Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search redirected, links to wrong sites [Closed]

Started by Undersea_Gal , Jan 09 2009 05:38 PM

  • This topic is locked This topic is locked

#31
RatHat
Posted 13 January 2009 - 05:45 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Lets see if we can catch it early then.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

Advertisements

#32
Undersea_Gal
Posted 13 January 2009 - 06:35 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks again for looking into this. I'm really sick of this silly virus and I can't wait until it's resolved.

I started the scan, but again it seems it will be too long to run during my workday. I will run it overnight and post the log tomorrow morning.

Is my last scan (from Dr Web) an indication of anything?

I really appreciate your help,
-J

Edited by Undersea_Gal, 13 January 2009 - 06:39 PM.

  • 0

#33
RatHat
Posted 13 January 2009 - 07:10 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
DrWeb's find is not significant. What we have with your machine, and as with any rootkit infection, is an infection that is very difficult to clean, and can come back as seems in this case.

What we have to do now is see if we can find what has been hidden. :)

Lets see what KAV brings back.
  • 0

#34
Undersea_Gal
Posted 13 January 2009 - 07:19 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok, makes sense. I'll run the scan tonight and hopefully we find the culprit tomorrow.

Thanks again!
-J
  • 0

#35
Undersea_Gal
Posted 14 January 2009 - 12:16 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's my log from the AVP tool:

Detected
--------
Status Object
------ ------


It didn't find anything. :)
  • 0

#36
Undersea_Gal
Posted 14 January 2009 - 12:25 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Update:
My anti-virus (Sophos) just notified me that
"File "C:/WINDOWS/system32/wdmaud.sys" belongs to virus/spyware Troj/Daonol-Fam.

So I updated my Sophos and I'm running a scan right now.

I hope this isn't another unrelated virus I picked up.
  • 0

#37
Undersea_Gal
Posted 14 January 2009 - 12:35 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
It's me again.

Here's the info I dug out regarding my previous post:

Troj/Daonol-Fam
Aliases

* Rootkit.Win32.Agent.fwt
* Trojan:Win32/Daonol.A
* Trojan:Win32/Daonol.B

Category

* Viruses and Spyware

Type

* Trojan

What to do

* If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.

Troj/Daonol-Fam is a family of Trojans for the Windows platform.

Members of Troj/Daonol-Fam typically copy themselves to the Root folder and create some of the following files

<Root>\<random filename>.bat (clean batch file)
<System>\sysaudio.sys

The file sysaudio.sys is also a member of Troj/Daonol-Fam.

A registry entry is usually set similar to the following:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
aux
sysaudio.sys

Troj/Daonol-Fam attempts to redirect internet traffic from a number of websites.

Seems like it's my culprit.

I'll let you know if Sophos takes care of it.
  • 0

#38
Undersea_Gal
Posted 14 January 2009 - 01:07 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Apologies for the numerous posts.

Ok, so Sophos cleaned up the trojan, and my web searches are back to normal -for now.

However, I did read this:

"Trojans infect computers, but do not infect files. They can simply be identified and deleted. However, they often make registry or startup file changes so that they are executed on boot-up. Check the threat analysis for details of such behavior."

So I was wondering if you could advise me on how to prevent the trojan from reoccurring after a reboot.

Thanks again!
  • 0

#39
Undersea_Gal
Posted 14 January 2009 - 05:52 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Yet another post by me.

After Sophos deleted the bad file, all was well.
Then I got a notice about another file, so I ran another scan, and delete the other file as well.

After all this, my browser searches started giving me wrong links again.

*pulling hair*
  • 0

#40
RatHat
Posted 14 January 2009 - 06:55 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Julie,

Lets see if RootRepeal will find the culprit.

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lets also have a look with Runscanner. Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Finally, lets run an F-Secure online scan:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient


We'll get there in the end Julie :)
  • 0

Advertisements

#41
Undersea_Gal
Posted 14 January 2009 - 07:06 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/01/14 16:59
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAC6E000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89F9000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA976000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!
  • 0

#42
RatHat
Posted 14 January 2009 - 07:11 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Nothing showing there Julie. Lets see what the other two turn up.
  • 0

#43
Undersea_Gal
Posted 14 January 2009 - 07:12 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Attached is the .run file, and here is the log file:

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : JULIE
Creation time : 1/14/2009 5:09:49 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
* C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
* C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
* C:\DOCUME~1\CNL\LOCALS~1\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (www.tortoisesvn.org)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
002 C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
002 C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
002 C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
002 C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
002 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
003 C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
005 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
005 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
005 C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
010 C:\WINDOWS\system32\brsvc01a.exe (BrSplService)
010 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Anti-Virus)
010 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Anti-Virus status reporter)
010 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos AutoUpdate Service)
011 C:\WINDOWS\system32\drivers\ASPI32.sys (ASPI32)
011 C:\WINDOWS\system32\DRIVERS\airplus.sys (D-Link AirPlus Wireless Adapter)
011 C:\WINDOWS\System32\GTNDIS5.SYS (GTNDIS5 NDIS Protocol Driver)
011 C:\WINDOWS\system32\drivers\hardlock.sys (Hardlock)
011 C:\WINDOWS\system32\drivers\Haspnt.sys (Haspnt)
011 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (ialm)
011 C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Linksys 802.11 Network Adapter Driver)
011 C:\WINDOWS\System32\DRIVERS\MXOFX.SYS (USB Storage Adapter FX (MXO))
011 C:\WINDOWS\System32\DRIVERS\w2kasc.sys (w2kasc)
031 GUID / CLSID not found {0A9007C0-4076-11D3-8789-0000F8105754}
052 C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) {39EA7695-B3F2-4C44-A4BC-297ADA8FD235}
061 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351346-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351347-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351348-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134A-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134B-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134C-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134D-7B7D-4FCC-81B4-1E394CA267EB}
061 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134E-7B7D-4FCC-81B4-1E394CA267EB}
062 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
067 C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
069 C:\WINDOWS\System32\pdfports.dll (Adobe Systems Incorporated.)
100 Start Page HKCU : http://www.google.ca/
102 GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
104 * C:\WINDOWS\Downloaded Program Files\Midasa.dll {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B}
104 * C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll (Microsoft Corporation) {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
104 * C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX (Netopsystems AG) {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
104 C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx (Microsoft Corporation) {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
121 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
170 {47478433-fe48-11db-b8a3-000d889db4fb} : H:\LaunchU3.exe
170 {c835de8d-dc2f-11d9-b82a-000f66f4813f} : L:\setupSNK.exe
173 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
173 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
210 C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
221 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
221 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
225 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
225 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
225 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
225 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
227 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll (Sophos Plc) {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D}
227 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
229 C:\WINDOWS\System32\igfxpph.dll (Intel Corporation) {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
229 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351349-7B7D-4FCC-81B4-1E394CA267EB}
231 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org)
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351346-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351347-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {30351348-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134B-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134C-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134D-7B7D-4FCC-81B4-1E394CA267EB}
241 C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll (www.tortoisesvn.org) {3035134E-7B7D-4FCC-81B4-1E394CA267EB}

Missing files
-------------
003 C:\Program Files\MSN Messenger\MsnMsgr.Exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll

I'm glad you're still confident we'll be able to get to the bottom of this. Now I'll run the F-secure scan and report back.

Attached Files


  • 0

#44
Undersea_Gal
Posted 14 January 2009 - 07:13 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I'm not sure I have administrator rights...
  • 0

#45
Undersea_Gal
Posted 14 January 2009 - 07:16 PM

Undersea_Gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Yeah, it says I have insufficient rights to run the scan.

:)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP