Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect problem. Please help.


  • This topic is locked This topic is locked

#1
mrpaul88

mrpaul88

    New Member

  • Member
  • Pip
  • 1 posts
Hello i am having the Google redirect problem and i have no clue whats going on i scanned everything and still it does it plz help.

What i did notice is that when i go to google and search something and right click it and click open in new tab it goes to the right place but if i just left click the link it redirects me to other weird search engine about the same topic.

Here is what i got from the OTL thing.

OTL logfile created on: 6/26/2011 9:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Mr. Paul\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.51% Memory free
3.50 Gb Paging File | 2.38 Gb Available in Paging File | 68.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 165.73 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.62 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive J: | 474.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRPAUL-PC | User Name: Mr. Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 21:06:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Mr. Paul\Downloads\OTL.exe
PRC - [2011/06/25 21:09:19 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/06/25 21:09:18 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/20 10:31:32 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/20 10:31:32 | 000,994,304 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 21:06:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Mr. Paul\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/25 21:09:21 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2011/06/25 21:09:18 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/30 16:45:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Disabled | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/25 21:09:22 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/06/25 21:09:22 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 15:02:53 | 000,359,424 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/06/11 16:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 3E 94 B3 B5 33 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 22:39:30 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/08/19 05:07:30 | 000,000,057 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a91aeadc-8d5f-11e0-80ab-002622e8af6e}\Shell - "" = AutoRun
O33 - MountPoints2\{a91aeadc-8d5f-11e0-80ab-002622e8af6e}\Shell\AutoRun\command - "" = J:\LAUNCHER\LAUNCHER.EXE -- [1998/12/23 16:55:38 | 001,809,920 | R--- | M] ()
O33 - MountPoints2\{c48e84ee-977c-11e0-8295-002622e8af6e}\Shell - "" = AutoRun
O33 - MountPoints2\{c48e84ee-977c-11e0-8295-002622e8af6e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fd4e9022-915b-11e0-b8f0-002622e8af6e}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4e9022-915b-11e0-b8f0-002622e8af6e}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 21:03:43 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mr. Paul\Desktop\TDSSKiller.exe
[2011/06/26 21:00:20 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\Desktop\GooredFix Backups
[2011/06/25 21:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/25 21:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/25 21:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/25 21:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/25 21:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/25 21:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet Protect
[2011/06/25 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Immunet
[2011/06/25 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/06/25 21:09:36 | 000,031,184 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
[2011/06/25 21:09:29 | 000,041,424 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetProtect.sys
[2011/06/25 21:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2011/06/25 21:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/06/25 21:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/06/25 21:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/25 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/25 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/25 13:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/25 12:29:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/25 12:19:14 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/06/25 12:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/25 12:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/25 12:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/24 22:50:21 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\AVG10
[2011/06/24 22:40:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/24 22:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/24 22:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/24 22:38:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/06/24 22:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/24 22:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/24 21:48:09 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Diagnostics
[2011/06/24 21:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/24 20:53:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/06/24 19:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/24 15:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/06/24 15:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/06/24 15:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/06/24 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/24 15:56:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/24 15:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Microsoft Help
[2011/06/24 15:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/06/24 15:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/06/19 13:00:53 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\Desktop\New folder
[2011/06/15 22:35:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/15 12:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2011/06/15 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/06/15 11:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2011/06/15 11:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2011/06/15 11:49:16 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\U3
[2011/06/14 16:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sure Delete
[2011/06/14 16:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sure Delete
[2011/06/14 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/14 09:04:17 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\RockMelt
[2011/06/12 13:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/12 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/10 19:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/10 19:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/10 19:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/07 17:29:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/07 17:29:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/06/07 17:21:41 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/06/02 16:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\GameHouse
[2011/06/02 16:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/06/02 16:50:18 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Desktop\Games
[2011/06/02 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bejeweled 3
[2011/06/02 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\NFS Underground 2
[2011/06/02 16:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2011/06/02 16:31:17 | 000,258,560 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe
[2011/06/02 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/06/02 16:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/06/02 16:23:43 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2011/06/02 16:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/06/02 14:08:35 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2011/06/01 20:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/01 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
[2011/06/01 17:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios Ltd
[2011/06/01 17:54:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/01 17:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/06/01 10:30:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/06/01 09:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\XtremeZone
[2011/06/01 03:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/31 20:43:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/31 20:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011/05/30 19:41:47 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Yahoo!
[2011/05/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/05/30 19:41:44 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/30 19:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/30 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\WinRAR
[2011/05/30 19:41:03 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/30 19:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/30 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/30 17:56:23 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Malwarebytes
[2011/05/30 17:54:58 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/30 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 17:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/30 17:54:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/30 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/30 17:09:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/05/30 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImTOO
[2011/05/30 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2011/05/30 12:53:47 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Media Player Classic
[2011/05/30 12:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
[2011/05/30 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (June 2010)
[2011/05/30 12:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2011/05/30 12:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2011/05/30 10:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Synaptics
[2011/05/30 10:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/05/30 10:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/05/30 10:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/05/30 10:00:34 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo9.dll
[2011/05/29 16:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/29 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Apple Computer
[2011/05/29 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Apple Computer
[2011/05/29 16:07:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/05/29 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/29 16:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/29 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/29 16:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/29 16:06:22 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Apple
[2011/05/29 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/29 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/29 16:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/29 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/29 15:58:52 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\GARMIN
[2011/05/29 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/05/29 15:58:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/05/29 15:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/29 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\uTorrent
[2011/05/29 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Macromedia
[2011/05/29 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Adobe
[2011/05/29 15:36:05 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/29 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Google
[2011/05/29 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Apps
[2011/05/29 15:35:13 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Deployment
[2011/05/29 15:32:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/05/29 14:51:29 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/29 14:51:29 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Searches
[2011/05/29 14:51:29 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/29 14:51:29 | 000,000,000 | -H-D | C] -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/29 14:51:10 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Identities
[2011/05/29 14:51:08 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Contacts
[2011/05/29 14:50:54 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\VirtualStore
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\AppData\Local\Temporary Internet Files
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Templates
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Start Menu
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\SendTo
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Recent
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\PrintHood
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\NetHood
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Documents\My Videos
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Documents\My Pictures
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Documents\My Music
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\My Documents
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Local Settings
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\AppData\Local\History
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Cookies
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\Application Data
[2011/05/29 14:50:45 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Paul\AppData\Local\Application Data
[2011/05/29 14:50:40 | 000,000,000 | --SD | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Videos
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Saved Games
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Pictures
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Music
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Links
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Favorites
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Downloads
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\My Documents
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\Desktop
[2011/05/29 14:50:40 | 000,000,000 | R--D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/29 14:50:40 | 000,000,000 | -H-D | C] -- C:\Users\Mr. Paul\AppData
[2011/05/29 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Temp
[2011/05/29 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Local\Microsoft
[2011/05/29 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Paul\AppData\Roaming\Media Center Programs
[2011/05/29 14:36:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/05/29 14:33:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2011/06/26 21:06:16 | 000,649,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/26 21:06:16 | 000,114,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 21:03:45 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mr. Paul\Desktop\TDSSKiller.exe
[2011/06/26 21:02:45 | 001,309,375 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\tdsskiller.zip
[2011/06/26 21:00:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/26 20:57:05 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\NAHGATI.job
[2011/06/26 20:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 20:56:19 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 20:53:36 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 20:53:36 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 20:50:01 | 000,000,098 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2011/06/26 20:47:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115752287-2364059150-3775384685-1002UA.job
[2011/06/26 18:36:29 | 119,932,600 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/26 14:47:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115752287-2364059150-3775384685-1002Core.job
[2011/06/25 21:33:49 | 001,250,426 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/25 21:32:57 | 097,814,528 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\avg_arl_cdi_all_100_110314a3685.iso
[2011/06/25 21:09:22 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetProtect.sys
[2011/06/25 21:09:22 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
[2011/06/25 20:56:31 | 000,302,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/25 13:49:11 | 015,282,999 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\STOP MOTION.flv.mp4
[2011/06/25 12:29:26 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/25 12:29:23 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/06/25 08:15:02 | 000,002,928 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/25 08:06:09 | 000,000,160 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/06/16 11:47:12 | 000,574,380 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\061611114002.jpg
[2011/06/16 11:40:26 | 000,620,200 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\061611114026.jpg
[2011/06/16 11:39:10 | 000,563,424 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\061611113911.jpg
[2011/06/15 12:57:50 | 000,000,281 | ---- | M] () -- C:\Windows\EReg072.dat
[2011/06/15 11:59:52 | 000,002,411 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011/06/14 14:45:53 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat
[2011/06/07 20:57:55 | 000,001,407 | ---- | M] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 20:30:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/04 22:13:40 | 082,868,673 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\060411220524.3gp
[2011/06/04 21:57:04 | 047,223,050 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\060411215223.3gp
[2011/06/04 21:52:18 | 003,715,610 | ---- | M] () -- C:\Users\Mr. Paul\Desktop\060411215155.3gp
[2011/06/02 16:31:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/02 16:31:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/31 09:27:38 | 000,006,030 | ---- | M] () -- C:\Users\Mr. Paul\Documents\cc_20110531_092724.reg
[2011/05/30 14:11:30 | 000,001,133 | ---- | M] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator.lnk
[2011/05/30 10:02:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/29 16:11:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/29 15:56:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/29 15:48:46 | 000,000,937 | ---- | M] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/29 14:37:26 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/05/29 14:35:50 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/26 21:02:19 | 001,309,375 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\tdsskiller.zip
[2011/06/26 20:50:01 | 000,000,098 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2011/06/26 18:36:29 | 119,932,600 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/25 21:32:25 | 001,250,426 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/25 21:08:55 | 097,814,528 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\avg_arl_cdi_all_100_110314a3685.iso
[2011/06/25 21:07:22 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/25 17:46:34 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/06/25 13:46:18 | 015,282,999 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\STOP MOTION.flv.mp4
[2011/06/25 08:06:09 | 000,000,160 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/06/25 07:05:46 | 000,002,928 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/24 21:50:09 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\NAHGATI.job
[2011/06/16 11:46:30 | 000,567,870 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\20110316192744.3gp
[2011/06/16 11:45:54 | 047,223,050 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\060411215223.3gp
[2011/06/16 11:45:44 | 003,715,610 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\060411215155.3gp
[2011/06/16 11:45:27 | 082,868,673 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\060411220524.3gp
[2011/06/16 11:44:39 | 000,563,424 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\061611113911.jpg
[2011/06/16 11:44:36 | 000,620,200 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\061611114026.jpg
[2011/06/16 11:44:34 | 000,574,380 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\061611114002.jpg
[2011/06/15 12:57:50 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/06/15 11:57:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/06/15 11:57:52 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/06/15 11:57:12 | 000,595,816 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\Cool Mac Wallpapers HD Boring Schools-453122.jpeg
[2011/06/15 11:57:12 | 000,252,327 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\202009_10150543552700615_520355614_17806434_4678123_o.jpg
[2011/06/15 11:57:12 | 000,108,716 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\a54f28b5-26c3-11de-9725-a3a7a16eb344.jpg
[2011/06/15 11:57:12 | 000,099,156 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\20110411165658-picsay.jpg
[2011/06/15 11:57:12 | 000,050,357 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\20110411165516-picsay.jpg
[2011/06/15 11:55:56 | 733,829,120 | ---- | C] () -- C:\Users\Mr. Paul\Desktop\Jumper[2008]DvDrip.AC3-aXXo.avi
[2011/06/14 14:45:53 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/07 20:30:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/06/07 17:23:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/07 17:22:50 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/06/07 17:21:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/07 17:21:09 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/06/07 17:20:54 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/06/02 16:31:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/02 16:31:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/31 09:27:33 | 000,006,030 | ---- | C] () -- C:\Users\Mr. Paul\Documents\cc_20110531_092724.reg
[2011/05/30 14:11:30 | 000,001,133 | ---- | C] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator.lnk
[2011/05/30 10:02:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/29 16:06:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/29 15:56:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/29 15:48:46 | 000,000,937 | ---- | C] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/29 15:35:31 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115752287-2364059150-3775384685-1002UA.job
[2011/05/29 15:35:30 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115752287-2364059150-3775384685-1002Core.job
[2011/05/29 15:34:13 | 000,001,407 | ---- | C] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/29 14:51:34 | 000,001,413 | ---- | C] () -- C:\Users\Mr. Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/29 14:50:40 | 000,000,290 | ---- | C] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/29 14:50:40 | 000,000,272 | ---- | C] () -- C:\Users\Mr. Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/29 14:37:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/29 14:37:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/29 14:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/29 14:33:01 | 1408,045,056 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,302,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,649,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,114,970 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/24 22:50:21 | 000,000,000 | ---D | M] -- C:\Users\Mr. Paul\AppData\Roaming\AVG10
[2011/05/29 15:58:53 | 000,000,000 | ---D | M] -- C:\Users\Mr. Paul\AppData\Roaming\GARMIN
[2011/05/30 10:04:18 | 000,000,000 | ---D | M] -- C:\Users\Mr. Paul\AppData\Roaming\Synaptics
[2011/06/25 20:37:01 | 000,000,000 | ---D | M] -- C:\Users\Mr. Paul\AppData\Roaming\uTorrent
[2011/06/26 20:57:05 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\NAHGATI.job
[2009/07/13 21:53:46 | 000,009,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi mrpaul88,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your malware problem.

If for any reason you do not understand any of the instructions, or are just unsure then please post back with your question, and we will go through it :)



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O33 - MountPoints2\{a91aeadc-8d5f-11e0-80ab-002622e8af6e}\Shell - "" = AutoRun
    O33 - MountPoints2\{a91aeadc-8d5f-11e0-80ab-002622e8af6e}\Shell\AutoRun\command - "" = J:\LAUNCHER\LAUNCHER.EXE -- [1998/12/23 16:55:38 | 001,809,920 | R--- | M] ()
    O33 - MountPoints2\{c48e84ee-977c-11e0-8295-002622e8af6e}\Shell - "" = AutoRun
    O33 - MountPoints2\{c48e84ee-977c-11e0-8295-002622e8af6e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{fd4e9022-915b-11e0-b8f0-002622e8af6e}\Shell - "" = AutoRun
    O33 - MountPoints2\{fd4e9022-915b-11e0-b8f0-002622e8af6e}\Shell\AutoRun\command - "" = H:\start.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done




Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP