Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google redirect :(


  • Please log in to reply

#1
Zylocks

Zylocks

    Member

  • Member
  • PipPipPip
  • 182 posts
Hey guys

So as the name suggests I have the annoying google redirect, virus dealio, and [bleep] is it annoying. I ran avast, ad-aware, and super antispyware, and removed a whole bunch of viruses from my comp... (how the [bleep] I got them all I don't know >.<), but they didn't seem to remove the one thats hijacking google.

Heres my OTL..


OTL logfile created on: 22/06/2011 12:05:30 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Adam\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 72.06% Memory free
5.78 Gb Paging File | 5.25 Gb Available in Paging File | 90.84% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 26.51 Gb Free Space | 17.79% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 270.79 Gb Free Space | 19.38% Space Free | Partition Type: NTFS

Computer Name: ADAMA | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe (MPC-HC Team)
PRC - C:\Program Files\Razer\Abyssus\razertra.exe ()
PRC - C:\Program Files\Razer\Abyssus\razerhid.exe ()
PRC - C:\Program Files\Razer\Abyssus\razerofa.exe (Razer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
PRC - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Adam\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Logitech Easy Synchronization) -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe ()


========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (vHidDev) -- C:\WINDOWS\system32\drivers\vHidDev.sys (Windows ® Win 7 DDK provider)
DRV - (Abyssus03) -- C:\WINDOWS\system32\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (vserial) -- C:\WINDOWS\system32\drivers\vserial.sys (ELTIMA Software)
DRV - (vsbus) -- C:\WINDOWS\system32\drivers\vsb.sys (ELTIMA Software)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e810ab4a-05c3-4ae8-bba3-3390cead7f7f}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/14 03:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 23:07:42 | 000,000,000 | ---D | M]

[2010/06/02 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions
[2010/06/02 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Extensions\[email protected]
[2011/05/07 02:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions
[2009/12/16 01:57:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 03:48:47 | 000,000,000 | ---D | M] ("Stumble Porn") -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\extensions\{e810ab4a-05c3-4ae8-bba3-3390cead7f7f}
[2010/01/05 18:04:22 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\2gvdsbrs.default\searchplugins\search-the-web.xml
[2011/05/07 02:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 23:07:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 21:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/12 09:30:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/29 23:07:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/13 04:00:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/29 22:12:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/28 23:45:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Abyssus] C:\Program Files\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Microsoft Security Essentials] File not found
O4 - HKCU..\Run: [Oyidohilofeji] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - C:\Documents and Settings\Adam\My Documents\My Pictures\Best_Friends_by_spacecoyote.jpg
O24 - Desktop Components:1 () - http://www.aporcupine.com/paint.png
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 22:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 21:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Start Menu\Programs\Google Chrome
[2011/06/20 21:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Local Settings\Application Data\Deployment
[2011/06/19 22:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2011/06/19 22:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/06/19 22:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/06/19 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/06/19 22:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2011/06/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/06/19 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/06/15 04:23:56 | 000,060,156 | ---- | C] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2011/05/23 21:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\647 927 5854

========== Files - Modified Within 30 Days ==========

[2011/06/22 00:00:48 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/22 00:00:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/22 00:00:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/21 23:59:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 23:19:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003UA.job
[2011/06/21 21:19:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003Core.job
[2011/06/20 21:14:56 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2011/06/20 21:14:56 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/19 22:54:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/19 21:58:44 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 00:38:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/18 00:38:48 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/17 15:11:32 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2011/06/15 03:32:52 | 000,496,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:32:52 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 03:23:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/30 23:08:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/06/20 21:14:56 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2011/06/20 21:14:56 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 21:14:12 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003UA.job
[2011/06/20 21:14:11 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1935655697-725345543-1003Core.job
[2011/06/19 22:54:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2010/10/18 23:02:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 16:20:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/07/27 16:20:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/07/27 16:19:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/05/10 23:53:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\PCProxyOff.ini
[2010/01/17 21:39:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/01/17 21:39:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/01/17 21:39:37 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/01/17 21:33:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/01/17 21:33:31 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/01/11 01:11:10 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/12/16 02:27:03 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/11/09 18:25:20 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/05 17:31:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/09/27 17:12:22 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/12 00:37:06 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/23 23:10:27 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/04/15 18:11:03 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/26 21:20:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/03/20 16:41:24 | 000,122,549 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2008/11/17 01:53:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/17 01:53:24 | 000,004,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/17 01:53:22 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/11/17 01:53:22 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/11/17 01:47:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/16 02:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/15 23:19:25 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/15 22:18:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/15 22:13:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/15 15:37:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/15 15:34:20 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/13 07:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/13 11:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,966 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/10 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.minecraft
[2008/11/25 03:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Brainwave
[2011/02/08 21:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\cYo
[2008/11/17 02:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DAEMON Tools
[2010/01/11 01:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\DAEMON Tools Pro
[2010/07/30 01:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Foxit Software
[2010/06/11 00:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\JGoodies
[2011/01/15 16:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\NeuroProgrammer3
[2010/06/05 20:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Octoshape
[2010/11/02 05:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\PFStaticIP
[2010/11/02 05:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\TeamViewer
[2010/05/11 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Uniblue
[2011/06/19 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\uTorrent
[2010/03/18 18:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/11 00:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/05/11 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/04 17:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/06/20 21:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/01/17 21:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/10/03 21:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2011/06/21 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 15:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/28 00:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/06/22 00:00:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:157E1AD3

< End of report >


I stink :).

thanks as always,

-Adam
  • 0

Advertisements


#2
Zylocks

Zylocks

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 182 posts
Hey guys, me again.

I started poking around the internet and came across an article by PCmagazine that talked about this very issue. I gave what they suggested, and it seems like it may have worked.

http://www.pcmag.com...,2370676,00.asp

I followed the "Backdoor.Tidserv" link.

I thought I'd let you guys know. Let me know what you think?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP