BleepingComputer.com: Browser redirect and hijacking/ cannot scan or remove folders

Perhaps if a Microsoft employee explained it...

I await the Process Explorer log.

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le

Hey m0le sorry I haven't been around, just been busy and I also forgot my pw for bleepingcomputer. Here is the log as requested.




Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 < 0.01 0 K 24 K
System 4 < 0.01 0 K 62,676 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 460 620 K 1,144 K Windows Session Manager Microsoft Corporation
csrss.exe 528 < 0.01 3,232 K 8,572 K Client Server Runtime Process Microsoft Corporation
wininit.exe 580 1,940 K 5,284 K Windows Start-Up Application Microsoft Corporation
services.exe 636 < 0.01 3,628 K 8,572 K Services and Controller app Microsoft Corporation
svchost.exe 852 < 0.01 4,088 K 8,220 K Host Process for Windows Services Microsoft Corporation
dllhost.exe 1408 2,052 K 5,548 K COM Surrogate Microsoft Corporation
WmiPrvSE.exe 3600 4,316 K 8,564 K WMI Provider Host Microsoft Corporation
unsecapp.exe 3932 3,012 K 6,136 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
nvvsvc.exe 896 4,504 K 8,376 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
nvxdsync.exe 1264 9,820 K 19,068 K NVIDIA User Experience Driver Component NVIDIA Corporation
nvtray.exe 1036 7,780 K 13,992 K NVIDIA Settings NVIDIA Corporation
nvvsvc.exe 1276 < 0.01 6,880 K 13,444 K NVIDIA Driver Helper Service, Version 285.62 NVIDIA Corporation
nvSCPAPISvr.exe 908 4,040 K 6,680 K Stereo Vision Control Panel API Server NVIDIA Corporation
svchost.exe 948 < 0.01 6,112 K 10,116 K Host Process for Windows Services Microsoft Corporation
svchost.exe 324 19,100 K 17,812 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 656 19,140 K 22,400 K Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 468 < 0.01 209,452 K 215,964 K Host Process for Windows Services Microsoft Corporation
WUDFHost.exe 2340 4,072 K 6,708 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
dwm.exe 2444 2,088 K 5,168 K Desktop Window Manager Microsoft Corporation
WUDFHost.exe 2824 3,652 K 6,748 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
svchost.exe 500 < 0.01 30,072 K 39,788 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2576 3,216 K 7,860 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 2708 10,608 K 12,700 K Task Scheduler Engine Microsoft Corporation
svchost.exe 276 2,784 K 6,284 K Host Process for Windows Services Microsoft Corporation
SLsvc.exe 504 9,312 K 14,192 K Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1092 11,420 K 18,228 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1236 27,112 K 31,280 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1596 < 0.01 8,368 K 13,200 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1620 < 0.01 30,468 K 36,120 K Host Process for Windows Services Microsoft Corporation
SASCore64.exe 2028 < 0.01 2,504 K 4,736 K Core Service SUPERAntiSpyware.com
armsvc.exe 2040 2,488 K 4,796 K Adobe Acrobat Update Service Adobe Systems Incorporated
AppleMobileDeviceService.exe 1224 < 0.01 6,136 K 12,304 K MobileDeviceService Apple Inc.
mDNSResponder.exe 1292 2,520 K 5,756 K Bonjour Service Apple Inc.
ccSvcHst.exe 1680 0.38 63,812 K 11,132 K Symantec Service Framework Symantec Corporation
ccSvcHst.exe 1668 < 0.01 25,264 K 6,096 K Symantec Service Framework Symantec Corporation
PnkBstrA.exe 1720 < 0.01 2,492 K 4,880 K
svchost.exe 1676 2,504 K 6,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2060 5,996 K 9,512 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2136 1,496 K 3,364 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 2272 < 0.01 56,264 K 53,180 K Microsoft Windows Search Indexer Microsoft Corporation
wmpnetwk.exe 3836 < 0.01 8,108 K 15,076 K Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 3512 2,372 K 31,748 K Host Process for Windows Services Microsoft Corporation
HPHC_Service.exe 4008 22,636 K 14,432 K HP Health Check Service Hewlett-Packard
mbamservice.exe 3872 < 0.01 111,468 K 43,428 K Malwarebytes Anti-Malware Malwarebytes Corporation
daemonu.exe 812 < 0.01 4,620 K 11,148 K NVIDIA Settings Update Manager NVIDIA Corporation
lsass.exe 652 < 0.01 4,756 K 3,116 K Local Security Authority Process Microsoft Corporation
lsm.exe 660 3,512 K 5,744 K Local Session Manager Service Microsoft Corporation
csrss.exe 604 < 0.01 13,888 K 13,016 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 736 3,492 K 8,336 K Windows Logon Application Microsoft Corporation
explorer.exe 2452 < 0.01 36,772 K 51,836 K Windows Explorer Microsoft Corporation
nvraidservice.exe 2208 4,260 K 8,236 K NVIDIA RAID Service English language NVIDIA Corporation
wmpnscfg.exe 3152 2,560 K 6,544 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
firefox.exe 2924 < 0.01 207,612 K 235,600 K Firefox Mozilla Corporation
plugin-container.exe 1000 < 0.01 26,076 K 32,988 K Plugin Container for Firefox Mozilla Corporation
lexplore.exe.exe 2116 2,736 K 7,316 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lexplore.exe64.exe 4248 < 0.01 18,796 K 28,804 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lexplore.exe.exe 2168 2,728 K 6,272 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lexplore.exe64.exe 3548 0.38 21,164 K 30,492 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mbamgui.exe 2016 2,956 K 7,756 K Malwarebytes Anti-Malware Malwarebytes Corporation
explorer.exe 4104 17,764 K 26,464 K Windows Explorer Microsoft Corporation

Quote

All these svchost entries showed the same legitimate signature.


I will do one final scan to check for leftovers manually but I think you are clean

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Hey m0le I forgot to tell you thank you. Thanks for the time you've put in just to help someone like me out. It's good to know their are people like you and the other mods, that willing to sacrifice your time to help someone with a problem they are having. So I just wanted to thank you. Here are the logs as requested. BTW SAS is still picking up the same spyware it was before.. I've ran and cleaned everything this morning but I think I'll run it again too see how much of it I got rid of.

OTL logfile created on: 2/8/2012 11:07:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CoolStory\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 78.01% Memory free
14.26 Gb Paging File | 12.89 Gb Available in Paging File | 90.36% Paging File free
Paging file location(s): c:\pagefile.sys 8829 11000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.97 Gb Total Space | 420.99 Gb Free Space | 72.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.78 Gb Free Space | 13.47% Space Free | Partition Type: NTFS

Computer Name: COOLSTORY-PC | User Name: CoolStory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CoolStory\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120208.019\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120208.019\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120208.002\IDSviA64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/01/09 06:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/01/09 02:53:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/02 13:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/07 23:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CoolStory\AppData\Roaming\Mozilla\Extensions
[2012/01/09 23:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CoolStory\AppData\Roaming\Mozilla\Firefox\Profiles\lwb00xq6.default\extensions
[2012/01/09 23:30:41 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\CoolStory\AppData\Roaming\Mozilla\Firefox\Profiles\lwb00xq6.default\extensions\battlefieldplay4free@ea.com
[2012/02/08 20:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/02 13:30:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/02 13:30:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011/12/20 23:30:41 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/12/20 23:30:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/12/20 23:30:41 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\CoolStory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\CoolStory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\CoolStory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/25 21:42:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7147E6F5-DD4B-48C7-8EB0-3D54C2A9CE6F}: NameServer = 65.32.5.111,65.32.5.112
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 11:08:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\CoolStory\Desktop\OTL.exe
[2012/02/05 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Desktop\ProcessExplorer
[2012/02/03 12:58:14 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/02/03 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/29 02:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2012/01/27 23:30:09 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/27 23:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/27 23:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/27 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/27 16:21:13 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Documents\ConvertXToDVD
[2012/01/27 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Vso
[2012/01/27 15:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/01/27 15:26:17 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll
[2012/01/27 15:26:17 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2012/01/27 15:26:17 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\Pncrt.dll
[2012/01/27 15:26:17 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv43260.dll
[2012/01/27 15:26:17 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv33260.dll
[2012/01/27 15:26:17 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv23260.dll
[2012/01/27 15:26:17 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\sipr3260.dll
[2012/01/27 15:26:17 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\cook3260.dll
[2012/01/27 15:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2012/01/25 21:47:30 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Local\temp
[2012/01/25 21:42:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/25 21:11:33 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\CoolStory\Desktop\comfix.exe.exe
[2012/01/24 19:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/01/24 19:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeerBlock
[2012/01/22 09:03:14 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Documents\utor
[2012/01/20 02:07:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/19 16:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/19 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/19 15:37:27 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Local\Symantec
[2012/01/19 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Documents\entries for sound in safe mode
[2012/01/18 18:11:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/18 15:27:35 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/18 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/18 15:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/18 15:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/01/18 15:21:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/17 02:55:04 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Misc. Recipes
[2012/01/15 04:58:25 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Local\Google
[2012/01/15 01:41:00 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Malwarebytes
[2012/01/15 01:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 01:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/15 01:38:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/15 01:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/12 04:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midnight Mansion HD
[2012/01/12 02:42:11 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\NVIDIA
[2012/01/12 02:42:10 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Local\ActionSoft
[2012/01/12 02:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Midnight Mansion HD
[2012/01/11 02:52:58 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZD Soft
[2012/01/11 02:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZD Soft
[2012/01/11 02:51:10 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\WinRAR
[2012/01/11 02:51:10 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/11 02:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/11 02:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/10 23:39:50 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 23:39:50 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 23:39:50 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 23:39:49 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 23:39:42 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 23:39:33 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/10 23:39:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/10 23:39:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/10 23:39:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/10 23:39:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/10 23:39:24 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/10 23:39:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 23:39:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 11:00:44 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Documents\SuddenAttack
[2012/01/10 10:47:18 | 000,665,616 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2012/01/10 08:36:18 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/01/10 08:36:18 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/01/10 08:36:18 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/01/10 08:36:18 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/01/10 08:36:18 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/01/10 08:36:18 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/01/10 08:36:17 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/01/10 08:36:17 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/01/10 08:36:17 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/01/10 08:36:17 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/01/10 08:36:17 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/01/10 08:36:17 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/01/10 08:36:17 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/01/10 08:36:17 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/01/10 08:36:17 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/01/10 08:36:17 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/01/10 08:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/01/10 08:11:32 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/01/10 08:11:32 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/01/10 08:11:31 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/01/10 08:11:31 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/01/10 08:04:31 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/01/10 08:04:30 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/01/10 08:00:02 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012/01/10 07:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/10 07:57:51 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/01/10 07:57:51 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/01/10 07:50:15 | 001,190,568 | ---- | C] (Driver Manager ) -- C:\Users\CoolStory\Desktop\DriverManager.exe
[2012/01/10 07:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/10 07:48:21 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/01/10 05:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/10 05:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/10 02:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012/01/10 02:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/01/10 02:03:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2012/01/10 02:03:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2012/01/10 02:03:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2012/01/10 02:03:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2012/01/10 02:03:02 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2012/01/10 02:03:01 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2012/01/10 02:03:01 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2012/01/10 02:03:01 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2012/01/10 02:03:01 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2012/01/10 02:03:01 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2012/01/10 02:03:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2012/01/10 02:03:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2012/01/10 02:03:01 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2012/01/10 02:03:01 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2012/01/10 02:03:01 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2012/01/10 02:03:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2012/01/10 02:03:01 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2012/01/10 01:41:54 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2012/01/10 01:41:54 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2012/01/10 01:41:51 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012/01/10 01:41:51 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012/01/10 01:41:51 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012/01/10 01:41:51 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012/01/10 00:53:13 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\vlc
[2012/01/10 00:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/10 00:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/01/10 00:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[2012/01/10 00:49:43 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Roaming\VistaCodecs
[2012/01/10 00:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VistaCodecPack
[2012/01/10 00:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2012/01/10 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\AppData\Local\PunkBuster
[2012/01/10 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\CoolStory\Documents\Battlefield Play4Free
[2012/01/07 21:41:21 | 1376,094,904 | ---- | C] (Nexon) -- C:\Program Files\CombatArmsSetupV67.exe

========== Files - Modified Within 30 Days ==========

[2012/02/08 23:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 22:58:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 22:58:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 21:12:26 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 21:04:08 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/08 21:04:08 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/08 21:04:08 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/08 20:58:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 11:08:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\CoolStory\Desktop\OTL.exe
[2012/02/07 23:01:15 | 000,051,569 | ---- | M] () -- C:\Users\CoolStory\Desktop\demi-moore-02.jpg
[2012/02/07 21:59:48 | 000,058,485 | ---- | M] () -- C:\Users\CoolStory\Desktop\424045_296000297124715_100001442405352_835580_278148038_n.jpg
[2012/02/06 17:57:18 | 000,001,057 | ---- | M] () -- C:\Users\CoolStory\AppData\Roaming\vso_ts_preview.xml
[2012/02/06 12:26:14 | 000,307,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/03 12:39:13 | 000,045,994 | ---- | M] () -- C:\Users\CoolStory\Documents\cc_20120203_123850.reg
[2012/02/03 11:37:23 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/02 12:34:16 | 015,254,712 | ---- | M] () -- C:\Users\CoolStory\Desktop\Rec#09.avi
[2012/01/31 13:59:34 | 000,079,762 | ---- | M] () -- C:\Users\CoolStory\Desktop\Untitled.jpg
[2012/01/27 23:29:46 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/27 22:19:48 | 000,000,000 | ---- | M] () -- C:\Users\CoolStory\defogger_reenable
[2012/01/27 15:26:21 | 000,001,061 | ---- | M] () -- C:\Users\CoolStory\Desktop\ConvertXtoDVD 4.lnk
[2012/01/26 00:04:13 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 21:42:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/25 21:11:35 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\CoolStory\Desktop\comfix.exe.exe
[2012/01/24 19:32:32 | 000,001,784 | ---- | M] () -- C:\Users\CoolStory\Desktop\PeerBlock.lnk
[2012/01/23 13:37:34 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/01/23 13:37:34 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/01/23 13:37:34 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/01/19 17:24:18 | 000,050,477 | ---- | M] () -- C:\Users\CoolStory\Desktop\Defogger.exe
[2012/01/19 16:39:45 | 000,001,020 | ---- | M] () -- C:\Users\CoolStory\Desktop\HiJackThis - Shortcut.lnk
[2012/01/18 15:27:33 | 000,002,011 | ---- | M] () -- C:\Users\CoolStory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 15:57:17 | 000,005,120 | ---- | M] () -- C:\Users\CoolStory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 12:04:27 | 000,094,145 | ---- | M] () -- C:\Users\CoolStory\Documents\bookmarks.html
[2012/01/15 01:38:56 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 07:16:58 | 000,001,614 | ---- | M] () -- C:\Users\CoolStory\Desktop\Calculator.lnk
[2012/01/12 04:54:19 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Midnight Mansion HD.lnk
[2012/01/11 22:25:35 | 000,000,000 | ---- | M] () -- C:\Users\CoolStory\Documents\Default.rdp
[2012/01/11 02:52:58 | 000,001,005 | ---- | M] () -- C:\Users\CoolStory\Desktop\Screen Recorder.lnk
[2012/01/10 10:47:18 | 000,665,616 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2012/01/10 08:09:02 | 000,000,732 | ---- | M] () -- C:\Users\CoolStory\AppData\Local\d3d9caps64.dat
[2012/01/10 07:50:16 | 001,190,568 | ---- | M] (Driver Manager ) -- C:\Users\CoolStory\Desktop\DriverManager.exe
[2012/01/10 02:22:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/10 02:22:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/01/10 00:52:41 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/10 00:30:57 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/01/10 00:30:57 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/10 00:05:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012/02/07 23:01:14 | 000,051,569 | ---- | C] () -- C:\Users\CoolStory\Desktop\demi-moore-02.jpg
[2012/02/07 21:59:47 | 000,058,485 | ---- | C] () -- C:\Users\CoolStory\Desktop\424045_296000297124715_100001442405352_835580_278148038_n.jpg
[2012/02/06 12:26:00 | 000,307,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/03 12:39:05 | 000,045,994 | ---- | C] () -- C:\Users\CoolStory\Documents\cc_20120203_123850.reg
[2012/02/03 11:37:23 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/02 12:03:03 | 015,254,712 | ---- | C] () -- C:\Users\CoolStory\Desktop\Rec#09.avi
[2012/01/31 13:57:21 | 000,079,762 | ---- | C] () -- C:\Users\CoolStory\Desktop\Untitled.jpg
[2012/01/27 23:29:46 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/27 22:19:48 | 000,000,000 | ---- | C] () -- C:\Users\CoolStory\defogger_reenable
[2012/01/27 15:26:53 | 000,001,057 | ---- | C] () -- C:\Users\CoolStory\AppData\Roaming\vso_ts_preview.xml
[2012/01/27 15:26:21 | 000,001,061 | ---- | C] () -- C:\Users\CoolStory\Desktop\ConvertXtoDVD 4.lnk
[2012/01/24 19:32:32 | 000,001,784 | ---- | C] () -- C:\Users\CoolStory\Desktop\PeerBlock.lnk
[2012/01/23 13:37:34 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/01/23 13:37:34 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/01/23 13:37:34 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/01/19 17:24:18 | 000,050,477 | ---- | C] () -- C:\Users\CoolStory\Desktop\Defogger.exe
[2012/01/19 16:39:45 | 000,001,020 | ---- | C] () -- C:\Users\CoolStory\Desktop\HiJackThis - Shortcut.lnk
[2012/01/18 15:58:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 15:27:33 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/18 15:27:33 | 000,002,011 | ---- | C] () -- C:\Users\CoolStory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/18 15:27:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 12:04:27 | 000,094,145 | ---- | C] () -- C:\Users\CoolStory\Documents\bookmarks.html
[2012/01/15 07:27:27 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Midnight Mansion HD.lnk
[2012/01/15 01:38:56 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 07:16:58 | 000,001,614 | ---- | C] () -- C:\Users\CoolStory\Desktop\Calculator.lnk
[2012/01/11 22:25:35 | 000,000,000 | ---- | C] () -- C:\Users\CoolStory\Documents\Default.rdp
[2012/01/11 02:52:58 | 000,001,005 | ---- | C] () -- C:\Users\CoolStory\Desktop\Screen Recorder.lnk
[2012/01/10 08:36:18 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/01/10 02:22:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/01/10 02:22:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/01/10 00:52:41 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/10 00:39:54 | 000,005,120 | ---- | C] () -- C:\Users\CoolStory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 00:24:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/01/10 00:05:30 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/10 00:05:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/09 20:24:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/01/09 20:24:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/01/09 20:23:20 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012/01/09 02:40:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/09 02:40:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/09 02:40:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/09 02:40:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/09 02:40:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/07 19:57:24 | 000,000,732 | ---- | C] () -- C:\Users\CoolStory\AppData\Local\d3d9caps64.dat
[2011/10/15 03:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/12 18:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/04 16:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/02/11 11:44:49 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/02/11 11:44:49 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/02/11 11:26:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2012/01/08 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\CoolStory\AppData\Roaming\IObit
[2012/01/07 20:06:16 | 000,000,000 | ---D | M] -- C:\Users\CoolStory\AppData\Roaming\PictureMover
[2012/02/08 21:12:51 | 000,000,000 | ---D | M] -- C:\Users\CoolStory\AppData\Roaming\uTorrent
[2012/01/10 00:49:43 | 000,000,000 | ---D | M] -- C:\Users\CoolStory\AppData\Roaming\VistaCodecs
[2012/02/06 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\CoolStory\AppData\Roaming\Vso
[2012/02/08 20:56:34 | 000,020,920 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 2/8/2012 11:07:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\CoolStory\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 78.01% Memory free
14.26 Gb Paging File | 12.89 Gb Available in Paging File | 90.36% Paging File free
Paging file location(s): c:\pagefile.sys 8829 11000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.97 Gb Total Space | 420.99 Gb Free Space | 72.21% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.78 Gb Free Space | 13.47% Space Free | Partition Type: NTFS

Computer Name: COOLSTORY-PC | User Name: CoolStory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AF A3 5E 36 3C CF CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDBE951-C1F0-4D4C-9278-3EC184657B18}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E10AB5B-ED1B-4910-A365-77CED4E53E78}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2F439C09-D179-457B-8DE5-7BCDC1EBCA78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4605578C-8FFE-40A6-BC11-8F4C18998AF4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{542505E8-3052-4DAD-AF71-FE2CE2FE9430}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{598C91C0-615D-4144-B881-10ADD8C672D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{650262B1-2975-449E-B60F-AE9EF7AE6411}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6C3FB814-F689-4D3B-8C5E-B573FE44139E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{76A1619B-FDEE-46C3-93BE-E15006B3D2B4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A6A1C15F-0176-4EA1-A55A-5645A690AF73}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A810C453-043A-4EA4-8BB0-5EF67D49D4F5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A9515707-5F24-4ADF-B3FA-27D02C678E47}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{B83FB992-2E64-4E29-B8D2-BAC39D842CC1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C19E9254-D3C1-455C-BC98-CE384162AC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF4AFBE8-299A-4129-B4AA-CC4723D636CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8B5FD7B-EFFF-4EB1-BA7D-C9D19AAF2826}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D92B955F-4574-41EE-AB21-1B7EDD9B7C3C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DD7A35B5-D673-488D-9562-86523AAC2883}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E024B2B8-7D8A-4198-9AFF-A1B50E570266}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC41B372-C234-4496-9E2A-00F3A571E2FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EEB33CE8-5C8A-4F8F-8885-E15B7246E87A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FF842843-77D1-4910-AF2F-A7C131E6EDB1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DDCED4D-1DB4-4D45-A2DE-D65B80404F38}_is1" = Midnight Mansion HD version 1.0.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Combat Arms" = Combat Arms
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"NIS" = Norton Internet Security
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Smart Defrag 2_is1" = Smart Defrag 2
"SuddenAttackNA" = SuddenAttack
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = My HP Games
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder 4.1.3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2012 9:57:22 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 2/5/2012 9:57:23 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/5/2012 9:57:23 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2013

Error - 2/5/2012 9:57:23 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 2/5/2012 9:57:24 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/5/2012 9:57:24 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 2/5/2012 9:57:24 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 2/5/2012 10:57:48 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/5/2012 10:57:48 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 2/5/2012 10:57:48 AM | Computer Name = CoolStory-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

[ System Events ]
Error - 1/14/2012 12:46:15 AM | Computer Name = CoolStory-PC | Source = DCOM | ID = 10010
Description =

Error - 1/14/2012 2:35:46 PM | Computer Name = CoolStory-PC | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/15/2012 12:46:16 AM | Computer Name = CoolStory-PC | Source = DCOM | ID = 10010
Description =

Error - 1/15/2012 12:54:26 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/15/2012 2:59:35 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/15/2012 3:03:59 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/15/2012 3:04:18 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/15/2012 3:04:24 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/15/2012 3:06:34 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 1/15/2012 3:06:50 AM | Computer Name = CoolStory-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >

Thanks for the thanks on behalf of BC.

Quote

If you mean the previous log attached to this thread then there was nothing there except tracking cookies and they will always return.

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

• Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.

• Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.

Cookies can be categorized as:

• Trusted cookies are from sites you trust, use often, and want to be able to identify and personalize content for you.
  
• Nuisance cookies are from those sites you do not recognize or often use but somehow it's put a cookie on your machine.
  
• Bad cookies (i.e. persistent cookies, long term and third party tracking cookies) are those that can be linked to an ad company or something that tracks your movements across the web.

The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.

Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups or install malware and they cannot erase or read information from a computer.

Quote

MS Article ID: 60971 - Description of Cookies

To learn more about Cookies, please refer to:

• Misconceptions about cookies
  
• The Unofficial Cookie FAQ
  
• How Internet Cookies Work
  
• Do "Cookies" Pose any Security Risks?

Flash cookies (or Local Shared Objects) and Evercookies are a newer way of tracking user behavior and surfing habits but they too are not a threat, nor can they harm your computer.

An Evercookie is a Javascript API created and managed persistent cookie which can be used to identify a user even after they have removed standard and Flash cookies. This is accomplished by creating a new cookie and storing the data in as many storage locations (currently eight) as it can find on the local browser. Storage mechanisms range from Standard HTTP and Flash cookies to HTML5's new storage methods. When evercookie finds that other types of cookies have been removed, it recreates them so they can be reused over and over.

• evercookie: the one cookie that you...just...can't...DELETE!
  
• Evercookie, Extremely Persistent Cookies

Flash cookies are cookie-like data stored on a computer and used by all versions of Adobe Flash Player and similar applications. They can store much more information than traditional browser cookies and they are typically stored within each user’s Application Data directory with a ".SOL" extension, under the Macromedia\FlashPlayer\#SharedObjects folder. Unlike traditional cookies, Flash cookies cannot be managed through browser controls so they are more difficult to find and remove. However, they can be viewed, managed and deleted using the Website Storage Settings panel at Macromedia's Support Site. From this panel, you can change storage settings for a website, delete a specific website or delete all sites which erases any information that may have been stored on the computer. To prevent any Flash Cookies from being stored on your computer, go to the Global Storage Settings panel and uncheck the option “Allow third-party Flash content to store data on your computer”. For more information, please refer to:

• Flash Cookies explained
  
• How do I get to the Settings Manager?
  
• How to disable third-party local shared objects
  
• Flash Player security and privacy

As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:

• Blocking & Managing Unwanted Cookies in Internet Explorer 7/Internet Explorer 8
  
• Block Third-Party Cookies in Internet Explorer 7
  
• Block or allow cookies in Internet Explorer 7/Internet Explorer 8
  
• How to Manage Cookies in Internet Explorer 6

• Managing Cookies in Firefox
  
• Blocking cookies in Firefox
  
• Cookie Settings in Firefox
  
• Anonymizer Nevercookie for Firefox to protect against Evercookies

...And your OTL log is clean too.

So, what symptoms remain now?

You still there, CoolStory?

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.