Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Been Google Hijacked HELP!

Started by Madara , May 06 2011 10:10 PM

This topic is locked

#1
Madara

Posted 06 May 2011 - 10:10 PM

Member

Member
40 posts

Recently been getting sent to different links when i am on google and getting random tab pop-ups when on firefox anyone help me out here?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:42 PM, on 5/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.neffi...ffyLauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7276 bytes

#2
Essexboy

Posted 07 May 2011 - 06:11 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi ther unfortunately Hijackthis does not give us sufficient data to see the problem

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Madara

Posted 07 May 2011 - 07:09 AM

Member

Topic Starter
Member
40 posts

Here is the aswMBR log.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-07 08:05:12
-----------------------------
08:05:12.734 OS Version: Windows 5.1.2600 Service Pack 3
08:05:12.734 Number of processors: 1 586 0x4F02
08:05:12.765 ComputerName: SAMUEL-D27BC6AB UserName: Samuel
08:05:13.796 Initialize success
08:05:30.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
08:05:30.609 Disk 0 Vendor: WDC_WD1600AAJS-75PSA0 05.06H05 Size: 152587MB BusType: 3
08:05:30.609 Device \Device\00000073 -> \??\IDE#DiskWDC_WD1600AAJS-75PSA0___________________05.06H05#2020202057202D444D5750413839313637343834#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
08:05:30.609 Disk 0 MBR read error 0
08:05:30.609 Disk 0 MBR scan
08:05:30.609 Disk 0 unknown MBR code
08:05:30.609 MBR BIOS signature not found 0
08:05:30.625 Disk 0 scanning sectors +312480315
08:05:30.625 Disk 0 scanning C:\WINDOWS\system32\drivers
08:05:42.078 Service scanning
08:05:43.578 Disk 0 trace - called modules:
08:05:43.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85f3d4f0]<<
08:05:43.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86040ab8]
08:05:43.593 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000075[0x85ea2ba0]
08:05:43.968 5 ACPI.sys[f7253620] -> nt!IofCallDriver -> [0x85f88030]
08:05:43.968 \Driver\nvata[0x85f4edf0] -> IRP_MJ_CREATE -> 0x85f3d4f0
08:05:43.968 Scan finished successfully
08:06:23.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Samuel\Desktop\MBR.dat"
08:06:23.578 The log file has been saved successfully to "C:\Documents and Settings\Samuel\Desktop\aswMBR Log.txt"

#4
Essexboy

Posted 07 May 2011 - 07:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm that might need deeper investigation, but lets see what OTL reports first

#5
Madara

Posted 07 May 2011 - 07:34 AM

Member

Topic Starter
Member
40 posts

OTL logfile created on: 5/7/2011 8:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Samuel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 18.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 93.26 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
Drive H: | 10.00 Gb Total Space | 8.73 Gb Free Space | 87.31% Space Free | Partition Type: NTFS

Computer Name: SAMUEL-D27BC6AB | User Name: Samuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
PRC - [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 21:13:34 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/14 05:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/03 20:03:58 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/03/01 14:29:00 | 003,912,008 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (EagleXNt)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/16 18:52:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/09 19:06:13 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/31 23:33:51 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 19:45:20 | 000,012,192 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/06/01 16:44:00 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
IE - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1C40CF7A-C356-4144-B10B-67C1F1B5E71C}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://search.search...10101052100&s="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search...10101052100&s="

FF - HKLM\software\mozilla\Firefox\extensions\\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C}: C:\Documents and Settings\Samuel\Local Settings\Application Data\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C} [2010/06/19 11:34:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/04/17 04:51:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:43:43 | 000,000,000 | ---D | M]

[2009/01/24 20:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Extensions
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions
[2009/11/20 20:30:55 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/04/07 00:51:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/25 12:02:16 | 000,002,574 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\askcom.xml
[2011/02/25 14:41:33 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\bing.xml
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/17 04:51:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/07/25 07:31:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/04 04:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/06 20:43:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/06 20:43:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/10 08:34:02 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/14 04:48:44 | 000,415,987 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14384 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found
O4 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..\Run: [DAEMON Tools] File not found
O4 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Samuel\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (GSDACtl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {CB0A0BE8-AF3C-B1D2-C901-A0C141D91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/16 17:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70382354929025024)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 08:09:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:05:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/04 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 21:16:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\HiJackThis
[2011/05/04 18:05:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/04 17:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 5
[2011/05/04 17:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\temp
[2011/05/01 18:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\Joymax
[2011/05/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Silkroad
[2011/04/18 03:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\NetmarbleGlobal
[2011/04/18 02:06:03 | 000,378,408 | ---- | C] (CJInternet Inc.) -- C:\WINDOWS\glbNMDownloaderUpdater.exe
[2011/04/18 02:06:02 | 000,804,368 | ---- | C] (CJ internet) -- C:\WINDOWS\GlbNMUpdater.exe
[2011/04/18 02:05:06 | 000,475,136 | ---- | C] (Netmarble) -- C:\WINDOWS\npGlbNMFFUpdaterModule.dll
[2011/04/18 02:05:06 | 000,090,112 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMVistaUpdater.exe
[2011/04/17 04:51:53 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/17 04:46:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Samuel\Recent
[2011/04/13 23:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tales of Pirates II
[2011/04/13 22:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Tales of Pirates II
[2011/04/10 16:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:06:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/07 08:04:57 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/07 07:37:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 07:36:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 01:25:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 23:07:23 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\HiJackThis.lnk
[2011/05/06 18:36:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2011/05/06 16:48:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/04 21:16:41 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 17:44:42 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/04 15:48:41 | 1005,084,672 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/01 18:08:17 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 18:00:04 | 040,630,489 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/05/01 17:33:42 | 125,976,576 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/17 04:51:53 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA2.CAB
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA1.CAB
[2011/04/15 02:00:27 | 022,244,723 | ---- | M] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files Created - No Company Name ==========

[2011/05/07 08:06:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/06 21:03:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 20:43:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 17:44:42 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/01 18:08:17 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 17:29:33 | 125,976,576 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/05/01 17:24:26 | 040,630,489 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2011/04/14 23:47:46 | 022,244,723 | ---- | C] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/10 16:27:50 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/03/19 21:01:32 | 000,013,370 | -HS- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\l6qc140707qi6p1g667l23y6t7vv5vxiy
[2011/03/19 21:01:32 | 000,013,370 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l6qc140707qi6p1g667l23y6t7vv5vxiy
[2011/03/10 17:48:27 | 000,012,138 | -HS- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\3497959829
[2011/03/10 17:48:27 | 000,012,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3497959829
[2010/10/05 15:04:52 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/05 15:04:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/05 15:04:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/16 18:31:47 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/07/20 22:12:23 | 001,032,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/19 11:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcogeyak.bin
[2010/06/19 11:34:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gpofijevulasejad.dat
[2010/04/03 22:55:32 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/12 23:22:39 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/12 03:33:36 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2010/01/12 03:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\prvlcl.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/04 10:12:21 | 000,000,895 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/02/19 12:37:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/02/13 18:30:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/24 20:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/10 18:33:42 | 000,004,389 | ---- | C] () -- C:\Program Files\vacache.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 12:54:17 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/08/26 03:51:49 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\fusioncache.dat
[2008/08/25 21:03:57 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/25 21:03:50 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/08/25 21:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/08/25 17:47:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/07 22:51:54 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/18 14:37:15 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/16 19:06:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/16 18:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/16 18:56:28 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/12/16 18:56:26 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/16 18:56:26 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/16 18:56:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/16 18:42:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/16 17:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/16 17:24:38 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/16 14:53:24 | 000,484,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/12/16 14:53:24 | 000,080,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/12/16 14:53:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/12/16 11:19:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/16 11:18:06 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2007/12/16 19:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/08/16 18:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/28 19:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/11/01 22:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/06/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2009/11/09 23:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2009/01/21 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/07 06:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/04/08 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/04/14 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/09 12:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/14 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2009/01/28 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/08/14 02:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\A7673F4A3AFBA08C8FFAE97D1F40F0A9
[2009/11/04 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\BitTorrent
[2009/08/22 02:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DAEMON Tools Lite
[2011/05/07 08:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DNA
[2009/03/06 21:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\dyyno-vlc
[2009/11/11 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\FOG Downloader
[2009/08/28 22:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\GetRightToGo
[2010/03/28 23:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/26 14:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\OxelonMC
[2011/05/05 15:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\PriceGong
[2011/04/26 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Sony Online Entertainment
[2010/10/05 14:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\SystemRequirementsLab
[2009/12/07 22:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\TeamViewer
[2010/01/09 15:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Uniblue
[2011/05/06 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\uTorrent
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/06 18:36:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2011/05/01 18:00:04 | 040,630,489 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/05/01 17:33:42 | 125,976,576 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/06 20:43:38 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/06 20:43:38 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/06 20:43:38 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/06/23 07:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/06/23 07:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/06/23 07:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/01/29 15:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/01/29 15:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/01/29 15:08:38 | 003,583,272 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/01/29 15:08:38 | 003,583,272 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76

< End of report >

#6
Essexboy

Posted 07 May 2011 - 07:42 AM

GeekU Moderator

Retired Staff
69,964 posts

On completion of this run could you let me know if the redirects still occur

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1450960922-1801674531-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2011/05/06 18:36:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2011/03/19 21:01:32 | 000,013,370 | -HS- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\l6qc140707qi6p1g667l23y6t7vv5vxiy
[2011/03/19 21:01:32 | 000,013,370 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l6qc140707qi6p1g667l23y6t7vv5vxiy
[2011/03/10 17:48:27 | 000,012,138 | -HS- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\3497959829
[2011/03/10 17:48:27 | 000,012,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3497959829
[2010/06/19 11:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fcogeyak.bin
[2010/06/19 11:34:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gpofijevulasejad.dat
[2010/08/16 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/05 15:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\PriceGong

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#7
Madara

Posted 07 May 2011 - 07:44 AM

Member

Topic Starter
Member
40 posts

K i will let you know

#8
Madara

Posted 07 May 2011 - 08:07 AM

Member

Topic Starter
Member
40 posts

OTL logfile created on: 5/7/2011 9:02:20 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Samuel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 93.24 Gb Free Space | 67.10% Space Free | Partition Type: NTFS
Drive H: | 10.00 Gb Total Space | 8.73 Gb Free Space | 87.31% Space Free | Partition Type: NTFS

Computer Name: SAMUEL-D27BC6AB | User Name: Samuel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
PRC - [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 05:42:34 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/03 20:03:58 | 003,274,328 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/03/01 14:29:00 | 003,912,008 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/16 18:52:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/09 19:06:13 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/31 23:33:51 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 19:45:20 | 000,012,192 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/06/01 16:44:00 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1C40CF7A-C356-4144-B10B-67C1F1B5E71C}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://search.search...10101052100&s="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search...10101052100&s="

FF - HKLM\software\mozilla\Firefox\extensions\\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C}: C:\Documents and Settings\Samuel\Local Settings\Application Data\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C} [2010/06/19 11:34:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/04/17 04:51:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:43:43 | 000,000,000 | ---D | M]

[2009/01/24 20:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Extensions
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions
[2009/11/20 20:30:55 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/04/07 00:51:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/25 12:02:16 | 000,002,574 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\askcom.xml
[2011/02/25 14:41:33 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\bing.xml
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/17 04:51:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/07/25 07:31:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/04 04:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/06 20:43:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/06 20:43:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/10 08:34:02 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2011/05/07 08:47:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\Samuel\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (GSDACtl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {CB0A0BE8-AF3C-B1D2-C901-A0C141D91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/16 17:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 08:47:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 08:09:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:05:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/04 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 21:16:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\HiJackThis
[2011/05/04 18:05:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/04 17:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 5
[2011/05/04 17:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\temp
[2011/05/01 18:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\Joymax
[2011/05/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Silkroad
[2011/04/18 03:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\NetmarbleGlobal
[2011/04/18 02:06:03 | 000,378,408 | ---- | C] (CJInternet Inc.) -- C:\WINDOWS\glbNMDownloaderUpdater.exe
[2011/04/18 02:06:02 | 000,804,368 | ---- | C] (CJ internet) -- C:\WINDOWS\GlbNMUpdater.exe
[2011/04/18 02:05:06 | 000,475,136 | ---- | C] (Netmarble) -- C:\WINDOWS\npGlbNMFFUpdaterModule.dll
[2011/04/18 02:05:06 | 000,090,112 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMVistaUpdater.exe
[2011/04/17 04:51:53 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/17 04:46:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Samuel\Recent
[2011/04/13 23:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tales of Pirates II
[2011/04/13 22:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Tales of Pirates II
[2011/04/10 16:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/05/07 09:00:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 08:59:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 08:47:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:06:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/07 08:04:57 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/07 01:25:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 23:07:23 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\HiJackThis.lnk
[2011/05/06 16:48:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/04 21:16:41 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 17:44:42 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/04 15:48:41 | 1005,084,672 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/01 18:08:17 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 18:00:04 | 040,630,489 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/05/01 17:33:42 | 125,976,576 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/17 04:51:53 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA2.CAB
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA1.CAB
[2011/04/15 02:00:27 | 022,244,723 | ---- | M] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files Created - No Company Name ==========

[2011/05/07 08:06:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/06 21:03:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 20:43:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 17:44:42 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/01 18:08:17 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 17:29:33 | 125,976,576 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/05/01 17:24:26 | 040,630,489 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2011/04/14 23:47:46 | 022,244,723 | ---- | C] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/10 16:27:50 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/10/05 15:04:52 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/05 15:04:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/05 15:04:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/16 18:31:47 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/07/20 22:12:23 | 001,032,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/03 22:55:32 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/12 23:22:39 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/12 03:33:36 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2010/01/12 03:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\prvlcl.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/04 10:12:21 | 000,000,895 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/02/19 12:37:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/02/13 18:30:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/24 20:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/10 18:33:42 | 000,004,389 | ---- | C] () -- C:\Program Files\vacache.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 12:54:17 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/08/26 03:51:49 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\fusioncache.dat
[2008/08/25 21:03:57 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/25 21:03:50 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/08/25 21:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/08/25 17:47:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/07 22:51:54 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/18 14:37:15 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/16 19:06:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/16 18:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/16 18:56:28 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/12/16 18:56:26 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/16 18:56:26 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/16 18:56:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/16 18:42:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/16 17:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/16 17:24:38 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/16 14:53:24 | 000,484,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/12/16 14:53:24 | 000,080,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/12/16 14:53:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/12/16 11:19:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/16 11:18:06 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2007/12/16 19:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/08/16 18:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/28 19:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/11/01 22:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/06/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2009/11/09 23:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2009/01/21 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/07 06:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/04/08 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/04/14 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/09 12:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/14 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2009/01/28 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/08/14 02:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\A7673F4A3AFBA08C8FFAE97D1F40F0A9
[2009/11/04 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\BitTorrent
[2009/08/22 02:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DAEMON Tools Lite
[2011/05/07 08:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DNA
[2009/03/06 21:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\dyyno-vlc
[2009/11/11 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\FOG Downloader
[2009/08/28 22:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\GetRightToGo
[2010/03/28 23:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/26 14:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\OxelonMC
[2011/04/26 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Sony Online Entertainment
[2010/10/05 14:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\SystemRequirementsLab
[2009/12/07 22:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\TeamViewer
[2010/01/09 15:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Uniblue
[2011/05/06 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\uTorrent
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76

< End of report >

#9
Essexboy

Posted 07 May 2011 - 08:09 AM

GeekU Moderator

Retired Staff
69,964 posts

Are the redirects still present ?

#10
Madara

Posted 07 May 2011 - 08:17 AM

Member

Topic Starter
Member
40 posts

Hmm seems fine i clicked the same link again and again nothing happen tho i am still getting the random tab pop up

#11
Essexboy

Posted 07 May 2011 - 09:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Are you getting the popups in IE, Firefox or both ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..keyword.URL: "http://search.search...10101052100&s="
FF - user.js..keyword.URL: "http://search.search...10101052100&s="

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#12
Madara

Posted 07 May 2011 - 02:38 PM

Member

Topic Starter
Member
40 posts

Hmm nothing popped up the moment firefox came up think you got it

OTL logfile created on: 5/7/2011 3:29:53 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Samuel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 93.24 Gb Free Space | 67.10% Space Free | Partition Type: NTFS
Drive H: | 10.00 Gb Total Space | 8.73 Gb Free Space | 87.31% Space Free | Partition Type: NTFS

Computer Name: SAMUEL-D27BC6AB | User Name: Samuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
PRC - [2011/05/06 20:43:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/12 21:13:34 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/14 05:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/03 20:03:58 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/03/01 14:29:00 | 003,912,008 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/16 18:52:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/09 19:06:13 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/31 23:33:51 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 19:45:20 | 000,012,192 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/06/01 16:44:00 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.netmarble.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1C40CF7A-C356-4144-B10B-67C1F1B5E71C}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C}: C:\Documents and Settings\Samuel\Local Settings\Application Data\{1C40CF7A-C356-4144-B10B-67C1F1B5E71C} [2010/06/19 11:34:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/04/17 04:51:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 20:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 20:43:43 | 000,000,000 | ---D | M]

[2009/01/24 20:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Extensions
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions
[2009/11/20 20:30:55 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/04/07 00:51:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/25 12:02:16 | 000,002,574 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\askcom.xml
[2011/02/25 14:41:33 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nuyvtaef.default\searchplugins\bing.xml
[2011/05/06 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/17 04:51:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/07/25 07:31:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/04 04:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/06 20:43:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/06 20:43:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/10 08:34:02 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2011/05/07 15:26:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\Samuel\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (GSDACtl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Samuel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {CB0A0BE8-AF3C-B1D2-C901-A0C141D91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/16 17:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 08:47:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 08:09:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:05:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/04 21:19:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 21:16:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 18:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\HiJackThis
[2011/05/04 18:05:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/04 17:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 5
[2011/05/04 17:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\temp
[2011/05/01 18:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\Joymax
[2011/05/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Silkroad
[2011/04/18 03:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samuel\Start Menu\Programs\NetmarbleGlobal
[2011/04/18 02:06:03 | 000,378,408 | ---- | C] (CJInternet Inc.) -- C:\WINDOWS\glbNMDownloaderUpdater.exe
[2011/04/18 02:06:02 | 000,804,368 | ---- | C] (CJ internet) -- C:\WINDOWS\GlbNMUpdater.exe
[2011/04/18 02:05:06 | 000,475,136 | ---- | C] (Netmarble) -- C:\WINDOWS\npGlbNMFFUpdaterModule.dll
[2011/04/18 02:05:06 | 000,090,112 | ---- | C] (Netmarble) -- C:\WINDOWS\GlbNMVistaUpdater.exe
[2011/04/17 04:51:53 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/17 04:46:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Samuel\Recent
[2011/04/13 23:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tales of Pirates II
[2011/04/13 22:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Tales of Pirates II
[2011/04/10 16:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/10 16:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/05/07 15:28:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 15:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 08:09:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTL.exe
[2011/05/07 08:06:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/07 08:04:57 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Samuel\Desktop\aswMBR.exe
[2011/05/07 01:25:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 23:07:23 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\HiJackThis.lnk
[2011/05/06 16:48:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/04 21:16:41 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samuel\Desktop\OTM.exe
[2011/05/04 17:44:42 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/04 15:48:41 | 1005,084,672 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/01 18:08:17 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 18:00:04 | 040,630,489 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/05/01 17:33:42 | 125,976,576 | ---- | M] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/17 04:51:53 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA2.CAB
[2011/04/15 02:06:58 | 1782,579,200 | ---- | M] () -- C:\Program Files\DATA1.CAB
[2011/04/15 02:00:27 | 022,244,723 | ---- | M] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files Created - No Company Name ==========

[2011/05/07 08:06:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\MBR.dat
[2011/05/06 21:03:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 20:43:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 17:44:42 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/05/01 18:08:17 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Silkroad.lnk
[2011/05/01 17:29:33 | 125,976,576 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298.exe
[2011/05/01 17:24:26 | 040,630,489 | ---- | C] () -- C:\SilkroadOnline_GlobalOfficial_v1_298(for_v1_295_297).exe
[2011/04/20 02:21:22 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Uncharted Waters Online.Lnk
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2011/04/14 23:47:46 | 1782,579,200 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2011/04/14 23:47:46 | 022,244,723 | ---- | C] () -- C:\Program Files\DATA3.CAB
[2011/04/13 23:03:14 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Samuel\Desktop\Tales of Pirates II.lnk
[2011/04/10 16:27:50 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/10/05 15:04:52 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/05 15:04:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/05 15:04:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/16 18:31:47 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/07/20 22:12:23 | 001,032,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/03 22:55:32 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/12 23:22:39 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/12 03:33:36 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2010/01/12 03:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\prvlcl.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/04 10:12:21 | 000,000,895 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/02/19 12:37:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/02/13 18:30:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/24 20:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/10 18:33:42 | 000,004,389 | ---- | C] () -- C:\Program Files\vacache.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 12:54:17 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/08/26 03:51:49 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\fusioncache.dat
[2008/08/25 21:03:57 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/25 21:03:50 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/08/25 21:02:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/08/25 17:47:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/07 22:51:54 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Samuel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/18 14:37:15 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/16 19:06:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/16 18:58:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/16 18:56:28 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/12/16 18:56:26 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/16 18:56:26 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/16 18:56:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/16 18:42:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/16 17:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/16 17:24:38 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/16 14:53:24 | 000,484,100 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/12/16 14:53:24 | 000,080,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/12/16 14:53:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/12/16 11:19:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/16 11:18:06 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 01:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 01:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2007/12/16 19:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/08/16 18:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/28 19:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/11/01 22:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/06/27 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2009/11/09 23:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2009/01/21 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/07 06:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/04/08 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2011/04/14 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/11/09 12:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/14 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2009/01/28 09:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/08/14 02:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\A7673F4A3AFBA08C8FFAE97D1F40F0A9
[2009/11/04 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\BitTorrent
[2009/08/22 02:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DAEMON Tools Lite
[2011/05/07 15:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\DNA
[2009/03/06 21:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\dyyno-vlc
[2009/11/11 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\FOG Downloader
[2009/08/28 22:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\GetRightToGo
[2010/03/28 23:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/26 14:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\OxelonMC
[2011/04/26 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Sony Online Entertainment
[2010/10/05 14:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\SystemRequirementsLab
[2009/12/07 22:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\TeamViewer
[2010/01/09 15:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\Uniblue
[2011/05/06 14:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel\Application Data\uTorrent
[2011/05/05 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/06 00:58:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/06 06:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/06 12:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/03 18:58:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76

< End of report >

#13
Essexboy

Posted 07 May 2011 - 02:50 PM

GeekU Moderator

Retired Staff
69,964 posts

So are you a happy bunny now

Any further problems ?

#14
Madara

Posted 07 May 2011 - 03:05 PM

Member

Topic Starter
Member
40 posts

Ya i more thing some reason my windows updates dont work try and put install but let me choose when to actually download but nothing happens it just stays down think it might of acutally disable my windows XP updates

#15
Essexboy

Posted 07 May 2011 - 03:06 PM

GeekU Moderator

Retired Staff
69,964 posts

OK windows update repair coming up

Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode

Once done try windows updates again