Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirecting Virus Infected My PC!

Started by NorthstarATL , Mar 30 2011 06:02 AM

  • Please log in to reply

#1
NorthstarATL
Posted 30 March 2011 - 06:02 AM

NorthstarATL

    Member

  • Member
  • PipPip
  • 66 posts
I am an idiot. I added Clicksor to my blog when Adsense disabled my account. Clicksor infected my computer, and now when I use any search engine I am redirected to obscure secondary search pages (which I immediately get away from). My computer, a Dell Inspiron 530, running Vista Home Premium, crashed yesterday, and I was fortunate enough to get it back to where I can do most things (other than use a search engine) by repairing startup and registry with CC Cleaner. I ran Avast, Maladware Bytes, Spybot S&D, and Superantispyware, and I still have the problem (though Avast and Superantispyware removed something each during a reboot for each process). Looking through this site (which was in my bookmarks) I checked out Combofix and downloaded it. I was told that the download was corrupted, and renamed a new download and ran it in safe mode with networking. It started a scan, informed me that it found a rootkit and needed to shut down (or restart; I was half asleep by this point), and the computer shut down and wanted to open in repair mode. Combofix never initiated after that, and I am out of options, so I am requesting help here. My OTL:
OTL logfile created on: 3/30/2011 7:43:01 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 222.31 Gb Free Space | 38.23% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.20 Gb Free Space | 49.17% Space Free | Partition Type: NTFS

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 01:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/25 10:07:44 | 022,504,120 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 01:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster)
SRV - File not found [Auto | Stopped] -- -- (SeekService Service)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/10 10:59:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 19:08:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:33:04 | 000,000,000 | ---D | M]

[2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\[email protected]
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\[email protected]
[2011/03/29 18:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions
[2010/04/28 13:12:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/21 10:40:00 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011/02/21 11:38:07 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/04/28 13:12:33 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2009/12/03 21:05:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/21 10:40:15 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\[email protected]
[2011/03/14 12:49:03 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\[email protected]
[2011/03/24 03:19:00 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\[email protected]
[2011/02/21 10:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\[email protected]\chrome
[2011/02/21 10:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\[email protected]\defaults
[2011/02/21 10:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 07:03:27 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/03/30 06:48:00 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2011/03/30 06:47:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/30 06:41:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/30 06:41:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/30 06:41:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/30 06:41:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/30 05:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/30 05:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 14:55:37 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{9287087A-261B-44CA-9BE5-E61199205701}
[2011/03/24 19:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/03/24 19:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/03/16 16:42:43 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/14 12:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/03/14 12:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/03/03 01:47:15 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\My Streaming Media
[2011/03/03 01:47:12 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Jaksta_Technologies_Pty_L
[2011/03/03 01:36:05 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/03/03 01:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2011/03/03 01:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/03/02 18:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2011/03/02 18:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
[2010/06/30 09:19:11 | 000,373,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Kenn\AppData\Local\upucijeno.dll
[2010/06/30 09:19:11 | 000,093,696 | ---- | C] (Greatis Software) -- C:\Users\Kenn\AppData\Local\INCAug.dll
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 07:36:49 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C178CBE6-A142-4DD7-B06A-073120793B31}.job
[2011/03/30 07:35:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 07:35:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 07:17:44 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/30 07:17:44 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/30 07:11:03 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/03/30 07:10:42 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/30 07:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 06:46:56 | 000,007,512 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2011/03/30 04:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job
[2011/03/30 00:50:25 | 000,119,808 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 21:59:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job
[2011/03/29 17:52:21 | 266,881,660 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/29 17:48:58 | 000,029,780 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20110329_174849.reg
[2011/03/29 14:55:39 | 000,000,120 | ---- | M] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | M] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
[2011/03/27 20:34:18 | 000,173,976 | ---- | M] () -- C:\Users\Kenn\Documents\whos_who_013_28_rougher.jpg
[2011/03/27 20:31:46 | 000,333,819 | ---- | M] () -- C:\Users\Kenn\Documents\whos_who_013_12_rougher.jpg
[2011/03/25 22:45:41 | 000,092,959 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-38.jpg
[2011/03/25 22:41:37 | 000,144,318 | ---- | M] () -- C:\Users\Kenn\Documents\Doomsday_Promo_ConnerKara.jpg
[2011/03/24 19:46:33 | 000,151,552 | ---- | M] () -- C:\Windows\System32\nvRegDev.dll
[2011/03/23 20:04:44 | 000,421,347 | ---- | M] () -- C:\Users\Kenn\Documents\14.jpg
[2011/03/23 20:04:27 | 000,537,970 | ---- | M] () -- C:\Users\Kenn\Documents\12.jpg
[2011/03/23 20:04:18 | 000,580,323 | ---- | M] () -- C:\Users\Kenn\Documents\10.jpg
[2011/03/23 19:08:55 | 000,000,872 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/18 19:42:24 | 001,013,506 | ---- | M] () -- C:\Users\Kenn\Documents\Legacies10-018.jpg
[2011/03/18 19:40:42 | 000,839,158 | ---- | M] () -- C:\Users\Kenn\Documents\Legacies10-001.jpg
[2011/03/16 16:42:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/14 21:10:49 | 000,066,565 | ---- | M] () -- C:\Users\Kenn\Documents\TabulaRaza.jpg
[2011/03/14 14:19:29 | 000,331,848 | ---- | M] () -- C:\Users\Kenn\Documents\Thriftstore.jpg
[2011/03/12 18:00:35 | 000,912,055 | ---- | M] () -- C:\Users\Kenn\Documents\HoneyWest01-30-MM-Tyler.jpg
[2011/03/07 15:44:30 | 000,143,228 | ---- | M] () -- C:\Users\Kenn\Documents\PICT0002 (2).JPG
[2011/03/07 15:43:47 | 000,101,198 | ---- | M] () -- C:\Users\Kenn\Documents\PICT0008.JPG
[2011/03/07 15:43:00 | 000,135,784 | ---- | M] () -- C:\Users\Kenn\Documents\PICT0003.JPG
[2011/03/05 11:24:49 | 000,430,023 | ---- | M] () -- C:\Users\Kenn\Documents\Batman - Streets of Gotham #20 017.jpg
[2011/03/02 13:22:26 | 001,925,496 | ---- | M] () -- C:\Users\Kenn\Documents\BD_21_Legion_CPS_004-005.jpg
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/29 17:52:21 | 266,881,660 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/29 17:48:52 | 000,029,780 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20110329_174849.reg
[2011/03/29 16:46:18 | 000,001,815 | ---- | C] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/03/29 16:46:18 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
[2011/03/27 20:32:18 | 000,173,976 | ---- | C] () -- C:\Users\Kenn\Documents\whos_who_013_28_rougher.jpg
[2011/03/27 20:31:46 | 000,333,819 | ---- | C] () -- C:\Users\Kenn\Documents\whos_who_013_12_rougher.jpg
[2011/03/25 22:45:41 | 000,092,959 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-38.jpg
[2011/03/25 22:41:37 | 000,144,318 | ---- | C] () -- C:\Users\Kenn\Documents\Doomsday_Promo_ConnerKara.jpg
[2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/03/23 20:04:27 | 000,537,970 | ---- | C] () -- C:\Users\Kenn\Documents\12.jpg
[2011/03/23 20:04:18 | 000,580,323 | ---- | C] () -- C:\Users\Kenn\Documents\10.jpg
[2011/03/23 19:08:55 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/18 19:42:24 | 001,013,506 | ---- | C] () -- C:\Users\Kenn\Documents\Legacies10-018.jpg
[2011/03/18 19:40:42 | 000,839,158 | ---- | C] () -- C:\Users\Kenn\Documents\Legacies10-001.jpg
[2011/03/17 18:42:13 | 000,421,347 | ---- | C] () -- C:\Users\Kenn\Documents\14.jpg
[2011/03/14 14:15:20 | 000,331,848 | ---- | C] () -- C:\Users\Kenn\Documents\Thriftstore.jpg
[2011/03/12 18:00:34 | 000,912,055 | ---- | C] () -- C:\Users\Kenn\Documents\HoneyWest01-30-MM-Tyler.jpg
[2011/03/05 20:20:17 | 000,143,228 | ---- | C] () -- C:\Users\Kenn\Documents\PICT0002 (2).JPG
[2011/03/05 20:20:01 | 000,135,784 | ---- | C] () -- C:\Users\Kenn\Documents\PICT0003.JPG
[2011/03/05 20:19:30 | 000,101,198 | ---- | C] () -- C:\Users\Kenn\Documents\PICT0008.JPG
[2011/03/05 11:24:49 | 000,430,023 | ---- | C] () -- C:\Users\Kenn\Documents\Batman - Streets of Gotham #20 017.jpg
[2011/03/02 13:22:26 | 001,925,496 | ---- | C] () -- C:\Users\Kenn\Documents\BD_21_Legion_CPS_004-005.jpg
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2009/07/16 00:51:56 | 000,119,808 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,639,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft
[2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev
[2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro
[2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon
[2010/11/11 12:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium
[2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro
[2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX
[2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo
[2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit
[2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2011/03/29 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs
[2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI
[2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2011/03/30 05:56:42 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/30 07:11:03 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ubnypvssq.job
[2011/03/30 07:36:49 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C178CBE6-A142-4DD7-B06A-073120793B31}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
NorthstarATL
Posted 30 March 2011 - 07:09 AM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sorry to reply to my own topic, but I have an update! Because I was having such difficulty with searched being redirected I was not very thorough in searching this site before posting, and followed through on the pinned recommended fix: erunt, OTM, GooredFix, and TDSSKiller. OTM scared me, as I got a BSOD when it rebooted, but after 2 attempts I was able to restart and finish the process! I THINK it might have been successful, but am not sure how to check. If anyone has any suggestions, I'll gladly take them, and then say 'thanks' and consider the issue resolved. You guys saved my life (I think)!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP