2010 - 11:23 AM

Hi. My thinkpad with windows XP Pro has a browser redirect virus and I am hoping to get some help on removing it manually.

I have tried multiple anti-malware programs (mbam, TDSSkiller,spyware doctor)but have not been successful. I even did a complete windows xp reinstall, saving no files, from the thinkpad recovery cds and as I loaded kaspersky Internet Security (as fast as I could), I was already being redirected. I get a google analytics page and then a window that asks me to click to continue. If I click the back button, I can often get back to the previous page and sometimes I can get to the site I was seeking. I also get pages that simply will not load and I get a message that says the site is unavailable. I get it with Internet Explorer, Firefox, and Opera.

Even when I get to the site I want, it is slow or disfunctional. For example, when I go to the Lenovo outlet site, it is slow and I can't use many of the search refinement options like choosing an operating system or whether the machine is new or refurbished.

For what is is worth, I also bought a new computer (another thinkpad with windows 7) and within 20 minutes of going online, it was also infected with what seemed like the same virus. I did not transfer any files or attach any external drives. I don't want help with this computer (I returned it) but thought the info might be helpful.

MY Attach.txt and ark.txt files are attached and my DDS log is below. Thank you.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Paul at 10:02:28.93 on Thu 11/18/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.525 [GMT -8:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Paul\My Documents\dds.scr

============== Pseudo HJT Report ===============

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\\ibmmessages.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [NAV CfgWiz] "c:\program files\norton antivirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCTRAY] c:\program files\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
LSA: Notification Packages = scecli pwdmon

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\ywn5on4m.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2010-11-17 14208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-17 475736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-13 197752]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-13 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-8-18 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050504.016\NAVENG.Sys [2010-11-17 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050504.016\NavEx15.Sys [2010-11-17 632000]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2004-7-23 335504]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2010-11-17 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-18 66688]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-13 78968]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2010-11-17 12288]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2010-11-18 17:14:55 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2010-11-18 17:14:52 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-11-18 09:13:29 -------- d-----w- c:\windows\system32\PreInstall
2010-11-18 09:13:28 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-18 09:12:01 -------- d-----w- c:\program files\MSXML 4.0
2010-11-18 08:59:21 388096 ----a-r- c:\docume~1\paul\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-18 08:59:21 -------- d-----w- c:\program files\Trend Micro
2010-11-18 08:17:25 -------- d-----w- c:\docume~1\paul\locals~1\applic~1\Opera
2010-11-18 07:57:02 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2010-11-18 07:57:02 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-11-18 07:57:02 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-11-18 07:30:41 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-11-18 07:30:37 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2010-11-18 07:30:33 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-11-18 07:30:32 1315840 ------w- c:\windows\system32\dllcache\msoe.dll
2010-11-18 07:30:22 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-11-18 07:26:39 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-18 07:26:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-18 07:26:27 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-11-18 01:42:46 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-18 01:42:46 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-18 01:40:49 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-18 01:40:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-11-18 01:33:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-11-18 01:26:45 -------- d-s---w- c:\documents and settings\paul\UserData
2010-11-18 01:22:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-18 00:22:18 -------- d-----w- C:\DRIVERS
2010-11-18 00:00:10 -------- d-sh--w- C:\Recycled
2010-11-17 23:59:09 16384 ----a-w- c:\windows\PWMBTHLP.EXE
2010-11-17 23:59:08 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-11-17 23:55:45 77824 ----a-w- c:\windows\system32\QCONSVC.EXE
2010-11-17 23:55:45 577536 ----a-w- c:\windows\system32\tvt_gina.dll
2010-11-17 23:55:45 282624 ----a-w- c:\windows\system32\tvt_gina_api.dll
2010-11-17 23:55:45 262144 ----a-w- c:\windows\system32\QConGina.dll
2010-11-17 23:55:43 2432 ----a-w- c:\windows\system32\drivers\IBMBLDID.SYS
2010-11-17 23:55:43 12288 ----a-w- c:\windows\system32\drivers\qcndisif.sys
2010-11-17 23:55:43 11520 ----a-w- c:\windows\system32\drivers\ANC.sys
2010-11-17 23:54:02 -------- d-----w- C:\IBMSHARE
2010-11-17 23:53:44 32256 ----a-w- c:\windows\system32\drivers\psasrv.exe
2010-11-17 23:53:44 13184 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-11-17 23:50:38 -------- d-----w- c:\program files\Norton AntiVirus
2010-11-17 23:50:12 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-17 23:50:12 103952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-17 23:50:04 -------- d-----w- c:\program files\Symantec
2010-11-17 23:50:04 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-17 23:50:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-11-17 23:49:48 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-17 23:49:47 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-17 23:49:47 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-17 23:49:47 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-17 23:49:47 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-17 23:49:46 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-17 23:49:40 -------- d-----w- c:\program files\InterVideo
2010-11-17 23:49:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\ibm
2010-11-17 23:49:14 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-11-17 23:48:50 -------- d-----w- C:\icons
2010-11-17 23:48:26 12416 ----a-w- c:\windows\system32\drivers\PcdrNdisuio.sys
2010-11-17 23:48:15 -------- d-----w- c:\program files\PC-Doctor for Windows
2010-11-17 23:46:46 -------- d-----w- c:\windows\system32\thinkpad_features
2010-11-17 23:46:31 61440 ----a-w- c:\windows\system32\IBMJavaPlugin142.cpl
2010-11-17 23:46:23 -------- d-----w- c:\program files\IBM
2010-11-17 23:44:18 -------- d-----w- c:\program files\Windows Media Connect
2010-11-17 23:43:08 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-11-17 23:40:35 -------- d-----w- c:\program files\Digital Line Detect
2010-11-17 23:40:32 -------- d-----w- c:\program files\NetWaiting
2010-11-17 23:40:27 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-17 23:40:25 -------- d-----w- c:\program files\CONEXANT
2010-11-17 23:38:41 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-17 23:37:42 1671168 ----a-w- c:\windows\system32\W29MLRES.DLL
2010-11-17 23:35:35 9340 ----a-w- c:\windows\system32\drivers\TDSMAPI.SYS
2010-11-17 23:35:35 34816 ----a-w- c:\windows\system32\TP98.CPL
2010-11-17 23:35:34 14848 ----a-w- c:\windows\system32\drivers\SMAPINT.SYS
2010-11-17 23:35:12 6016 ----a-w- c:\windows\system32\drivers\TPInput.sys
2010-11-17 23:35:12 2086 ----a-w- c:\windows\system32\SMBIOS.bin
2010-11-17 23:35:12 14208 ----a-w- c:\windows\system32\drivers\TPDiskPM.sys
2010-11-17 23:31:15 -------- d-----w- c:\windows\system32\URTTemp
2010-11-17 23:30:47 -------- d--h--w- c:\windows\$hf_mig$
2010-11-17 23:30:38 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2010-11-17 23:30:38 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2010-11-17 23:29:59 -------- d-----w- c:\windows\RegisteredPackages
2010-11-17 23:26:55 9344 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-11-17 23:26:53 14080 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-11-17 23:26:53 14080 ----a-w- c:\windows\system32\drivers\battc.sys
2010-11-17 23:26:22 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-17 23:26:21 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-11-17 23:25:24 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-11-17 23:25:21 27136 ----a-w- c:\windows\system32\irmon.dll
2010-11-17 23:25:20 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2010-11-17 23:25:20 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-11-17 23:25:20 152576 ----a-w- c:\windows\system32\irftp.exe
2010-11-17 23:25:18 28672 ----a-w- c:\windows\system32\drivers\nscirda.sys
2010-11-17 23:25:12 -------- d-----w- c:\program files\Synaptics
2010-11-17 23:08:56 24576 ----a-w- c:\windows\system32\tphklock.dll
2010-11-17 23:08:56 16370 ----a-w- c:\windows\system32\drivers\TPHKDRV.sys
2010-11-17 23:07:21 -------- d-----w- C:\IBMTOOLS

==================== Find3M ====================


============= FINISH: 10:05:54.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 18 November 2010 - 02:42 PM

Hi fujisan,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

The log doesn't explain the issue but I suspect something and need to verify.

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove all the instance of Norton.

    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    echo.------------------>>log1.txt
    dir /a/s C:\DRIVERS >>log1.txt
    echo.------------------>>log1.txt
    dir /a/s C:\Recycled>>log1.txt
    start Log1.txt
    del %0
    

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click test.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 25 November 2010 - 01:16 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users