I've been trying to resolve a virus/malware problem on my laptop for a week or so without any real progress. Hopefully you guys can help me out. Here's a little history to hopefully help the process.
I first started noticing that websites were not going to the right pages the first time I picked the link. If I went back to the search results and selected the link it would, usually, get to the intended site. After a few days I noticed that some desktop shortcuts had a generic icon and wouldn't run the programs. I did some searching on removing the google.redirect.virus and ended up running FixNCR.reg with rkill.exe and then running Malware Anti-Malware. I've run TDSSKiller.exe as well. I also tried using Super AntiSpyware. I've got Symantec Endpoint Protection installed.
At this point, in order for me to run *.exe files on the laptop after a bootup I first run the FixNCR.reg script and then rkill.exe. That seems to get my system usable until I shut down and restart. The machine is my work computer and is on a network. I also use it at home as a stand alone but connected to the internet via wireless. It seems run normal, with no real hangups, when it's connected to the work network. At home it can be painfully slow.
It's a lot of info, but I thought it might help with the troubleshooting.
Here are my MBAM and GMER logs. DDS with excluded as directed in my other post.
---------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7604
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/29/2011 8:26:43 AM
mbam-log-2011-08-29 (08-26-43).txt
Scan type: Quick scan
Objects scanned: 296910
Time elapsed: 36 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-29 11:49:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8046GSX rev.LB312D
Running: ygyx1k88.exe; Driver: C:\DOCUME~1\ewelsch\LOCALS~1\Temp\pxtdapog.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
I first started noticing that websites were not going to the right pages the first time I picked the link. If I went back to the search results and selected the link it would, usually, get to the intended site. After a few days I noticed that some desktop shortcuts had a generic icon and wouldn't run the programs. I did some searching on removing the google.redirect.virus and ended up running FixNCR.reg with rkill.exe and then running Malware Anti-Malware. I've run TDSSKiller.exe as well. I also tried using Super AntiSpyware. I've got Symantec Endpoint Protection installed.
At this point, in order for me to run *.exe files on the laptop after a bootup I first run the FixNCR.reg script and then rkill.exe. That seems to get my system usable until I shut down and restart. The machine is my work computer and is on a network. I also use it at home as a stand alone but connected to the internet via wireless. It seems run normal, with no real hangups, when it's connected to the work network. At home it can be painfully slow.
It's a lot of info, but I thought it might help with the troubleshooting.
Here are my MBAM and GMER logs. DDS with excluded as directed in my other post.
---------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7604
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/29/2011 8:26:43 AM
mbam-log-2011-08-29 (08-26-43).txt
Scan type: Quick scan
Objects scanned: 296910
Time elapsed: 36 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-29 11:49:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8046GSX rev.LB312D
Running: ygyx1k88.exe; Driver: C:\DOCUME~1\ewelsch\LOCALS~1\Temp\pxtdapog.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----