Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.tdss.rtk


  • This topic is locked This topic is locked
2 replies to this topic

#1 jennybella

jennybella

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 30 August 2009 - 07:57 PM

Hi,

Thank you for your assistance.

I use the browsers IE and Firefox and find that at times I am redirected to other search sites when I click on a search result link from Google. AVG states that these links are safe so it cannot be the sites. The only way around this challenge is cutting and pasting the link into the address bar. Attached is a screen capture of what Spybot detects and the other information requested in the Preparation Guide. Prior to joining your site, I tried booting my computer in safe mode and utilizing Spybot Search and Destroy to remove the problem - no go. Spybot isn't up to the problem as each time it clears the problem to only be there again in the next scan a minute later. I have also used Spyware Guard, Adware and CCleaner to no avail.

Please get back to me.

Regards,
Jennifer

DDS (Ver_09-07-30.01) - NTFSx86
Run by bambola at 17:47:30.56 on 30/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.1975 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\bambola\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB2696] command.com /c del "c:\windows\system32\drivers\kbiwkmqoijwmro.sys"
uRunOnce: [SpybotDeletingD1044] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmqoijwmro.sys"
uRunOnce: [SpybotDeletingB7938] command.com /c del "c:\windows\system32\kbiwkmeugrscky.dll"
uRunOnce: [SpybotDeletingD5193] cmd.exe /c del "c:\windows\system32\kbiwkmeugrscky.dll"
uRunOnce: [SpybotDeletingB1088] command.com /c del "c:\windows\system32\kbiwkmtaqqkeyb.dll"
uRunOnce: [SpybotDeletingD7239] cmd.exe /c del "c:\windows\system32\kbiwkmtaqqkeyb.dll"
uRunOnce: [SpybotDeletingB5221] command.com /c del "c:\windows\system32\kbiwkmebqwgijt.dat"
uRunOnce: [SpybotDeletingD527] cmd.exe /c del "c:\windows\system32\kbiwkmebqwgijt.dat"
uRunOnce: [SpybotDeletingB5880] command.com /c del "c:\windows\system32\kbiwkmvbrnbaip.dat"
uRunOnce: [SpybotDeletingD1580] cmd.exe /c del "c:\windows\system32\kbiwkmvbrnbaip.dat"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRunOnce: [SpybotDeletingA2913] command.com /c del "c:\windows\system32\drivers\kbiwkmqoijwmro.sys"
mRunOnce: [SpybotDeletingC5347] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmqoijwmro.sys"
mRunOnce: [SpybotDeletingA6139] command.com /c del "c:\windows\system32\kbiwkmeugrscky.dll"
mRunOnce: [SpybotDeletingC5781] cmd.exe /c del "c:\windows\system32\kbiwkmeugrscky.dll"
mRunOnce: [SpybotDeletingA2491] command.com /c del "c:\windows\system32\kbiwkmtaqqkeyb.dll"
mRunOnce: [SpybotDeletingC6398] cmd.exe /c del "c:\windows\system32\kbiwkmtaqqkeyb.dll"
mRunOnce: [SpybotDeletingA5495] command.com /c del "c:\windows\system32\kbiwkmebqwgijt.dat"
mRunOnce: [SpybotDeletingC5249] cmd.exe /c del "c:\windows\system32\kbiwkmebqwgijt.dat"
mRunOnce: [SpybotDeletingA9340] command.com /c del "c:\windows\system32\kbiwkmvbrnbaip.dat"
mRunOnce: [SpybotDeletingC6410] cmd.exe /c del "c:\windows\system32\kbiwkmvbrnbaip.dat"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bambola\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bambola\applic~1\mozilla\firefox\profiles\02gvuhks.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-30 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-30 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-30 372824]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-30 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-13 1086208]

=============== Created Last 30 ================

2009-08-30 17:39 15 a------- c:\documents and settings\bambola\settings.dat
2009-08-30 15:58 <DIR> --d----- c:\program files\SpywareGuard
2009-08-30 15:40 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-08-30 15:40 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-30 15:40 <DIR> --d----- c:\program files\Zone Labs
2009-08-30 15:39 35,981 a---h--- c:\windows\system32\vsconfig.xml
2009-08-30 15:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-30 15:34 <DIR> --d----- c:\windows\Internet Logs
2009-08-30 15:31 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-30 15:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-30 15:30 <DIR> --d----- c:\program files\Lavasoft
2009-08-30 14:53 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-30 14:53 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-30 14:23 2,574 a------- c:\windows\wininit.ini
2009-08-30 13:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-30 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-30 13:46 <DIR> --d----- c:\program files\CCleaner
2009-08-30 13:39 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-30 13:02 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-30 03:05 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-30 03:05 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-30 03:05 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-30 03:05 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-30 03:05 <DIR> --d----- c:\program files\AVG
2009-08-30 03:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-30 00:30 <DIR> --d----- c:\docume~1\bambola\applic~1\AVG8
2009-08-29 23:49 <DIR> --d----- c:\windows\pss
2009-08-29 17:27 <DIR> --d----- c:\program files\MSECache
2009-08-29 16:58 <DIR> --d----- c:\program files\Microsoft Office Communicator
2009-08-29 16:54 30,568 a------- c:\windows\system32\mdimon.dll
2009-08-27 09:57 421,888 a------- c:\windows\system32\ac3filter.acm
2009-08-27 09:57 <DIR> --d----- c:\program files\XP Codec Pack
2009-08-26 00:17 <DIR> --d----- c:\documents and settings\bambola\Tracing
2009-08-26 00:06 <DIR> --d----- c:\program files\Microsoft
2009-08-26 00:06 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-26 00:01 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-18 23:43 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-18 17:23 <DIR> --d----- c:\program files\Nero
2009-08-18 17:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-08-18 14:27 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-08-13 01:23 0 a------- c:\windows\ativpsrm.bin
2009-08-13 01:18 307,200 a----r-- c:\windows\system32\atiiiexx.dll
2009-08-13 01:18 15,485 a----r-- c:\windows\atiogl.xml
2009-08-13 01:18 442,368 a----r-- c:\windows\system32\ATIDEMGX.dll
2009-08-13 01:18 7,167 a----r-- c:\windows\system32\atifglpf.xml
2009-08-13 01:18 3,107,788 a----r-- c:\windows\system32\ativva5x.dat
2009-08-13 01:18 887,724 a----r-- c:\windows\system32\ativva6x.dat
2009-08-13 01:18 180,720 a----r-- c:\windows\system32\atiicdxx.dat
2009-08-13 01:17 <DIR> --d----- c:\program files\ATI Technologies
2009-08-13 01:14 <DIR> --ds---- c:\documents and settings\bambola\UserData
2009-08-13 01:13 331,184 -------- c:\windows\system32\difxapi.dll
2009-08-13 01:13 <DIR> --d----- c:\program files\VIA
2009-08-13 01:13 120,064 a----r-- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-13 01:13 73,728 a----r-- c:\windows\system32\RtNicProp32.dll
2009-08-13 01:13 <DIR> --d----- c:\program files\Realtek
2009-08-13 01:13 1,746 a------- c:\windows\Language_trs.ini
2009-08-13 01:12 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-08-13 01:12 31,785 a------- c:\windows\Ascd_tmp.ini
2009-08-13 01:12 10,296 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-08-13 01:08 <DIR> --d----- c:\documents and settings\bambola
2009-08-13 01:06 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-13 01:06 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-13 01:04 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-13 01:03 49,664 ac------ c:\windows\system32\dllcache\adrot.dll
2009-08-13 01:02 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-13 01:02 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-13 01:02 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-13 01:00 <DIR> --d----- c:\program files\Online Services
2009-08-13 01:00 <DIR> --d----- c:\program files\Messenger
2009-08-13 01:00 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-13 00:59 <DIR> --d----- c:\program files\Windows NT
2009-08-12 17:49 <DIR> --d----- c:\program files\common files\ODBC
2009-08-12 17:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-12 17:49 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-08-12 14:56 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-08-12 14:44 <DIR> --d----- c:\program files\uTorrent
2009-08-12 14:44 <DIR> --d----- c:\docume~1\bambola\applic~1\uTorrent
2009-08-12 14:16 <DIR> --d----- c:\program files\mIRC
2009-08-12 14:16 <DIR> --d----- c:\docume~1\bambola\applic~1\mIRC

==================== Find3M ====================

2009-08-29 23:39 507,904 a------- c:\windows\system32\winlogon.exe
2009-08-18 01:35 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-13 01:00 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-06-24 06:39 1,003,520 a------- c:\windows\system32\VSFilter.dll

============= FINISH: 17:48:24.42 ===============

Oh almost forget, there is no error listed in Kaspersky scan but the client Internet Relay Chat (IRC) which is not a virus but a server.

BC AdBot (Login to Remove)

 


#2 jennybella

jennybella
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 13 September 2009 - 03:58 PM

I reformatted my drive as there was no reply in 13 days. Good luck everyone.

#3 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 14 September 2009 - 07:19 PM

Thanks for letting us know.

Sorry we didn't get to you in time. :(
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users