Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Search Engine and select website access problems


  • Please log in to reply
10 replies to this topic

#1 LakeNormanTiger

LakeNormanTiger

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 05 August 2010 - 02:03 PM

All,

A fellow friend directed me to this site to help me determine what is wrong with my computer and to help find a solution.

That being said, I believe, about 10 days ago I downloaded a computer virus or trojan program. I have the following symptoms.

When I use a Internet Search Engines (Yahoo, Google, Bling, etc.), the search results are typically shopping sites (InfoMash.org, LocalMoxie.com, etc ). It does not matter about what I search for, these sites are typically listed as the result for every search. Also, everytime I hit the search key my virus protection software (Symantec) alerts me that a "SID:23621 HTTP Tidserv Request detected" has been detected. In addition to those symtoms, I can no longer access the company website (exchange) where I can access my company email account as well as a site where I can download "scanned" material (pdf files) from our scanning machines (big printer). I can still access my email when I am hardwired to the server at the office using OutLook express, I just can not access the email from the outside or inside using the internet websites that has been set up. I have also checked to insure this site is not down. I have accessed these web pages using a different computer.

My guess is that there is a trojan program that is altering my web browers (explorer). It appears to be able to modify my search engine requests behind the scenes thus instructing yahoo, google, etc. to produce a certain search result. The search result is never exactly the same, but a lot of the same websites are commonly listed (InfoMash.org, LocalMoxie.com, etc.) Also, it has affected my ability to access company websites.


To try and fix this problem my computer guy here at the office and I have done a full scan of my system using Symantec. We have also scanned my computer using Malwarebytz and Spybot Search and Destroy. We have done this multiple times but the symptoms still remain.

Does anyone have an idea on what this thing is and how to get rid of it?

Thanks for your help!
LNT

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 05 August 2010 - 02:23 PM

Hello,please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LakeNormanTiger

LakeNormanTiger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 05 August 2010 - 03:01 PM

boopme,

The following is the log that was produced.

2010/08/05 15:38:43.0416 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/05 15:38:43.0416 ================================================================================
2010/08/05 15:38:43.0416 SystemInfo:
2010/08/05 15:38:43.0416
2010/08/05 15:38:43.0416 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/05 15:38:43.0416 Product type: Workstation
2010/08/05 15:38:43.0416 ComputerName: HARTMANXPLAPV
2010/08/05 15:38:43.0416 UserName: Hartman
2010/08/05 15:38:43.0416 Windows directory: C:\WINDOWS
2010/08/05 15:38:43.0416 System windows directory: C:\WINDOWS
2010/08/05 15:38:43.0416 Processor architecture: Intel x86
2010/08/05 15:38:43.0416 Number of processors: 2
2010/08/05 15:38:43.0416 Page size: 0x1000
2010/08/05 15:38:43.0416 Boot type: Normal boot
2010/08/05 15:38:43.0416 ================================================================================
2010/08/05 15:38:43.0651 Initialize success
2010/08/05 15:39:15.0302 ================================================================================
2010/08/05 15:39:15.0302 Scan started
2010/08/05 15:39:15.0302 Mode: Manual;
2010/08/05 15:39:15.0302 ================================================================================
2010/08/05 15:39:17.0599 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/05 15:39:17.0708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/05 15:39:17.0724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/05 15:39:17.0802 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/05 15:39:17.0896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/05 15:39:17.0927 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2010/08/05 15:39:18.0005 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/05 15:39:18.0052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/05 15:39:18.0068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/05 15:39:18.0099 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/05 15:39:18.0130 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/05 15:39:18.0161 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/05 15:39:18.0208 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/05 15:39:18.0239 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/05 15:39:18.0255 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/05 15:39:18.0271 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/05 15:39:18.0333 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/08/05 15:39:18.0380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/05 15:39:18.0443 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/05 15:39:18.0474 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/05 15:39:18.0505 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/05 15:39:18.0599 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/05 15:39:18.0646 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/05 15:39:18.0693 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/05 15:39:18.0739 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/05 15:39:18.0833 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/05 15:39:18.0896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/05 15:39:18.0942 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/05 15:39:18.0974 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/05 15:39:19.0005 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/05 15:39:19.0067 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/05 15:39:19.0099 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/05 15:39:19.0146 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/05 15:39:19.0177 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/05 15:39:19.0224 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/05 15:39:19.0239 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/05 15:39:19.0333 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/08/05 15:39:19.0349 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/05 15:39:19.0380 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/05 15:39:19.0427 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/05 15:39:19.0489 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/05 15:39:19.0536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/05 15:39:19.0567 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/08/05 15:39:19.0583 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/08/05 15:39:19.0599 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/08/05 15:39:19.0614 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/08/05 15:39:19.0630 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/08/05 15:39:19.0646 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/08/05 15:39:19.0661 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/08/05 15:39:19.0677 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/08/05 15:39:19.0692 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/08/05 15:39:19.0708 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/08/05 15:39:19.0770 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/05 15:39:19.0817 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/05 15:39:19.0849 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/05 15:39:19.0927 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/05 15:39:19.0974 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/05 15:39:20.0005 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/05 15:39:20.0020 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/08/05 15:39:20.0036 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/08/05 15:39:20.0130 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/08/05 15:39:20.0192 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/08/05 15:39:20.0302 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/05 15:39:20.0364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/05 15:39:20.0380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/05 15:39:20.0395 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/05 15:39:20.0427 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/05 15:39:20.0458 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/05 15:39:20.0489 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/05 15:39:20.0520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/05 15:39:20.0567 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/05 15:39:20.0598 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/05 15:39:20.0630 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/05 15:39:20.0692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/05 15:39:20.0723 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/05 15:39:20.0802 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/05 15:39:20.0880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/05 15:39:20.0958 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/05 15:39:20.0989 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/05 15:39:21.0052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/05 15:39:21.0270 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/05 15:39:21.0489 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2010/08/05 15:39:21.0520 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/08/05 15:39:21.0583 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/05 15:39:21.0645 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/05 15:39:21.0692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/05 15:39:21.0723 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/05 15:39:21.0739 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/05 15:39:21.0786 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/05 15:39:21.0801 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/05 15:39:21.0848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/05 15:39:21.0880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/05 15:39:21.0911 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/05 15:39:22.0005 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/05 15:39:22.0083 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/05 15:39:22.0098 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/05 15:39:22.0114 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/05 15:39:22.0161 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/05 15:39:22.0208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/05 15:39:22.0254 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/05 15:39:22.0301 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/05 15:39:22.0333 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/05 15:39:22.0348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/05 15:39:22.0395 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/05 15:39:22.0442 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/05 15:39:22.0489 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/05 15:39:22.0551 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/05 15:39:22.0614 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/05 15:39:22.0661 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/05 15:39:22.0708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/05 15:39:22.0739 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/05 15:39:22.0786 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/05 15:39:22.0817 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/05 15:39:22.0848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/05 15:39:23.0020 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100805.003\NAVENG.SYS
2010/08/05 15:39:23.0067 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100805.003\NAVEX15.SYS
2010/08/05 15:39:23.0114 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/05 15:39:23.0145 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/05 15:39:23.0176 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/05 15:39:23.0192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/05 15:39:23.0207 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/05 15:39:23.0239 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/05 15:39:23.0254 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/05 15:39:23.0286 NetBT (e7d82e1fb3ba7ca9ad21e5041c941837) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/05 15:39:23.0286 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: e7d82e1fb3ba7ca9ad21e5041c941837, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2010/08/05 15:39:23.0286 NetBT - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/05 15:39:23.0332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/05 15:39:23.0364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/05 15:39:23.0442 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/05 15:39:23.0614 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/08/05 15:39:23.0645 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/05 15:39:23.0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/05 15:39:23.0707 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/05 15:39:23.0770 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
2010/08/05 15:39:23.0848 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
2010/08/05 15:39:23.0879 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
2010/08/05 15:39:23.0911 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
2010/08/05 15:39:23.0957 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
2010/08/05 15:39:23.0989 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/05 15:39:24.0051 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/05 15:39:24.0082 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/05 15:39:24.0114 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/05 15:39:24.0160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/05 15:39:24.0207 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/05 15:39:24.0223 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/05 15:39:24.0317 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/05 15:39:24.0348 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/05 15:39:24.0426 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/08/05 15:39:24.0504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/05 15:39:24.0567 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/05 15:39:24.0614 PTDMBus (785e1032c8f3c8c60aa8e2b7fe377869) C:\WINDOWS\system32\DRIVERS\PTDMBus.sys
2010/08/05 15:39:24.0629 PTDMMdm (924c2b2dca76d2bd7d44b3bb968b344f) C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys
2010/08/05 15:39:24.0692 PTDMVsp (58ad3ccdd567fa45fd94af15229ace7c) C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys
2010/08/05 15:39:24.0739 PTDMWWAN (49f773decbcd6a555c7a8694d37d232e) C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys
2010/08/05 15:39:24.0754 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/05 15:39:24.0817 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/05 15:39:24.0848 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/05 15:39:24.0879 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/05 15:39:24.0942 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/05 15:39:24.0957 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/05 15:39:24.0988 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/05 15:39:25.0020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/05 15:39:25.0051 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/05 15:39:25.0082 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/05 15:39:25.0098 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/05 15:39:25.0113 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/05 15:39:25.0145 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/05 15:39:25.0160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/05 15:39:25.0207 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/05 15:39:25.0270 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/05 15:39:25.0332 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/05 15:39:25.0395 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/05 15:39:25.0442 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/05 15:39:25.0504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/05 15:39:25.0551 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/05 15:39:25.0629 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/05 15:39:25.0676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/05 15:39:25.0754 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/05 15:39:25.0879 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/08/05 15:39:25.0926 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/05 15:39:26.0020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/05 15:39:26.0066 SRTSP (5e4985a84f13abf5727bed3c50bd7031) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/08/05 15:39:26.0098 SRTSPL (8117dca2cdf9d11c441c473dc9631655) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/08/05 15:39:26.0160 SRTSPX (5e89104af0dc94b659ea8ec3e66c3eeb) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/08/05 15:39:26.0207 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/05 15:39:26.0285 STHDA (5849f5d472a676ace7224fc2c656f4b2) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/05 15:39:26.0316 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/05 15:39:26.0379 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/05 15:39:26.0441 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/05 15:39:26.0457 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/05 15:39:26.0519 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/05 15:39:26.0566 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/05 15:39:26.0629 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/08/05 15:39:26.0691 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/08/05 15:39:26.0723 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/08/05 15:39:26.0769 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/05 15:39:26.0785 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/05 15:39:26.0863 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/05 15:39:26.0926 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/05 15:39:27.0004 SysPlant (f993e24ebbef8e9626fbea12a6b739f2) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2010/08/05 15:39:27.0098 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/05 15:39:27.0191 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/05 15:39:27.0238 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/05 15:39:27.0285 Teefer2 (62f7d6e6f7f4ee9e300ed9a945534486) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2010/08/05 15:39:27.0347 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/05 15:39:27.0410 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/05 15:39:27.0441 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/05 15:39:27.0488 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/05 15:39:27.0504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/05 15:39:27.0566 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/05 15:39:27.0582 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/05 15:39:27.0644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/05 15:39:27.0676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/05 15:39:27.0722 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/05 15:39:27.0801 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/05 15:39:27.0816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/05 15:39:27.0847 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/05 15:39:27.0926 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/05 15:39:28.0004 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/05 15:39:28.0019 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/05 15:39:28.0082 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/05 15:39:28.0113 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/05 15:39:28.0191 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/08/05 15:39:28.0269 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/05 15:39:28.0379 WPS (e5788aeeb08055e006d5074adfa5e1e8) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2010/08/05 15:39:28.0410 WpsHelper (a930c1d2a7d0cb01810c9912d101b83c) C:\WINDOWS\system32\drivers\WpsHelper.sys
2010/08/05 15:39:28.0519 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/05 15:39:28.0597 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/05 15:39:28.0660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/05 15:39:28.0754 ================================================================================
2010/08/05 15:39:28.0754 Scan finished
2010/08/05 15:39:28.0754 ================================================================================
2010/08/05 15:39:28.0769 Detected object count: 1
2010/08/05 15:43:02.0378 NetBT (e7d82e1fb3ba7ca9ad21e5041c941837) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/05 15:43:02.0378 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: e7d82e1fb3ba7ca9ad21e5041c941837, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2010/08/05 15:43:03.0034 Backup copy found, using it..
2010/08/05 15:43:03.0144 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2010/08/05 15:43:03.0144 Rootkit.Win32.TDSS.tdl3(NetBT) - User select action: Cure
2010/08/05 15:43:51.0140 Deinitialize success

#4 LakeNormanTiger

LakeNormanTiger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 05 August 2010 - 03:30 PM

boopme,

I dont think I am free and clear yet.

I still have the following symtoms:

1. When using a Internet Search Engines (Yahoo, Google, Bling, etc.), the search results are still typically shopping sites (InfoMash.org, LocalMoxie.com, etc ).
2. I am still having a problem accessing my companies email exchange website.


The following symtoms have disappeared.
1. I am no longer being advised by Symantec that a "SID:23621 HTTP Tidserv Request detected" has been detected.
2. I can now download "scanned" material (pdf files) from our scanning machines (big printer).


Thank your for your help thus far. If you have any other recomendations I would appreciate it.

Also, below. I have posted the last MBAM log from the quick scan as you requested.

Thanks
LNT


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2010 4:05:42 PM
mbam-log-2010-08-05 (16-05-42).txt

Scan type: Quick scan
Objects scanned: 166580
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 05 August 2010 - 03:58 PM

OK,that was good. Let's clean the Temp files and do a Safe mode scan and see how we are.
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 LakeNormanTiger

LakeNormanTiger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 05 August 2010 - 08:46 PM

Boopme,

I was unable to start the "safe mode". I am running windows xp. I tried using the F8 key but that did not work. I had an option to press F12 key for different options. It gave me four options. One of them was a diagnostic option. I tried opening it to see if there was a safe mode that I could select. But there was not one.

Is there another way to run the safe mode for windows xp? I have the two software programs downloaded and ready to go. That is all I have done so far.

Thanks for your help!

LNT

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 05 August 2010 - 09:03 PM

Ok, if this does not fix Safe mode use normal but let me know.
SafeBootKeyRepair.exe
Let us see if we can get Safe mode to run.

Please download and run SafeBootKeyRepair.exe.

Once it has completed, please try booting into Safe Mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 LakeNormanTiger

LakeNormanTiger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 06 August 2010 - 05:48 AM

Boopme,

I was unable to re boot into safe mode. So I ran both scans in normal mode as directed. I still believe I have the two main symtoms.

1. Search engine produces a certain type of search response. Several topics produce search results with similar websites (InfoMash, Infomoxies, etc.)
2. I can not acces my companies email exchange website from a remote location.

I will say that the internet seems to be running faster. Though that could be because it is early in the morning and everyone is still in bed. Also, the search results are starting to show 1 or 2 more realistic search results. So I believe it is getting better.

Again thank you for your help and let me know if there is any other options I can do to get my computer running correctly again.

Thanks
LNT

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2010 at 11:34 PM

Application Version : 4.41.1000

Core Rules Database Version : 5324
Trace Rules Database Version: 3136

Scan type : Complete Scan
Total Scan Time : 01:12:07

Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 9886
Registry threats detected : 1
File items scanned : 92726
File threats detected : 8

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

Adware.Tracking Cookie
cdn4.specificclick.net [ C:\Documents and Settings\hartman\Application Data\Macromedia\Flash Player\#SharedObjects\U3ZHG8XX ]
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8CYRYY93 ]

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 06 August 2010 - 09:55 AM

Hi, the inability to enter Safe mode is a serious issue. We will need to get a deep look and see if it is a malware that can be removed otherwise a reinstall will be the only repair.

Please go here.... You will wait a few days for a reply.
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 LakeNormanTiger

LakeNormanTiger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 09 August 2010 - 07:43 AM

Boopme,
Thank you for all of your help. After discussing this with my system admistrator, we believe the best course of action is to wipe my computer and re-install my operating system. Again, thank you for all of your help in regarding this matter!
LNT

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:40 PM

Posted 09 August 2010 - 02:54 PM

You're welcome. Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.


Caution: If you are considering backing up data and reformatting, keep in mind, with a Virut infection, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users