Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirecting to wrong pages

Started by BrokenXXI , Dec 24 2010 10:12 AM

  • Please log in to reply

#1
BrokenXXI
Posted 24 December 2010 - 10:12 AM

BrokenXXI

    New Member

  • Member
  • Pip
  • 1 posts
In every 10 links I click from Google 2-3 will bring me to porn/online shops/other assorted weirdness and sometimes it starts windows media player then firefox crashes.

OTL Results:

OTL logfile created on: 24/12/2010 15:49:57 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = I:\Documents and Settings\Emperor\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive E: | 6.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 298.08 Gb Total Space | 131.90 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
Drive J: | 931.28 Gb Total Space | 657.25 Gb Free Space | 70.57% Space Free | Partition Type: FAT32

Computer Name: EMPERORBEDROOM | User Name: Emperor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 15:39:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Emperor\Desktop\OTL.exe
PRC - [2010/12/12 15:20:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 15:20:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/17 20:59:00 | 009,777,448 | ---- | M] (Apple Inc.) -- I:\Program Files\iTunes\iTunes.exe
PRC - [2010/10/16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- I:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/07/17 16:17:51 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/28 17:56:59 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/08/19 09:32:21 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 09:32:20 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 09:32:16 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 09:31:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/07/10 14:37:36 | 002,154,496 | ---- | M] () -- I:\Program Files\Vtune\TBPANEL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/12/19 02:18:48 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/22 04:54:46 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/06/22 04:54:46 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- I:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- I:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/01/13 23:14:04 | 000,158,672 | ---- | M] (Aelitis) -- I:\Program Files\Azureus\Azureus.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 15:39:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Emperor\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- I:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- I:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- I:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- I:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 09:31:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- I:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/29 22:49:28 | 000,258,048 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- I:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2007/06/22 04:54:46 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- I:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/05/01 20:35:16 | 001,216,704 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- I:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/05/01 20:34:58 | 000,131,256 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- I:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe -- (SandraDataSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- I:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/06/07 23:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/19 09:32:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- I:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/19 09:32:20 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/04 11:12:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/06/22 04:54:52 | 000,394,984 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- I:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/06/11 19:44:10 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- I:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/05/31 07:03:50 | 000,119,576 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- I:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/05/31 07:03:48 | 000,110,360 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2007/04/25 23:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- I:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006/12/14 23:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/25 23:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/12 03:28:20 | 000,371,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2003/03/20 09:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- I:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.telegraph.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: I:\Program Files\AVG\AVG8\Firefox [2009/12/22 18:53:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: I:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected] [2010/10/26 12:06:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/12/12 15:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/12/15 20:58:04 | 000,000,000 | ---D | M]

[2008/12/07 12:58:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Mozilla\Extensions
[2010/12/24 12:47:59 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Mozilla\Firefox\Profiles\e7xg6e7t.default\extensions
[2010/12/12 16:41:51 | 000,000,000 | ---D | M] (Adblock Plus) -- I:\Documents and Settings\Emperor\Application Data\Mozilla\Firefox\Profiles\e7xg6e7t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/24 12:47:59 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/12/15 20:58:05 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/15 20:57:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/15 09:34:35 | 000,001,538 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/15 09:34:35 | 000,000,947 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/15 09:34:35 | 000,000,769 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/15 09:34:35 | 000,001,135 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] I:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [TkBellExe] I:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [acxMouseusb] File not found
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - I:\Poker\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1183684625171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183684617015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - I:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - I:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - I:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: I:\Documents and Settings\Emperor\My Documents\My Pictures\picardin.jpg
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Emperor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - I:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - J:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{1b330ede-8808-11dc-a944-001150d01a85}\Shell - "" = AutoRun
O33 - MountPoints2\{1b330ede-8808-11dc-a944-001150d01a85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b330ede-8808-11dc-a944-001150d01a85}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1b330f8d-8808-11dc-a944-001150d01a85}\Shell - "" = AutoRun
O33 - MountPoints2\{1b330f8d-8808-11dc-a944-001150d01a85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b330f8d-8808-11dc-a944-001150d01a85}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5eb28c8b-7b12-11dc-99bd-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb28c8b-7b12-11dc-99bd-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5eb28c8b-7b12-11dc-99bd-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5eb29b09-7b12-11dc-99bd-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb29b09-7b12-11dc-99bd-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5eb29b09-7b12-11dc-99bd-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{96e3f3f4-7b32-11dc-8afb-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{96e3f3f4-7b32-11dc-8afb-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96e3f3f4-7b32-11dc-8afb-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{96e3f3ff-7b32-11dc-8afb-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{96e3f3ff-7b32-11dc-8afb-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96e3f3ff-7b32-11dc-8afb-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{bf8d1814-8893-11dc-96bb-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{bf8d1814-8893-11dc-96bb-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf8d1814-8893-11dc-96bb-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{bf8d1816-8893-11dc-96bb-0013d328a1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{bf8d1816-8893-11dc-96bb-0013d328a1a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf8d1816-8893-11dc-96bb-0013d328a1a1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 15:39:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Emperor\Desktop\OTL.exe
[2010/12/24 15:33:20 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Emperor\Desktop\TDSSKiller.exe
[2010/12/24 15:23:01 | 000,000,000 | ---D | C] -- I:\Qoobox
[2010/12/24 15:22:00 | 000,000,000 | R--D | C] -- I:\32788R22FWJFW
[2010/12/15 20:59:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sun
[2010/12/15 15:43:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Emperor\Application Data\Mp3tag
[2010/12/15 15:43:06 | 000,000,000 | ---D | C] -- I:\Program Files\Mp3tag
[2010/12/07 02:41:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Emperor\Local Settings\Application Data\wmiobjCres
[2010/12/03 22:52:01 | 000,000,000 | ---D | C] -- I:\Program Files\iPod
[2010/12/03 22:51:57 | 000,000,000 | ---D | C] -- I:\Program Files\iTunes
[2010/12/03 12:30:26 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Emperor\Desktop\MIT OCW
[2010/11/29 08:43:57 | 000,000,000 | ---D | C] -- I:\Program Files\FinalAlert 2 Yuri's Revenge
[2010/11/26 13:24:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Emperor\Desktop\to bk
[2010/07/04 12:52:42 | 000,047,360 | ---- | C] (VSO Software) -- I:\Documents and Settings\Emperor\Application Data\pcouffin.sys
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\Documents and Settings\All Users\Application Data\*.tmp files -> I:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/24 16:02:07 | 2614,904,864 | -HS- | M] () -- I:\WINDOWS\System32\drivers\fidbox.dat
[2010/12/24 15:39:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Emperor\Desktop\OTL.exe
[2010/12/24 11:59:08 | 000,130,560 | ---- | M] () -- I:\Documents and Settings\Emperor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/24 09:09:15 | 069,277,281 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/21 01:11:31 | 000,000,068 | ---- | M] () -- I:\WINDOWS\DVDRegionFree.INI
[2010/12/20 17:15:04 | 000,000,335 | ---- | M] () -- I:\WINDOWS\System32\vsconfig.xml
[2010/12/20 17:13:17 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/12/20 17:11:44 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/12/20 02:14:09 | 030,433,916 | -HS- | M] () -- I:\WINDOWS\System32\drivers\fidbox.idx
[2010/12/19 12:12:00 | 000,000,085 | ---- | M] () -- I:\WINDOWS\FinalAlert2.ini
[2010/12/17 17:40:06 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/17 03:26:58 | 000,269,392 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 03:09:04 | 000,001,393 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Emperor\Desktop\TDSSKiller.exe
[2010/12/12 15:21:50 | 000,437,012 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2010/12/12 15:21:50 | 000,069,480 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2010/12/03 22:53:02 | 000,001,542 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/02 12:59:18 | 000,056,884 | -H-- | M] () -- I:\WINDOWS\System32\mlfcache.dat
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\Documents and Settings\All Users\Application Data\*.tmp files -> I:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 22:53:02 | 000,001,542 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/29 08:44:35 | 000,000,085 | ---- | C] () -- I:\WINDOWS\FinalAlert2.ini
[2010/11/29 08:44:25 | 000,080,259 | ---- | C] () -- I:\Documents and Settings\Emperor\finalalert2log.txt
[2010/11/18 20:51:23 | 000,354,816 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[2010/07/06 23:04:10 | 000,165,376 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[2010/07/06 23:04:09 | 000,000,038 | ---- | C] () -- I:\WINDOWS\avisplitter.ini
[2010/07/06 23:04:08 | 000,790,528 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2010/07/06 23:04:08 | 000,134,144 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2010/07/06 23:04:07 | 000,108,032 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2010/07/04 12:53:07 | 000,000,034 | ---- | C] () -- I:\Documents and Settings\Emperor\Application Data\pcouffin.log
[2010/07/04 12:52:42 | 000,087,608 | ---- | C] () -- I:\Documents and Settings\Emperor\Application Data\inst.exe
[2010/07/04 12:52:42 | 000,007,887 | ---- | C] () -- I:\Documents and Settings\Emperor\Application Data\pcouffin.cat
[2010/07/04 12:52:42 | 000,001,144 | ---- | C] () -- I:\Documents and Settings\Emperor\Application Data\pcouffin.inf
[2009/10/21 20:05:11 | 000,021,504 | ---- | C] () -- I:\WINDOWS\jestertb.dll
[2009/02/08 16:32:15 | 000,000,000 | ---- | C] () -- I:\WINDOWS\iPlayer.INI
[2008/11/24 20:59:23 | 000,676,224 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2008/09/19 21:57:34 | 003,596,288 | ---- | C] () -- I:\WINDOWS\System32\qt-dx331.dll
[2008/09/03 06:23:41 | 000,000,150 | ---- | C] () -- I:\WINDOWS\MetroTimer.ini
[2008/07/14 16:44:01 | 000,057,344 | ---- | C] () -- I:\WINDOWS\System32\ADsSecurity.dll
[2008/07/14 16:44:01 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\zlib.dll
[2008/07/14 16:44:01 | 000,036,864 | ---- | C] () -- I:\WINDOWS\System32\dxinputdll.dll
[2007/12/24 02:37:38 | 000,001,775 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/17 14:16:20 | 000,040,960 | ---- | C] () -- I:\Program Files\Uninstall_CDS.exe
[2007/07/11 19:17:13 | 000,000,068 | ---- | C] () -- I:\WINDOWS\DVDRegionFree.INI
[2007/07/06 02:31:06 | 000,147,456 | ---- | C] () -- I:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/06 01:27:07 | 000,796,048 | ---- | C] () -- I:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/07/06 00:58:21 | 000,003,078 | ---- | C] () -- I:\WINDOWS\System32\bcmwlhom.ini
[2007/07/05 09:15:29 | 000,130,560 | ---- | C] () -- I:\Documents and Settings\Emperor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/05 01:35:45 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2007/04/19 12:26:00 | 000,581,632 | ---- | C] () -- I:\WINDOWS\System32\nvhwvid.dll
[2007/04/19 12:26:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/22 15:17:50 | 000,000,071 | ---- | C] () -- I:\WINDOWS\pn.ini
[2007/02/22 15:17:50 | 000,000,051 | ---- | C] () -- I:\WINDOWS\pr.ini
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010/10/26 12:06:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/07/11 19:03:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Azureus
[2007/07/06 01:27:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/07/05 14:57:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/09 20:22:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/30 23:38:41 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/24 19:23:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\aAvgApi
[2009/05/04 14:47:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\AVGTOOLBAR
[2010/12/24 16:07:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Azureus
[2008/03/31 15:18:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Command & Conquer 3 Kane's Wrath
[2007/07/09 10:43:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Command & Conquer 3 Tiberium Wars
[2009/10/31 16:33:21 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\FMZilla
[2008/11/27 00:40:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\GetRightToGo
[2009/10/31 16:43:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\GrabPro
[2010/07/05 19:29:25 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\HandBrake
[2008/07/14 16:47:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\KALiNKOsoft
[2007/07/13 11:55:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Leadertech
[2010/12/15 16:26:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Mp3tag
[2010/04/12 13:55:06 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\MPEG Streamclip
[2009/10/31 16:56:49 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Orbit
[2010/06/29 08:07:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\SystemRequirementsLab
[2010/07/06 17:35:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\Vso
[2010/04/22 22:50:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\WinFF
[2010/04/05 22:58:35 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Emperor\Application Data\X-Chat 2

========== Purity Check ==========



< End of report >


Thanks for your time, merry Xmas

Edited by BrokenXXI, 24 December 2010 - 10:14 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP