[Zylocks]

Hey guys

So as the name suggests I have the annoying google redirect, virus dealio, and [bleep] is it annoying. I ran avast, ad-aware, and super antispyware, and removed a whole bunch of viruses from my comp... (how the [bleep] I got them all I don't know >.<), but they didn't seem to remove the one thats hijacking google.

Heres my OTL..


OTL logfile created on: 22/06/2011 12:05:30 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Adam\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 72.06% Memory free
5.78 Gb Paging File | 5.25 Gb Available in Paging File | 90.84% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 26.51 Gb Free Space | 17.79% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 270.79 Gb Free Space | 19.38% Space Free | Partition Type: NTFS

Computer Name: ADAMA | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe (MPC-HC Team)
PRC - C:\Program Files\Razer\Abyssus\razertra.exe ()
PRC - C:\Program Files\Razer\Abyssus\razerhid.exe ()
PRC - C:\Program Files\Razer\Abyssus\razerofa.exe (Razer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
PRC - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Adam\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Logitech Easy Synchronization) -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe ()


========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (vHidDev) -- C:\WINDOWS\system32\drivers\vHidDev.sys (Windows ® Win 7 DDK provider)
DRV - (Abyssus03) -- C:\WINDOWS\system32\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (vserial) -- C:\WINDOWS\system32\drivers\vserial.sys (ELTIMA Software)
DRV - (vsbus) -- C:\WINDOWS\system32\drivers\vsb.sys (ELTIMA Software)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e810ab4a-05c3-4ae8-bba3-3390cead7f7f}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/14 03:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 23:07:42 | 000,000,000 | ---D | M]

[2010/06/02 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2010/06/02 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\[email protected]
[2011/05/07 02:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions
[2009/12/16 01:57:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 03:48:47 | 000,000,000 | ---D | M] ("Stumble Porn") -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions\{e810ab4a-05c3-4ae8-bba3-3390cead7f7f}
[2010/01/05 18:04:22 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\searchplugins\search-the-web.xml
[2011/05/07 02:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 23:07:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 21:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/12 09:30:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/29 23:07:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/13 04:00:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/29 22:12:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/28 23:45:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Abyssus] C:\Program Files\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Microsoft Security Essentials] File not found
O4 - HKCU..\Run: [Oyidohilofeji] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - C:\Documents and Settings\Adam\My Documents\My Pictures\Best_Friends_by_spacecoyote.jpg
O24 - Desktop Components:1 () - http://www.aporcupine.com/paint.png
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 22:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 21:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Start Menu\Programs\Google Chrome
[2011/06/20 21:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Local Settings\Application Data\Deployment
[2011/06/19 22:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2011/06/19 22:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/06/19 22:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/06/19 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/06/19 22:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2011/06/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/06/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/06/15 04:23:56 | 000,060,156 | ---- | C] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2011/05/23 21:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\647 927 5854

========== Files - Modified Within 30 Days ==========

[2011/06/22 00:00:48 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/22 00:00:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/22 00:00:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/21 23:59:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 23:19:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003UA.job
[2011/06/21 21:19:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003Core.job
[2011/06/20 21:14:56 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2011/06/20 21:14:56 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/19 22:54:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/19 21:58:44 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 00:38:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/18 00:38:48 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/17 15:11:32 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2011/06/15 03:32:52 | 000,496,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:32:52 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 03:23:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/30 23:08:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/06/20 21:14:56 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2011/06/20 21:14:56 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 21:14:12 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003UA.job
[2011/06/20 21:14:11 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003Core.job
[2011/06/19 22:54:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/10/18 23:02:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 16:20:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/07/27 16:20:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/07/27 16:19:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/05/10 23:53:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\PCProxyOff.ini
[2010/01/17 21:39:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/01/17 21:39:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/01/17 21:39:37 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/01/17 21:33:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/01/17 21:33:31 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/01/11 01:11:10 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/12/16 02:27:03 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/11/09 18:25:20 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/05 17:31:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/09/27 17:12:22 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/12 00:37:06 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/23 23:10:27 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/04/15 18:11:03 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/26 21:20:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/03/20 16:41:24 | 000,122,549 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2008/11/17 01:53:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/17 01:53:24 | 000,004,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/17 01:53:22 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/11/17 01:53:22 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/11/17 01:47:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/16 02:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/15 23:19:25 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/15 22:18:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/15 22:13:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/15 15:37:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/15 15:34:20 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/13 07:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/13 11:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,966 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/10 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.minecraft
[2008/11/25 03:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Brainwave
[2011/02/08 21:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\cYo
[2008/11/17 02:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DAEMON Tools
[2010/01/11 01:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DAEMON Tools Pro
[2010/07/30 01:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Foxit Software
[2010/06/11 00:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\JGoodies
[2011/01/15 16:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\NeuroProgrammer3
[2010/06/05 20:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Octoshape
[2010/11/02 05:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\PFStaticIP
[2010/11/02 05:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\TeamViewer
[2010/05/11 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Uniblue
[2011/06/19 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\uTorrent
[2010/03/18 18:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/11 00:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/05/11 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/04 17:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/06/20 21:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/01/17 21:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/10/03 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2011/06/21 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 15:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/28 00:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/06/22 00:00:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:157E1AD3

< End of report >


I stink .

thanks as always,

-Adam

[Advertisements]

Hey guys, me again.

I started poking around the internet and came across an article by PCmagazine that talked about this very issue. I gave what they suggested, and it seems like it may have worked.

http://www.pcmag.com...,2370676,00.asp

I followed the "Backdoor.Tidserv" link.

I thought I'd let you guys know. Let me know what you think?

[Zylocks]

Hey guys, me again.

I started poking around the internet and came across an article by PCmagazine that talked about this very issue. I gave what they suggested, and it seems like it may have worked.

http://www.pcmag.com...,2370676,00.asp

I followed the "Backdoor.Tidserv" link.

I thought I'd let you guys know. Let me know what you think?