[W@Z@L]

There was actually an old explorer from when i changed my theme in the windows folder i just renamed the one that failed to explorer bad and changed the explorer_backup from a moth ago to explorer.exe


here's the new log

OTL logfile created on: 11/4/2011 10:14:53 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\W@Z@L\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.15% Memory free
8.00 Gb Paging File | 5.42 Gb Available in Paging File | 67.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.48 Gb Total Space | 89.50 Gb Free Space | 32.02% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 356.51 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 78.73 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

Computer Name: WEZEL | User Name: W@Z@L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/03/14 22:56:12 | 001,540,352 | ---- | M] (SmartPCTools) -- C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/13 14:21:52 | 000,511,384 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\sqlite3.dll
MOD - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 06:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 06:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 06:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 06:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 06:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/26 23:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe
MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 15:03:32 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 13:39:14 | 000,584,488 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/11/22 19:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010/11/16 08:25:29 | 002,249,000 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 01:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/03 12:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 12:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2010/05/26 19:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 2E EC CC 9E 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\W@Z@L\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/25 00:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]

[2011/09/17 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Extensions
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions
[2011/09/27 18:26:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/23 20:29:58 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/10/25 19:01:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 20:21:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/22 16:45:43 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/10/12 03:06:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\DefaultManager@Microsoft
[2011/10/02 17:38:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/04 16:00:25 | 000,002,572 | ---- | M] () -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\searchplugins\askcom.xml
[2011/10/21 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/17 22:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/21 16:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21:18:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/04 06:36:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKCU..\Run: [RocketDock] C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C467AA4-DC81-41E6-A854-E08F21501115}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 06:40:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/04 06:36:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/04 03:17:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/04 01:32:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:00:58 | 004,283,331 | R--- | C] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/03 23:15:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Malwarebytes
[2011/11/03 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/03 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/03 22:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 22:28:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Enki Games
[2011/11/03 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\TeamViewer
[2011/11/03 07:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Orcs Must Die
[2011/11/02 06:45:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/11/02 06:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/11/02 06:36:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r8.update.cracked.READ.NFO-THETA [ALEX]
[2011/11/02 06:36:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r7.update.cracked.fixed.READ.NFO-THETA [ALEX]
[2011/11/02 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r6.multi9.cracked.READ.NFO-THETA
[2011/10/29 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\HP
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\HP
[2011/10/29 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/29 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/29 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/29 23:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/29 23:14:45 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/10/29 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/10/29 23:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/29 23:05:10 | 000,938,496 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiax8.dll
[2011/10/29 23:05:10 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011/10/29 23:05:09 | 001,406,464 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotiop6.dll
[2011/10/29 23:05:09 | 000,505,344 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst14.dll
[2011/10/29 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011/10/29 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/29 19:54:11 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/10/29 19:54:11 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/10/29 19:54:11 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/10/29 19:54:11 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/10/29 19:54:11 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/10/29 19:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/29 19:52:58 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/10/29 19:52:58 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/10/29 19:52:56 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/10/29 19:52:56 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/10/29 19:52:56 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/10/29 19:52:56 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/10/29 19:52:56 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/10/29 19:52:56 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/10/29 19:52:56 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/10/29 19:52:56 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/10/29 19:52:56 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/29 19:52:56 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/10/29 19:52:56 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/10/29 19:52:56 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/10/29 19:52:56 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/10/29 19:52:56 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/10/29 19:52:56 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/10/29 19:52:56 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/10/29 19:52:56 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/29 19:52:56 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/29 19:52:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/29 19:52:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/29 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 16:43:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:59:24 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SmartPCTools
[2011/10/29 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/10/29 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPCTools
[2011/10/27 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Facebook
[2011/10/26 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/26 18:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\PAYDAY
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/24 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Games
[2011/10/24 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/10/24 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/10/23 04:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/10/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Sahmon Games
[2011/10/22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Island - Castaway 2
[2011/10/22 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Island - Castaway 2
[2011/10/21 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/21 16:57:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/21 16:57:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/21 16:57:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/21 14:58:56 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/10/21 08:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SwagHack_Galaxy_Edition_3
[2011/10/21 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Panda Security
[2011/10/21 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/21 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/10/21 05:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/10/21 05:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/20 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Cheat Tables
[2011/10/20 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Trillian
[2011/10/20 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2011/10/19 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\201280
[2011/10/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/19 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/10/19 00:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/19 00:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/18 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\The Adventures of Tintin
[2011/10/18 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Realtime Soft
[2011/10/18 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\David_Rudie
[2011/10/18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\SoftTH
[2011/10/17 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\DeskSoft
[2011/10/17 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/10/17 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Almeza
[2011/10/17 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Ubisoft Game Launcher
[2011/10/17 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Ubisoft
[2011/10/17 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/10/17 18:36:31 | 000,000,000 | -H-D | C] -- C:\Users\W@Z@L\InstallAnywhere
[2011/10/16 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Artworks
[2011/10/16 16:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing
[2011/10/16 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Artworks
[2011/10/16 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Eidos
[2011/10/16 15:21:28 | 000,000,000 | ---D | C] -- C:\Games
[2011/10/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Nitro PDF
[2011/10/12 13:53:27 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/10/12 13:53:27 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/10/12 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/10/12 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/10/12 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Downloaded Installations
[2011/10/12 11:15:41 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/12 11:15:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/12 11:15:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/12 11:15:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/12 11:15:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/12 11:15:40 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/12 11:15:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/12 11:15:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 11:15:38 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 11:15:38 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 11:15:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 11:14:56 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 11:14:56 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/07 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\SKIDROW
[2011/10/07 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/07 06:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/10/07 05:23:26 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/10/07 05:23:26 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/10/07 05:23:26 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/10/07 05:23:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/10/07 05:23:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/10/07 05:23:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/10/07 05:23:25 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/10/07 05:23:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/10/07 05:23:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/10/06 08:11:13 | 000,000,000 | --SD | C] -- C:\Users\W@Z@L\Documents\Passwords Database
[2011/10/05 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\dvdcss
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\ Studio
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\ Studio
[2011/10/05 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ Studio
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Studio
[2011/10/05 12:21:25 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/05 12:21:25 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/05 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 07:47:43 | 183,008,082 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:53:12 | 183,321,332 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:36:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/04 06:36:18 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 06:36:18 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 06:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 06:28:34 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 03:01:06 | 182,758,062 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:45:47 | 183,283,454 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:18:56 | 004,283,331 | R--- | M] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/04 02:07:02 | 000,000,512 | ---- | M] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 01:33:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:43 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:53:12 | 182,972,416 | ---- | M] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:53 | 000,007,605 | ---- | M] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/11/03 20:19:48 | 366,962,000 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:34:07 | 576,767,162 | ---- | M] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:08:11 | 576,755,712 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 21:01:33 | 575,969,280 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 11:36:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/01 11:36:00 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/01 11:36:00 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 19:38:27 | 419,433,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 09:36:59 | 004,841,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 23:21:17 | 000,164,734 | ---- | M] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:18:22 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 07:33:56 | 183,485,720 | ---- | M] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:17 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/10/23 14:04:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 03:53:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/10/15 03:53:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/10/15 03:53:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/10/15 03:53:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/10/15 03:53:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/10/15 03:53:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/10/15 03:53:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/10/15 03:53:00 | 008,791,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/10/15 03:53:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/10/15 03:53:00 | 007,041,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/15 03:53:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/10/15 03:53:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/10/15 03:53:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/10/15 03:53:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/10/15 03:53:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/10/15 03:53:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/10/15 03:53:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/10/15 03:53:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/10/15 03:53:00 | 001,533,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/15 03:53:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/15 03:53:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/10/15 03:53:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/10/15 03:53:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/13 22:58:41 | 000,002,515 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 09:25:39 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/10 12:27:45 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/08 16:39:53 | 000,000,117 | ---- | M] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/08 14:26:28 | 000,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 07:46:23 | 183,008,082 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:51:51 | 183,321,332 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 02:49:23 | 182,758,062 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:39:37 | 183,283,454 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:07:02 | 000,000,512 | ---- | C] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 00:51:31 | 182,972,416 | ---- | C] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 20:12:14 | 366,962,000 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:12:11 | 576,767,162 | ---- | C] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:02:42 | 576,755,712 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 20:49:36 | 575,969,280 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/10/29 23:18:44 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/29 23:18:22 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 23:15:18 | 000,164,734 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:15:17 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/10/29 19:52:56 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/29 16:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 16:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 16:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 16:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 16:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/29 07:30:42 | 183,485,720 | ---- | C] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/23 04:49:38 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Payday The Heist.lnk
[2011/10/12 13:53:19 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
[2011/10/07 18:07:38 | 000,000,117 | ---- | C] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/07 07:29:04 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | C] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[2011/10/03 15:58:22 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/02 07:33:12 | 000,000,126 | ---- | C] () -- C:\Users\W@Z@L\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/09/28 01:59:34 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/28 01:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/25 06:24:42 | 000,007,605 | ---- | C] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/09/21 14:26:25 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 01:41:53 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011/09/18 02:51:50 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2011/09/17 23:25:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,860,544 | ---- | M] (Microsoft Corporation) MD5=6A9FE1FD8B09A35CFA10FCE33D37F1F8 -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Program Files (x86)\7tsp\backup\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/02/25 01:19:30 | 002,846,208 | ---- | M] (Microsoft Corporation) MD5=D8762597F9E7E5ED25B24CDFACE021CD -- C:\Program Files (x86)\7tsp\backup\windir\explorer.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >

[Advertisements]

sorry here's the combofix log

ComboFix 11-11-04.02 - W@Z@L 11/04/2011 10:31:22.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2237 [GMT -5:00]
Running from: c:\users\W@Z@L\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 15:36 . 2011-11-04 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 11:28 . 2011-11-04 11:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\offreg.dll
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Malwarebytes
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 03:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 02:46 . 2011-11-04 02:46 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Enki Games
2011-11-04 02:36 . 2011-11-04 02:36 -------- d-----w- c:\program files (x86)\Reincarnations 3- Back to Reality Collectors Edition
2011-11-04 01:05 . 2011-11-04 01:05 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\TeamViewer
2011-11-03 12:05 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\mpengine.dll
2011-11-03 12:01 . 2011-11-03 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-02 11:37 . 2011-11-02 11:47 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-30 04:25 . 2011-10-30 04:25 -------- d-----w- c:\users\W@Z@L\AppData\Local\HP
2011-10-30 04:21 . 2011-10-30 04:25 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\HP
2011-10-30 04:21 . 2011-10-30 04:21 -------- d-----w- c:\programdata\WEBREG
2011-10-30 04:17 . 2011-10-30 04:17 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-10-30 04:14 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-10-30 04:06 . 2011-10-30 04:19 -------- d-----w- c:\program files (x86)\HP
2011-10-30 04:05 . 2011-10-30 04:21 -------- d-----w- c:\programdata\HP
2011-10-30 04:05 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll
2011-10-30 04:05 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-30 04:05 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll
2011-10-30 04:05 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll
2011-10-30 01:10 . 2011-10-30 01:10 -------- d-----w- c:\programdata\restore
2011-10-30 00:54 . 2011-11-03 00:49 -------- d-----w- c:\users\UpdatusUser
2011-10-30 00:54 . 2011-10-30 00:55 -------- d-----w- c:\programdata\NVIDIA
2011-10-30 00:54 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-30 00:54 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-30 00:54 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-30 00:54 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-30 00:54 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-30 00:54 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-30 00:53 . 2011-10-30 00:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-29 13:59 . 2011-10-29 13:59 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\SmartPCTools
2011-10-29 13:58 . 2011-10-29 13:58 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-10-29 06:04 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-29 06:04 . 2011-10-29 06:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-29 06:04 . 2011-10-29 06:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-29 06:04 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-29 06:04 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-29 06:04 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-29 06:04 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-29 06:04 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-27 04:50 . 2011-10-27 04:50 -------- d-----w- c:\users\W@Z@L\AppData\Local\Facebook
2011-10-26 23:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 23:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0702DB1-7B2F-4608-9AAE-7796B1198D0E}\gapaengine.dll
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\users\W@Z@L\AppData\Local\PAYDAY
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\programdata\RELOADED
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-24 13:57 . 2011-10-24 13:57 -------- d-----w- c:\program files (x86)\THQ
2011-10-23 09:47 . 2011-10-23 10:02 -------- d-----w- c:\program files (x86)\Payday The Heist
2011-10-23 00:36 . 2011-10-23 00:36 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Sahmon Games
2011-10-22 23:14 . 2011-10-22 23:15 -------- d-----w- c:\program files (x86)\The Island - Castaway 2
2011-10-21 22:14 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A46292-3676-44E9-A82D-221DF9D71B59}\mpengine.dll
2011-10-21 19:58 . 2011-10-21 20:49 -------- d-----w- c:\windows\FltMgr
2011-10-21 13:08 . 2011-10-21 13:08 -------- d-----w- c:\programdata\SwagHack_Galaxy_Edition_3
2011-10-21 13:03 . 2011-10-21 13:03 -------- d-----w- c:\users\W@Z@L\AppData\Local\Panda Security
2011-10-21 12:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-21 12:58 . 2011-10-21 12:59 -------- d-----w- c:\programdata\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\windows\SysWow64\PAV
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2011-10-21 10:46 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 10:40 . 2011-10-21 10:40 -------- d-----w- c:\program files (x86)\Trendy Entertainment
2011-10-20 18:59 . 2011-10-20 19:05 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Trillian
2011-10-20 18:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Trillian
2011-10-20 02:07 . 2011-10-20 02:07 -------- d-----w- c:\users\W@Z@L\AppData\Local\201280
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\programdata\IObit
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\program files (x86)\IObit
2011-10-18 22:28 . 2011-10-18 22:28 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Realtime Soft
2011-10-18 21:42 . 2011-10-18 21:42 -------- d-----w- c:\users\W@Z@L\AppData\Local\David_Rudie
2011-10-18 03:15 . 2011-10-19 07:26 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\DeskSoft
2011-10-17 23:49 . 2011-10-18 00:18 -------- d-----w- c:\users\W@Z@L\AppData\Local\Ubisoft Game Launcher
2011-10-17 23:37 . 2011-10-18 22:37 -------- d-----w- c:\program files (x86)\Ubisoft
2011-10-17 23:36 . 2011-10-17 23:36 -------- d--h--w- c:\users\W@Z@L\InstallAnywhere
2011-10-16 21:15 . 2011-10-16 21:15 -------- d-----w- c:\program files\Computer Artworks
2011-10-16 21:14 . 2011-10-16 21:14 -------- d-----w- c:\program files (x86)\Computer Artworks
2011-10-16 20:35 . 2011-10-16 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-10-16 20:21 . 2011-10-16 20:39 -------- d-----w- C:\Games
2011-10-14 03:55 . 2011-10-14 03:55 -------- d-----w- c:\program files\iPod
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files\iTunes
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files\Bonjour
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:03 . 2011-10-12 19:03 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Nitro PDF
2011-10-12 18:53 . 2011-09-24 20:02 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-10-12 18:53 . 2011-09-24 20:02 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\programdata\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-10-12 18:52 . 2011-10-12 18:52 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Downloaded Installations
2011-10-12 16:14 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 11:35 . 2011-10-21 20:49 -------- d-----w- c:\users\W@Z@L\AppData\Local\SKIDROW
2011-10-07 11:21 . 2011-10-29 06:05 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\dvdcss
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\W@Z@L\AppData\Local\ Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\programdata\ Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\program files (x86)\ Studio
2011-10-05 17:21 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-10-05 17:21 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-10-05 17:20 . 2011-10-08 14:38 -------- d-----w- c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 19:04 . 2011-09-18 01:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:25 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-10 17:27 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-04 02:35 . 2011-10-04 02:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 21:12 . 2011-09-28 06:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 10:06 . 2011-09-18 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 20:03 . 2011-09-24 20:03 68928 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 17:08 . 2010-11-21 03:24 699904 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-18 07:51 . 2010-11-21 03:24 3029504 ----a-w- c:\windows\SysWow64\themeui.dll
2011-09-18 07:51 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-09-18 07:51 . 2011-09-18 07:51 50536 ----a-w- c:\windows\UTP.exe
2011-09-18 01:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-09-18 01:45 . 2010-11-21 03:23 3126272 ----a-w- c:\windows\system32\themeui.dll
2011-09-18 01:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-09-06 20:45 . 2011-09-21 20:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 02:12 . 2011-09-18 03:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_05.13.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-11-04 08:28 48594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 08:28 35458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-18 01:03 . 2011-11-04 08:28 10796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3491092077-2592809933-3551427508-1000_UserData.bin
- 2011-09-18 00:53 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 00:53 . 2011-11-04 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-18 00:53 . 2011-11-04 11:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 01:00 . 2011-11-04 13:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 01:00 . 2011-11-04 13:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-19 22:36 . 2011-11-04 08:34 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-19 22:36 . 2011-11-04 05:11 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-11-04 03:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-04 11:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-11-04 08:34 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-04 05:11 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-18 01:45 . 2011-02-25 05:30 2616320 c:\windows\explorerbad.exe
+ 2011-09-18 01:45 . 2011-02-25 06:19 2871808 c:\windows\explorer.exe
+ 2011-09-18 01:14 . 2011-11-04 08:25 16097720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2010-03-15 1540352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2010-11-23 179200]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-12-07 365704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
S3 ALSysIO;ALSysIO;c:\users\W@Z@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
- c:\users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_è\00\00è\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~è\00\00è\00\00\00\00]\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-04 10:38:23
ComboFix-quarantined-files.txt 2011-11-04 15:38
ComboFix2.txt 2011-11-04 11:40
ComboFix3.txt 2011-11-04 05:17
.
Pre-Run: 96,086,028,288 bytes free
Post-Run: 96,029,876,224 bytes free
.
- - End Of File - - 16CC8FFE811D8AF12641F62205934C8A

[W@Z@L]

sorry here's the combofix log

ComboFix 11-11-04.02 - W@Z@L 11/04/2011 10:31:22.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2237 [GMT -5:00]
Running from: c:\users\W@Z@L\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 15:36 . 2011-11-04 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 11:28 . 2011-11-04 11:28 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\offreg.dll
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Malwarebytes
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 03:29 . 2011-11-04 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-04 03:28 . 2011-11-04 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-04 03:28 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 02:46 . 2011-11-04 02:46 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Enki Games
2011-11-04 02:36 . 2011-11-04 02:36 -------- d-----w- c:\program files (x86)\Reincarnations 3- Back to Reality Collectors Edition
2011-11-04 01:05 . 2011-11-04 01:05 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\TeamViewer
2011-11-03 12:05 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C324BD-C453-4129-88EC-2E47C8332FE3}\mpengine.dll
2011-11-03 12:01 . 2011-11-03 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-02 11:37 . 2011-11-02 11:47 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-30 04:25 . 2011-10-30 04:25 -------- d-----w- c:\users\W@Z@L\AppData\Local\HP
2011-10-30 04:21 . 2011-10-30 04:25 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\HP
2011-10-30 04:21 . 2011-10-30 04:21 -------- d-----w- c:\programdata\WEBREG
2011-10-30 04:17 . 2011-10-30 04:17 -------- d-----w- c:\programdata\HP Product Assistant
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-10-30 04:16 . 2011-10-30 04:16 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-10-30 04:14 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-10-30 04:06 . 2011-10-30 04:19 -------- d-----w- c:\program files (x86)\HP
2011-10-30 04:05 . 2011-10-30 04:21 -------- d-----w- c:\programdata\HP
2011-10-30 04:05 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax8.dll
2011-10-30 04:05 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-10-30 04:05 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst14.dll
2011-10-30 04:05 . 2009-07-08 10:51 1406464 ----a-w- c:\windows\system32\hpotiop6.dll
2011-10-30 01:10 . 2011-10-30 01:10 -------- d-----w- c:\programdata\restore
2011-10-30 00:54 . 2011-11-03 00:49 -------- d-----w- c:\users\UpdatusUser
2011-10-30 00:54 . 2011-10-30 00:55 -------- d-----w- c:\programdata\NVIDIA
2011-10-30 00:54 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-30 00:54 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-30 00:54 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-30 00:54 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-30 00:54 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-30 00:54 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-30 00:53 . 2011-10-30 00:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-10-29 13:59 . 2011-10-29 13:59 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\SmartPCTools
2011-10-29 13:58 . 2011-10-29 13:58 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-10-29 06:04 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-29 06:04 . 2011-10-29 06:04 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-29 06:04 . 2011-10-29 06:04 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-29 06:04 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-29 06:04 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-29 06:04 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-29 06:04 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-29 06:04 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-27 04:50 . 2011-10-27 04:50 -------- d-----w- c:\users\W@Z@L\AppData\Local\Facebook
2011-10-26 23:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-26 23:35 . 2011-10-04 22:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0702DB1-7B2F-4608-9AAE-7796B1198D0E}\gapaengine.dll
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-26 23:31 . 2011-10-26 23:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\users\W@Z@L\AppData\Local\PAYDAY
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- c:\programdata\RELOADED
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-24 13:57 . 2011-10-24 13:57 -------- d-----w- c:\program files (x86)\THQ
2011-10-23 09:47 . 2011-10-23 10:02 -------- d-----w- c:\program files (x86)\Payday The Heist
2011-10-23 00:36 . 2011-10-23 00:36 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Sahmon Games
2011-10-22 23:14 . 2011-10-22 23:15 -------- d-----w- c:\program files (x86)\The Island - Castaway 2
2011-10-21 22:14 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A46292-3676-44E9-A82D-221DF9D71B59}\mpengine.dll
2011-10-21 19:58 . 2011-10-21 20:49 -------- d-----w- c:\windows\FltMgr
2011-10-21 13:08 . 2011-10-21 13:08 -------- d-----w- c:\programdata\SwagHack_Galaxy_Edition_3
2011-10-21 13:03 . 2011-10-21 13:03 -------- d-----w- c:\users\W@Z@L\AppData\Local\Panda Security
2011-10-21 12:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-21 12:58 . 2011-10-21 12:59 -------- d-----w- c:\programdata\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\windows\SysWow64\PAV
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Panda Security
2011-10-21 12:58 . 2011-10-21 12:58 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2011-10-21 10:46 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Steam
2011-10-21 10:40 . 2011-10-21 10:40 -------- d-----w- c:\program files (x86)\Trendy Entertainment
2011-10-20 18:59 . 2011-10-20 19:05 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Trillian
2011-10-20 18:58 . 2011-10-21 20:49 -------- d-----w- c:\program files (x86)\Trillian
2011-10-20 02:07 . 2011-10-20 02:07 -------- d-----w- c:\users\W@Z@L\AppData\Local\201280
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\programdata\IObit
2011-10-19 05:59 . 2011-10-19 05:59 -------- d-----w- c:\program files (x86)\IObit
2011-10-18 22:28 . 2011-10-18 22:28 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Realtime Soft
2011-10-18 21:42 . 2011-10-18 21:42 -------- d-----w- c:\users\W@Z@L\AppData\Local\David_Rudie
2011-10-18 03:15 . 2011-10-19 07:26 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\DeskSoft
2011-10-17 23:49 . 2011-10-18 00:18 -------- d-----w- c:\users\W@Z@L\AppData\Local\Ubisoft Game Launcher
2011-10-17 23:37 . 2011-10-18 22:37 -------- d-----w- c:\program files (x86)\Ubisoft
2011-10-17 23:36 . 2011-10-17 23:36 -------- d--h--w- c:\users\W@Z@L\InstallAnywhere
2011-10-16 21:15 . 2011-10-16 21:15 -------- d-----w- c:\program files\Computer Artworks
2011-10-16 21:14 . 2011-10-16 21:14 -------- d-----w- c:\program files (x86)\Computer Artworks
2011-10-16 20:35 . 2011-10-16 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-10-16 20:21 . 2011-10-16 20:39 -------- d-----w- C:\Games
2011-10-14 03:55 . 2011-10-14 03:55 -------- d-----w- c:\program files\iPod
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files\iTunes
2011-10-14 03:55 . 2011-10-14 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files\Bonjour
2011-10-14 03:53 . 2011-10-14 03:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-12 19:03 . 2011-10-12 19:03 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Nitro PDF
2011-10-12 18:53 . 2011-09-24 20:02 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-10-12 18:53 . 2011-09-24 20:02 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\programdata\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-10-12 18:53 . 2011-10-12 18:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-10-12 18:52 . 2011-10-12 18:52 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\Downloaded Installations
2011-10-12 16:14 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 16:14 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 16:14 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 11:35 . 2011-10-21 20:49 -------- d-----w- c:\users\W@Z@L\AppData\Local\SKIDROW
2011-10-07 11:21 . 2011-10-29 06:05 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\W@Z@L\AppData\Roaming\dvdcss
2011-10-05 19:42 . 2011-10-05 19:42 -------- d-----w- c:\users\W@Z@L\AppData\Local\ Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\programdata\ Studio
2011-10-05 19:41 . 2011-10-05 19:41 -------- d-----w- c:\program files (x86)\ Studio
2011-10-05 17:21 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-10-05 17:21 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-10-05 17:20 . 2011-10-08 14:38 -------- d-----w- c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 19:04 . 2011-09-18 01:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:25 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-10 17:27 . 2011-09-28 06:59 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-04 02:35 . 2011-10-04 02:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 21:12 . 2011-09-28 06:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 10:06 . 2011-09-18 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-24 20:03 . 2011-09-24 20:03 68928 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 17:08 . 2010-11-21 03:24 699904 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-18 07:51 . 2010-11-21 03:24 3029504 ----a-w- c:\windows\SysWow64\themeui.dll
2011-09-18 07:51 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-09-18 07:51 . 2011-09-18 07:51 50536 ----a-w- c:\windows\UTP.exe
2011-09-18 01:45 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-09-18 01:45 . 2010-11-21 03:23 3126272 ----a-w- c:\windows\system32\themeui.dll
2011-09-18 01:44 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-09-06 20:45 . 2011-09-21 20:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 02:12 . 2011-09-18 03:55 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_05.13.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-11-04 08:28 48594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 08:28 35458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-18 01:03 . 2011-11-04 08:28 10796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3491092077-2592809933-3551427508-1000_UserData.bin
- 2011-09-18 00:53 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 00:53 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-18 00:53 . 2011-11-04 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-18 00:53 . 2011-11-04 11:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 11:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 01:00 . 2011-11-04 13:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-18 01:00 . 2011-11-04 13:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-18 01:00 . 2011-11-04 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-19 22:36 . 2011-11-04 08:34 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-19 22:36 . 2011-11-04 05:11 3168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 05:12 . 2011-11-04 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-04 11:28 . 2011-11-04 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-11-04 03:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-04 11:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-11-04 08:34 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-04 05:11 322300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-18 01:45 . 2011-02-25 05:30 2616320 c:\windows\explorerbad.exe
+ 2011-09-18 01:45 . 2011-02-25 06:19 2871808 c:\windows\explorer.exe
+ 2011-09-18 01:14 . 2011-11-04 08:25 16097720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3491092077-2592809933-3551427508-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RocketDock"="c:\users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-05-20 1949088]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2010-03-15 1540352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2010-11-23 179200]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-16 2249000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2010-12-07 365704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
S3 ALSysIO;ALSysIO;c:\users\W@Z@L\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 19:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
- c:\users\W@Z@L\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15434
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_è\00\00è\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~è\00\00è\00\00\00\00]\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-04 10:38:23
ComboFix-quarantined-files.txt 2011-11-04 15:38
ComboFix2.txt 2011-11-04 11:40
ComboFix3.txt 2011-11-04 05:17
.
Pre-Run: 96,086,028,288 bytes free
Post-Run: 96,029,876,224 bytes free
.
- - End Of File - - 16CC8FFE811D8AF12641F62205934C8A

[RKinner]

Looking good. Now it gets a bit tricky. Make sure you have System Restore running and a current Restore Point. If the infection is really gone as CF says then this should clean up the rest of it. If it's not gone you may not be able to get back on line. We are primarily going to be working with this key:
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters

If you can open regedit and navigate to the key and then right click and export it (call it winsock and save it to your desktop) then it will create a file winsock.reg on your desktop. IF the next step knocks you off line you can then try right clicking on the file and allowing it to Merge. Then reboot. Otherwise System Restore should bring us back.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 22:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O8:64bit: - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
rmdir /s C:\windows\assembly\tmp /c
mkdir C:\windows\assembly\tmp /c
   
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and paste the log when it finishes. Then run OTL again. quickscan and post that log.

If you can't get on line afterward try:

Start, All Programs, Accessories, Right click on Command Prompt and Run As Admin. Type with an Enter after each line in the code box:

netsh  winsock  reset  catalog
netsh  int  ipv4  reset  %userprofile%\Desktop\reset4.log 
netsh  int  ipv6  reset  %userprofile%\Desktop\reset6.log 

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If that doesn't work then try a System Restore to the last point.


Ron

[W@Z@L]

heres the first log running a scan now

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload to Facebook\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload to Facebook\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
< rmdir /s C:\windows\assembly\tmp /c >
C:\windows\assembly\tmp, Are you sure (Y/N)?
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
< mkdir C:\windows\assembly\tmp /c >
C:\Users\W@Z@L\Desktop\cmd.bat deleted successfully.
C:\Users\W@Z@L\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: W@Z@L
->Java cache emptied: 1083103 bytes

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56468 bytes

User: W@Z@L
->Flash cache emptied: 120931 bytes

Total Flash Files Cleaned = 0.00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\: LSP stack updated.

OTL by OldTimer - Version 3.2.31.0 log created on 11042011_120328

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





*******************************************************************************************************************





OTL logfile created on: 11/4/2011 12:12:53 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\W@Z@L\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 51.68% Memory free
8.00 Gb Paging File | 5.65 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.48 Gb Total Space | 87.85 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 356.51 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 77.36 Gb Free Space | 8.31% Space Free | Partition Type: NTFS

Computer Name: WEZEL | User Name: W@Z@L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/29 21:19:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/28 22:40:20 | 000,095,656 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/14 22:56:12 | 001,540,352 | ---- | M] (SmartPCTools) -- C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 14:04:37 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 21:18:59 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 06:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 06:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 06:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 06:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 06:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/26 23:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe
MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 15:03:32 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 13:39:14 | 000,584,488 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/11/22 19:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010/11/16 08:25:29 | 002,249,000 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 01:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/03 12:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 12:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2010/05/26 19:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 2E EC CC 9E 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\W@Z@L\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/25 00:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]

[2011/09/17 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Extensions
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions
[2011/09/27 18:26:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/23 20:29:58 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/10/25 19:01:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 20:21:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/22 16:45:43 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/10/12 03:06:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\DefaultManager@Microsoft
[2011/10/02 17:38:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/04 16:00:25 | 000,002,572 | ---- | M] () -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\searchplugins\askcom.xml
[2011/10/21 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 16:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21:18:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/04 06:36:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKCU..\Run: [RocketDock] C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C467AA4-DC81-41E6-A854-E08F21501115}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 12:03:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 10:38:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/04 10:36:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/04 03:17:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/04 01:32:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:00:58 | 004,283,503 | R--- | C] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/03 23:15:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Malwarebytes
[2011/11/03 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/03 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/03 22:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 22:28:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Enki Games
[2011/11/03 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\TeamViewer
[2011/11/03 07:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Orcs Must Die
[2011/11/02 06:45:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/11/02 06:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/11/02 06:36:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r8.update.cracked.READ.NFO-THETA [ALEX]
[2011/11/02 06:36:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r7.update.cracked.fixed.READ.NFO-THETA [ALEX]
[2011/11/02 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r6.multi9.cracked.READ.NFO-THETA
[2011/10/29 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\HP
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\HP
[2011/10/29 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/29 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/29 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/29 23:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/29 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/10/29 23:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/29 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011/10/29 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/29 19:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/29 19:52:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/29 19:52:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/29 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 16:43:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:59:24 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SmartPCTools
[2011/10/29 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/10/29 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPCTools
[2011/10/27 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Facebook
[2011/10/26 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/26 18:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\PAYDAY
[2011/10/24 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Games
[2011/10/24 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/10/24 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/10/23 04:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/10/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Sahmon Games
[2011/10/22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Island - Castaway 2
[2011/10/22 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Island - Castaway 2
[2011/10/21 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/21 14:58:56 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/10/21 08:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SwagHack_Galaxy_Edition_3
[2011/10/21 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Panda Security
[2011/10/21 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/21 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/10/21 05:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/10/21 05:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/20 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Cheat Tables
[2011/10/20 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Trillian
[2011/10/20 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2011/10/19 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\201280
[2011/10/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/19 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/10/19 00:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/19 00:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/18 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\The Adventures of Tintin
[2011/10/18 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Realtime Soft
[2011/10/18 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\David_Rudie
[2011/10/18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\SoftTH
[2011/10/17 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\DeskSoft
[2011/10/17 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/10/17 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Almeza
[2011/10/17 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Ubisoft Game Launcher
[2011/10/17 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Ubisoft
[2011/10/17 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/10/17 18:36:31 | 000,000,000 | -H-D | C] -- C:\Users\W@Z@L\InstallAnywhere
[2011/10/16 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Artworks
[2011/10/16 16:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing
[2011/10/16 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Artworks
[2011/10/16 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Eidos
[2011/10/16 15:21:28 | 000,000,000 | ---D | C] -- C:\Games
[2011/10/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Nitro PDF
[2011/10/12 13:53:27 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/10/12 13:53:27 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/10/12 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/10/12 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/10/12 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Downloaded Installations
[2011/10/07 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\SKIDROW
[2011/10/07 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/07 06:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/10/06 08:11:13 | 000,000,000 | --SD | C] -- C:\Users\W@Z@L\Documents\Passwords Database
[2011/10/05 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\dvdcss
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\ Studio
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\ Studio
[2011/10/05 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ Studio
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Studio
[2011/10/05 12:21:25 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/05 12:21:25 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/05 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 12:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 12:07:58 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 12:07:10 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 12:07:10 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 11:59:31 | 000,257,152 | ---- | M] () -- C:\Users\W@Z@L\Desktop\winsock.reg
[2011/11/04 11:59:10 | 000,257,152 | ---- | M] () -- C:\Users\W@Z@L\Documents\winsock.reg
[2011/11/04 11:55:27 | 978,415,052 | ---- | M] () -- C:\Users\W@Z@L\Desktop\11UnKnowN.avi
[2011/11/04 10:30:08 | 004,283,503 | R--- | M] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/04 07:47:43 | 183,008,082 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:53:12 | 183,321,332 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:36:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/04 03:01:06 | 182,758,062 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:45:47 | 183,283,454 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:07:02 | 000,000,512 | ---- | M] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 01:33:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:43 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:53:12 | 182,972,416 | ---- | M] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:53 | 000,007,605 | ---- | M] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/11/03 20:19:48 | 366,962,000 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:34:07 | 576,767,162 | ---- | M] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:08:11 | 576,755,712 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 21:01:33 | 575,969,280 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 11:36:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/01 11:36:00 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/01 11:36:00 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 19:38:27 | 419,433,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 09:36:59 | 004,841,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 23:21:17 | 000,164,734 | ---- | M] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:18:22 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 07:33:56 | 183,485,720 | ---- | M] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:17 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/13 22:58:41 | 000,002,515 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 09:25:39 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/10 12:27:45 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/08 16:39:53 | 000,000,117 | ---- | M] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/08 14:26:28 | 000,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 11:59:31 | 000,257,152 | ---- | C] () -- C:\Users\W@Z@L\Desktop\winsock.reg
[2011/11/04 11:59:10 | 000,257,152 | ---- | C] () -- C:\Users\W@Z@L\Documents\winsock.reg
[2011/11/04 11:28:53 | 978,415,052 | ---- | C] () -- C:\Users\W@Z@L\Desktop\11UnKnowN.avi
[2011/11/04 07:46:23 | 183,008,082 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:51:51 | 183,321,332 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 02:49:23 | 182,758,062 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:39:37 | 183,283,454 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:07:02 | 000,000,512 | ---- | C] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 00:51:31 | 182,972,416 | ---- | C] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 20:12:14 | 366,962,000 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:12:11 | 576,767,162 | ---- | C] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:02:42 | 576,755,712 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 20:49:36 | 575,969,280 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/10/29 23:18:44 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/29 23:18:22 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 23:15:18 | 000,164,734 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:15:17 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/10/29 19:52:56 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/29 16:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 16:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 16:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 16:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 16:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/29 07:30:42 | 183,485,720 | ---- | C] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/23 04:49:38 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Payday The Heist.lnk
[2011/10/12 13:53:19 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
[2011/10/07 18:07:38 | 000,000,117 | ---- | C] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/07 07:29:04 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | C] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[2011/10/03 15:58:22 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/02 07:33:12 | 000,000,126 | ---- | C] () -- C:\Users\W@Z@L\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/09/28 01:59:34 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/28 01:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/25 06:24:42 | 000,007,605 | ---- | C] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/09/21 14:26:25 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 01:41:53 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011/09/18 02:51:50 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2011/09/17 23:25:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/25 06:55:42 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\AnvSoft
[2011/09/18 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Ashampoo
[2011/10/02 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Babylon
[2011/09/25 05:09:56 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/09/25 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/10/19 02:26:13 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DeskSoft
[2011/10/04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DisneyInteractiveStudios
[2011/10/05 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DisplayFusion
[2011/10/12 13:52:19 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Downloaded Installations
[2011/11/03 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Enki Games
[2011/09/22 05:04:38 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\HdO Adventure
[2011/09/18 00:30:47 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\LolClient
[2011/10/12 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Nitro PDF
[2011/09/28 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Origin
[2011/10/21 07:58:46 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Panda Security
[2011/09/28 07:39:31 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Reviversoft
[2011/09/17 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\RocketDock Backup
[2011/10/22 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Sahmon Games
[2011/10/29 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\SmartPCTools
[2011/11/03 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\TeamViewer
[2011/09/28 07:29:04 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Thinstall
[2011/10/20 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Trillian
[2011/11/04 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\uTorrent
[2011/11/01 12:28:47 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Vso
[2011/10/04 12:33:07 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\WCMShare
[2011/10/04 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\WebcamMax
[2011/09/17 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Windows SideBar
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2009/07/14 00:08:49 | 000,027,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >

Edited by W@Z@L, 04 November 2011 - 11:17 AM.

[W@Z@L]

OTL logfile created on: 11/4/2011 12:12:53 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\W@Z@L\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 51.68% Memory free
8.00 Gb Paging File | 5.65 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.48 Gb Total Space | 87.85 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 356.51 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 77.36 Gb Free Space | 8.31% Space Free | Partition Type: NTFS

Computer Name: WEZEL | User Name: W@Z@L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/29 21:19:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/28 22:40:20 | 000,095,656 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/14 22:56:12 | 001,540,352 | ---- | M] (SmartPCTools) -- C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 14:04:37 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 21:18:59 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/15 06:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 06:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 06:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 06:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 06:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 06:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/26 23:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2007/09/02 15:58:52 | 000,495,616 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe
MOD - [2007/09/02 15:57:36 | 000,069,632 | ---- | M] () -- C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/24 15:03:32 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/03 16:12:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/04 13:39:14 | 000,584,488 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/07 14:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/11/22 19:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010/11/16 08:25:29 | 002,249,000 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/23 01:43:04 | 001,071,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/03 12:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 12:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2010/05/26 19:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 2E EC CC 9E 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\W@Z@L\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/25 00:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 23:18:59 | 000,000,000 | ---D | M]

[2011/09/17 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Extensions
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions
[2011/09/27 18:26:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/09/23 20:29:58 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/10/25 19:01:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/17 20:21:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/03 21:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/22 16:45:43 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/10/12 03:06:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\DefaultManager@Microsoft
[2011/10/02 17:38:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/09/17 20:21:19 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\extensions\[email protected]
[2011/10/04 16:00:25 | 000,002,572 | ---- | M] () -- C:\Users\W@Z@L\AppData\Roaming\Mozilla\Firefox\Profiles\dyrx68vj.default\searchplugins\askcom.xml
[2011/10/21 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 16:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/17 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\W@Z@L\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DYRX68VJ.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 21:18:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/04 06:36:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKCU..\Run: [RocketDock] C:\Users\W@Z@L\Desktop\DownloadsBACKUP!!!!\RocketDock Backup\Backup\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C467AA4-DC81-41E6-A854-E08F21501115}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 12:03:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 10:38:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/04 10:36:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/04 03:17:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/04 01:32:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:00:58 | 004,283,503 | R--- | C] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/03 23:15:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Malwarebytes
[2011/11/03 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/03 22:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/03 22:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/03 22:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 22:28:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 22:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Enki Games
[2011/11/03 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincarnations 3- Back to Reality Collectors Edition
[2011/11/03 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\TeamViewer
[2011/11/03 07:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/02 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Orcs Must Die
[2011/11/02 06:45:04 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011/11/02 06:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011/11/02 06:36:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r8.update.cracked.READ.NFO-THETA [ALEX]
[2011/11/02 06:36:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r7.update.cracked.fixed.READ.NFO-THETA [ALEX]
[2011/11/02 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Desktop\Orcs.Must.Die.v1.0r6.multi9.cracked.READ.NFO-THETA
[2011/10/29 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\HP
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/10/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\HP
[2011/10/29 23:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/10/29 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/29 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/29 23:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/29 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/10/29 23:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/29 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011/10/29 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/29 19:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/29 19:52:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/29 19:52:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/29 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 16:43:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:59:24 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\SmartPCTools
[2011/10/29 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/10/29 08:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartPCTools
[2011/10/27 20:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 20:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Facebook
[2011/10/26 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/26 18:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/25 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\PAYDAY
[2011/10/24 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Games
[2011/10/24 09:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/10/24 08:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/10/23 04:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Payday The Heist
[2011/10/22 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Sahmon Games
[2011/10/22 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Island - Castaway 2
[2011/10/22 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Island - Castaway 2
[2011/10/21 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/21 14:58:56 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/10/21 08:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SwagHack_Galaxy_Edition_3
[2011/10/21 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Panda Security
[2011/10/21 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/21 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/10/21 07:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/10/21 05:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/10/21 05:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/20 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\My Cheat Tables
[2011/10/20 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Trillian
[2011/10/20 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2011/10/19 21:07:52 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\201280
[2011/10/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/19 00:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/10/19 00:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/19 00:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/18 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\The Adventures of Tintin
[2011/10/18 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Realtime Soft
[2011/10/18 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\David_Rudie
[2011/10/18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\SoftTH
[2011/10/17 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\DeskSoft
[2011/10/17 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/10/17 22:12:23 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Almeza
[2011/10/17 18:49:44 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\Ubisoft Game Launcher
[2011/10/17 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Ubisoft
[2011/10/17 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/10/17 18:36:31 | 000,000,000 | -H-D | C] -- C:\Users\W@Z@L\InstallAnywhere
[2011/10/16 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Artworks
[2011/10/16 16:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing
[2011/10/16 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Computer Artworks
[2011/10/16 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\Eidos
[2011/10/16 15:21:28 | 000,000,000 | ---D | C] -- C:\Games
[2011/10/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Nitro PDF
[2011/10/12 13:53:27 | 000,028,992 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/10/12 13:53:27 | 000,017,216 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/10/12 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/10/12 13:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/10/12 13:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/10/12 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\Downloaded Installations
[2011/10/07 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\SKIDROW
[2011/10/07 06:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/10/07 06:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/10/06 08:11:13 | 000,000,000 | --SD | C] -- C:\Users\W@Z@L\Documents\Passwords Database
[2011/10/05 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Roaming\dvdcss
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\Documents\ Studio
[2011/10/05 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\W@Z@L\AppData\Local\ Studio
[2011/10/05 14:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ Studio
[2011/10/05 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Studio
[2011/10/05 12:21:25 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2011/10/05 12:21:25 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2011/10/05 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 12:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 12:07:58 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 12:07:10 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 12:07:10 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 11:59:31 | 000,257,152 | ---- | M] () -- C:\Users\W@Z@L\Desktop\winsock.reg
[2011/11/04 11:59:10 | 000,257,152 | ---- | M] () -- C:\Users\W@Z@L\Documents\winsock.reg
[2011/11/04 11:55:27 | 978,415,052 | ---- | M] () -- C:\Users\W@Z@L\Desktop\11UnKnowN.avi
[2011/11/04 10:30:08 | 004,283,503 | R--- | M] (Swearware) -- C:\Users\W@Z@L\Desktop\ComboFix.exe
[2011/11/04 07:47:43 | 183,008,082 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:53:12 | 183,321,332 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:36:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/04 03:01:06 | 182,758,062 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:45:47 | 183,283,454 | ---- | M] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:07:02 | 000,000,512 | ---- | M] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 01:33:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\W@Z@L\Desktop\aswMBR.exe
[2011/11/04 01:32:43 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\W@Z@L\Desktop\tdsskiller.exe
[2011/11/04 00:53:12 | 182,972,416 | ---- | M] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 23:15:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W@Z@L\Desktop\OTL.exe
[2011/11/03 22:29:53 | 000,007,605 | ---- | M] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/11/03 20:19:48 | 366,962,000 | ---- | M] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:34:07 | 576,767,162 | ---- | M] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:08:11 | 576,755,712 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 21:01:33 | 575,969,280 | ---- | M] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/11/01 11:36:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/01 11:36:00 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/01 11:36:00 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 19:38:27 | 419,433,678 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 09:36:59 | 004,841,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/29 23:21:17 | 000,164,734 | ---- | M] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:18:22 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 07:33:56 | 183,485,720 | ---- | M] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:17 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 03:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/10/15 03:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/13 22:58:41 | 000,002,515 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/11 09:25:39 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/10 12:27:45 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/08 16:39:53 | 000,000,117 | ---- | M] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/08 14:26:28 | 000,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | M] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 11:59:31 | 000,257,152 | ---- | C] () -- C:\Users\W@Z@L\Desktop\winsock.reg
[2011/11/04 11:59:10 | 000,257,152 | ---- | C] () -- C:\Users\W@Z@L\Documents\winsock.reg
[2011/11/04 11:28:53 | 978,415,052 | ---- | C] () -- C:\Users\W@Z@L\Desktop\11UnKnowN.avi
[2011/11/04 07:46:23 | 183,008,082 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E07.The.Ledger.HDTV.XviD-MOMENTUM.avi
[2011/11/04 06:51:51 | 183,321,332 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Bordertown.Laredo.S01E08.Fifty.Tons.HDTV.XviD-MOMENTUM.avi
[2011/11/04 02:49:23 | 182,758,062 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e06.hdtv.xvid-momentum.avi
[2011/11/04 02:39:37 | 183,283,454 | ---- | C] () -- C:\Users\W@Z@L\Desktop\bordertown.laredo.s01e05.hdtv.xvid-momentum.avi
[2011/11/04 02:07:02 | 000,000,512 | ---- | C] () -- C:\Users\W@Z@L\Desktop\MBR.dat
[2011/11/04 00:51:31 | 182,972,416 | ---- | C] () -- C:\Users\W@Z@L\Desktop\beavis.and.butt-head.902.pdtv.xvid-sys.avi
[2011/11/03 20:12:14 | 366,962,000 | ---- | C] () -- C:\Users\W@Z@L\Desktop\Charlies.Angels.2011.S01E06.HDTV.XviD-ASAP.avi
[2011/11/02 21:12:11 | 576,767,162 | ---- | C] () -- C:\Users\W@Z@L\Desktop\james.mays.man.lab.s01e03.ws.pdtv.xvid-ftp.avi
[2011/11/02 21:02:42 | 576,755,712 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E02.WS.PDTV.XviD-BARGE.avi
[2011/11/02 20:49:36 | 575,969,280 | ---- | C] () -- C:\Users\W@Z@L\Desktop\James.Mays.Man.Lab.S01E01.WS.PDTV.XviD-FTP.avi
[2011/10/29 23:18:44 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/29 23:18:22 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/29 23:15:18 | 000,164,734 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/29 23:15:17 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/10/29 19:52:56 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/10/29 16:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 16:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 16:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 16:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 16:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/29 07:30:42 | 183,485,720 | ---- | C] () -- C:\Users\W@Z@L\Desktop\X-Men.2011.S01E02.HDTV.XviD-LMAO.avi
[2011/10/26 23:50:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2011/10/26 18:34:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/26 18:31:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/23 04:49:38 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Payday The Heist.lnk
[2011/10/12 13:53:19 | 000,002,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
[2011/10/07 18:07:38 | 000,000,117 | ---- | C] () -- C:\Users\W@Z@L\Documents\Rage.cht
[2011/10/07 07:29:04 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2011/10/05 14:41:58 | 000,002,223 | ---- | C] () -- C:\Users\W@Z@L\Application Data\Microsoft\Internet Explorer\Quick Launch\ DVD Ripper.lnk
[2011/10/03 15:58:22 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/10/02 07:33:12 | 000,000,126 | ---- | C] () -- C:\Users\W@Z@L\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/09/28 01:59:34 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/28 01:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/25 06:24:42 | 000,007,605 | ---- | C] () -- C:\Users\W@Z@L\AppData\Local\Resmon.ResmonCfg
[2011/09/21 14:26:25 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 01:41:53 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011/09/18 02:51:50 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
[2011/09/17 23:25:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/25 06:55:42 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\AnvSoft
[2011/09/18 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Ashampoo
[2011/10/02 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Babylon
[2011/09/25 05:09:56 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/09/25 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/10/19 02:26:13 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DeskSoft
[2011/10/04 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DisneyInteractiveStudios
[2011/10/05 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\DisplayFusion
[2011/10/12 13:52:19 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Downloaded Installations
[2011/11/03 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Enki Games
[2011/09/22 05:04:38 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\HdO Adventure
[2011/09/18 00:30:47 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\LolClient
[2011/10/12 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Nitro PDF
[2011/09/28 01:08:55 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Origin
[2011/10/21 07:58:46 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Panda Security
[2011/09/28 07:39:31 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Reviversoft
[2011/09/17 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\RocketDock Backup
[2011/10/22 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Sahmon Games
[2011/10/29 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\SmartPCTools
[2011/11/03 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\TeamViewer
[2011/09/28 07:29:04 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Thinstall
[2011/10/20 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Trillian
[2011/11/04 12:09:42 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\uTorrent
[2011/11/01 12:28:47 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Vso
[2011/10/04 12:33:07 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\WCMShare
[2011/10/04 08:00:02 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\WebcamMax
[2011/09/17 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\W@Z@L\AppData\Roaming\Windows SideBar
[2011/10/26 23:50:13 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3491092077-2592809933-3551427508-1000Core.job
[2009/07/14 00:08:49 | 000,027,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ECF54A0E

< End of report >

[RKinner]

I think we got it!

We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.


One final check:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also MSSE is often damaged by the anti-virus so download the latest version then uninstall the old one, reboot and install the new one.

If ESET comes back clean (It may find files in C:\_OTL or in C:\qoobox but those are already dead.) then I think we are done.


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron