TechSpot

URL Violations and cannot access search engines

Inactive
By kwright5953
Sep 22, 2011
  1. I have a computer at work that cannot access any search engine, let alone google.com. Each time the employee tries to access the webpage, he receives the IE error, cannot connect message. I have seen others on this forum post with similar problems and have followed the virus/ malware steps listed in this forum. We are using Trend Micro Worry Free Business Security Suite, but it cannot eliminate this problem, but Trend Micro is successfully blocking the machines attempts to access numerous URLs, every 2 minutes or so. I would like to avoid doing a full hard drive wipe and reformat, if possible. Please advise and thank you in advance for any help.

    Pasted Logs as follows:
    Malwarebytes:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7766

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/21/2011 8:02:51 PM
    mbam-log-2011-09-21 (20-02-51).txt

    Scan type: Quick scan
    Objects scanned: 315721
    Time elapsed: 52 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Backdoor.IRCBot) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\zcollins\local settings\Temp\5622.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\krcuet\setup.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    c:\documents and settings\zcollins\local settings\temporary internet files\Content.IE5\JC1UPAZZ\file[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\zcollins\local settings\temporary internet files\Content.IE5\XZPMFNR1\file[1].exe (Malware.Gen) -> Quarantined and deleted successfully.

    GMER Log
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-22 08:31:07
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
    Running: gs2ih4bw.exe; Driver: C:\DOCUME~1\zcollins\LOCALS~1\Temp\uxldipob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86F0331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86F0331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86F0331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86F0331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86F0331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 86F0331B

    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:124] 86E8E121
    Thread System [4:376] 86DFDB90

    ---- EOF - GMER 1.0.15 ----


    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by zcollins at 8:44:56 on 2011-09-22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.496 [GMT -4:00]
    .
    AV: Trend Micro Security Agent *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.highpointengineering.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\zcollins\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {13AEBFDE-CA17-4423-AADE-59BD76C7BDA7} - hxxps://www51.dot.ny.gov/mft/upload/activex_packager.ocx
    DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxps://projects.bovislendlease.com/pw/mpsPwLc7.CAB
    DPF: {88448E4B-4286-401F-BB90-A1765E8B104C} - hxxps://www51.dot.ny.gov/mft/LiteCopy/lc_client_activex.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.ads-pipe.com/dwf/DwfViewerSetup.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://www.realquest.com/mapviewer/mapviewer.cab
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\security agent\uiframework\ProToolbarIMRatingActiveX.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    Hosts: 74.55.76.230 www.google-analytics.com.
    Hosts: 74.55.76.230 ad-emea.doubleclick.net.
    Hosts: 74.55.76.230 www.statcounter.com.
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-9-8 736672]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-9-14 65296]
    R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-9-14 196320]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-23 30192]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADLTScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-09-22 12:41:18 607260 ------r- C:\dds.scr
    2011-09-21 22:16:44 -------- d-----w- c:\documents and settings\zcollins\application data\Malwarebytes
    2011-09-21 22:16:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-21 22:16:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-21 22:16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-21 15:19:19 -------- d-----w- C:\sh4ldr
    2011-09-21 15:19:19 -------- d-----w- c:\program files\Enigma Software Group
    2011-09-21 15:18:17 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
    2011-09-21 15:18:10 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-09-15 12:42:25 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-09-14 05:00:21 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2011-09-14 05:00:21 65296 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2011-09-14 05:00:21 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-09-14 04:58:54 -------- d-----w- c:\program files\Trend Micro
    2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-08-25 20:25:09 -------- d-----w- c:\program files\CEES
    2011-08-24 21:38:51 -------- d-----w- c:\documents and settings\zcollins\local settings\application data\Check
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F034D0]<< >>UNKNOWN [0x86E2B5B9]<<
    _asm { INT 3 ; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f097d0]; MOV EAX, [0x86f0984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F70AB8]
    3 CLASSPNP[0xF7643FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006a[0x86FE2400]
    5 ACPI[0xF74CA620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F82940]
    \Driver\atapi[0x86F4FB58] -> IRP_MJ_CREATE -> 0x86F034D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x86F0331B
    NDIS: Intel(R) 82562V-2 10/100 Network Connection -> SendHandler -> 0x867492a0
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 8:46:32.70 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/11/2008 10:29:47 AM
    System Uptime: 9/21/2011 8:04:46 PM (12 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 229 GiB total, 191.224 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP791: 6/25/2011 1:14:37 AM - System Checkpoint
    RP792: 6/26/2011 7:14:41 AM - System Checkpoint
    RP793: 6/27/2011 7:08:24 PM - System Checkpoint
    RP794: 6/28/2011 7:14:50 PM - System Checkpoint
    RP795: 6/29/2011 1:00:45 PM - Software Distribution Service 3.0
    RP796: 6/30/2011 7:39:28 PM - System Checkpoint
    RP797: 7/2/2011 1:35:54 AM - System Checkpoint
    RP798: 7/3/2011 7:35:55 AM - System Checkpoint
    RP799: 7/4/2011 1:23:58 PM - System Checkpoint
    RP800: 7/5/2011 7:25:09 PM - System Checkpoint
    RP801: 7/7/2011 1:24:05 AM - System Checkpoint
    RP802: 7/8/2011 7:36:10 AM - System Checkpoint
    RP803: 7/9/2011 1:24:14 PM - System Checkpoint
    RP804: 7/10/2011 7:24:13 PM - System Checkpoint
    RP805: 7/12/2011 1:24:18 AM - System Checkpoint
    RP806: 7/13/2011 7:36:21 AM - System Checkpoint
    RP807: 7/13/2011 1:00:33 PM - Software Distribution Service 3.0
    RP808: 7/14/2011 4:02:48 PM - System Checkpoint
    RP809: 7/15/2011 9:22:39 PM - System Checkpoint
    RP810: 7/17/2011 3:22:40 AM - System Checkpoint
    RP811: 7/18/2011 9:34:08 AM - System Checkpoint
    RP812: 7/19/2011 6:29:57 PM - System Checkpoint
    RP813: 7/20/2011 6:49:38 PM - System Checkpoint
    RP814: 7/22/2011 3:10:52 AM - System Checkpoint
    RP815: 7/23/2011 9:22:58 AM - System Checkpoint
    RP816: 7/24/2011 3:10:57 PM - System Checkpoint
    RP817: 7/25/2011 6:07:28 PM - System Checkpoint
    RP818: 7/26/2011 6:37:05 PM - System Checkpoint
    RP819: 7/27/2011 10:30:43 PM - System Checkpoint
    RP820: 7/28/2011 9:26:22 AM - Installed HP Web Registration
    RP821: 7/29/2011 5:56:23 PM - System Checkpoint
    RP822: 7/30/2011 6:26:06 PM - System Checkpoint
    RP823: 7/31/2011 7:23:10 PM - System Checkpoint
    RP824: 8/1/2011 3:07:46 PM - Installed Meridian Systems Prolog WebSite 2008 Client (HF1).
    RP825: 8/2/2011 7:55:47 PM - System Checkpoint
    RP826: 8/3/2011 8:23:07 PM - System Checkpoint
    RP827: 8/4/2011 8:43:03 PM - System Checkpoint
    RP828: 8/5/2011 9:35:13 PM - System Checkpoint
    RP829: 8/6/2011 10:23:10 PM - System Checkpoint
    RP830: 8/7/2011 11:23:13 PM - System Checkpoint
    RP831: 8/8/2011 2:02:54 PM - Installed ReConWall
    RP832: 8/9/2011 6:00:34 PM - System Checkpoint
    RP833: 8/10/2011 6:49:56 PM - System Checkpoint
    RP834: 8/12/2011 12:32:54 AM - System Checkpoint
    RP835: 8/13/2011 6:21:01 AM - System Checkpoint
    RP836: 8/13/2011 9:00:19 PM - Software Distribution Service 3.0
    RP837: 8/15/2011 3:29:43 AM - System Checkpoint
    RP838: 8/16/2011 12:13:13 PM - System Checkpoint
    RP839: 8/17/2011 6:01:58 PM - System Checkpoint
    RP840: 8/18/2011 9:41:57 PM - System Checkpoint
    RP841: 8/20/2011 3:29:59 AM - System Checkpoint
    RP842: 8/21/2011 9:54:34 AM - System Checkpoint
    RP843: 8/22/2011 7:48:45 PM - System Checkpoint
    RP844: 8/23/2011 9:42:10 PM - System Checkpoint
    RP845: 8/25/2011 3:50:10 AM - System Checkpoint
    RP846: 8/25/2011 4:25:07 PM - Installed CEES
    RP847: 8/26/2011 7:30:17 PM - System Checkpoint
    RP848: 8/27/2011 9:00:21 PM - Software Distribution Service 3.0
    RP849: 8/30/2011 12:10:33 PM - System Checkpoint
    RP850: 8/31/2011 1:48:04 PM - System Checkpoint
    RP851: 9/1/2011 4:57:53 PM - System Checkpoint
    RP852: 9/2/2011 5:33:33 PM - System Checkpoint
    RP853: 9/3/2011 6:47:48 PM - System Checkpoint
    RP854: 9/5/2011 12:47:51 AM - System Checkpoint
    RP855: 9/6/2011 6:47:56 AM - System Checkpoint
    RP856: 9/7/2011 9:52:46 PM - Software Distribution Service 3.0
    RP857: 9/9/2011 4:30:09 AM - System Checkpoint
    RP858: 9/10/2011 10:30:12 AM - System Checkpoint
    RP859: 9/11/2011 4:30:12 PM - System Checkpoint
    RP860: 9/12/2011 6:16:00 PM - System Checkpoint
    RP861: 9/13/2011 10:07:34 PM - System Checkpoint
    RP862: 9/14/2011 7:02:40 PM - Software Distribution Service 3.0
    RP863: 9/15/2011 7:11:35 PM - System Checkpoint
    RP864: 9/17/2011 12:54:28 AM - System Checkpoint
    RP865: 9/18/2011 6:42:27 AM - System Checkpoint
    RP866: 9/19/2011 2:20:09 PM - System Checkpoint
    RP867: 9/20/2011 4:04:42 PM - System Checkpoint
    RP868: 9/21/2011 11:19:18 AM - Installed SpyHunter
    RP869: 9/21/2011 1:24:36 PM - Removed Browser Address Error Redirector.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.0.1)
    APC PowerChute Personal Edition
    ArcGIS ArcReader
    AutoCAD LT 2005 - English
    Autodesk 2005 OE Hotfix
    Autodesk Architectural 2005 Object Enabler
    Autodesk DWF Viewer
    Autodesk Land 2005 Object Enabler
    CEES
    COMcheck 3.7.0
    COMcheck 3.8.2
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    CutePDF Writer 2.7
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    Digital Line Detect
    Documentation & Support Launcher
    FileOpen Client
    Games, Music, & Photos Launcher
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    GoToAssist 8.0.0.514
    GPL Ghostscript 8.62
    GPL Ghostscript Fonts
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Designjet 510 Printer Series
    HP Web Registration
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Japanese Fonts Support For Adobe Reader 9
    Java(TM) 6 Update 5
    KIP Request 7
    LiveUpdate 3.1 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Meridian Systems Prolog WebSite 2008 Client (HF1)
    Meridian Systems Prolog Website 2008 File Management Control (HF1)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 6.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Modem Diagnostic Tool
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Musicmatch for Windows Media Player
    NetWaiting
    PowerDVD
    Realtek High Definition Audio Driver
    ReConWall
    REScheck 4.3.1
    RK CutterBanker 3
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    RxFilters3D
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SpyHunter
    Trend Micro Worry-Free Business Security Agent
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WorkgroupShare Client
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/22/2011 8:28:46 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
    9/22/2011 8:24:49 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HIGHPOINT due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    9/21/2011 8:06:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
    9/21/2011 3:26:56 PM, error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
    9/21/2011 2:59:12 PM, error: Service Control Manager [7000] - The DameWare Mini Remote Control service failed to start due to the following error: The system cannot find the file specified.
    9/21/2011 1:31:15 PM, error: Service Control Manager [7034] - The DameWare Mini Remote Control service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! It is no wonder the employee is having problems:
    1. There is a rootkit on the system.
    2. There is a Backdoor.IRCBot on the system>
    3. Java is outdated and there will be malware in the Java cache.
    4. It appears that at least some of the reasons he can't access is because of:
    9/22/2011 8:24:49 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HIGHPOINT due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    ======================================
    #2. What is a Backdoor.bot?
    And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer

    Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?
     
  3. kwright5953

    kwright5953 TS Rookie Topic Starter

    Thanks for the response Bobbye. I was hoping there may be a chance to remove whatever malware/viruses on the machine w/o a reformat, but as I figured, it seems that is the best move right now. Thanks again for your help!
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.