PDA

View Full Version : unable to remove infection of malware



Rubadubdub
2010-12-30, 03:50
Hi,
I have two things that seems dodgy and i cannot remove,
stdrt.exe (trojan I think)
&
winsppt.exe (not sure don't like it)

I first tried my antivirus avast but that didn't find anything
then I tried spybot but got the same result.
My friend told me to download malwarebytes which I did and it picked up stdrt.exe and I deleted it from quarantine, only when I restarted my computer stdrt.exe started again as well, the same friend told me to run rkill then malwarebytes rkill stopped stdrt.exe and winsppt.exe then malwarebytes did the exact same as stated before with the exact same results.
Please help DDS is posted below,
Thanks

DDS (Ver_10-12-12.02) - NTFSx86
Run by Charles at 13:24:19.81 on Thu 30/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.3071.2249 [GMT 13:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Soluto\soluto.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\wsetup\winsppt.exe
C:\Users\Charles\AppData\Local\Temp\mrt415.tmp\stdrt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Charles\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stuff.co.nz/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msi.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Winsppt] c:\wsetup\winsppt.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: zipfldra.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\charles\appdata\roaming\mozilla\firefox\profiles\bihvf4h3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.stuff.co.nz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: browser.tabs.closeButtons - 1

============= SERVICES / DRIVERS ===============

R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-12-26 181704]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-5 165584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-5 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-9-19 160768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-20 1153368]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-11-1 331296]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-9-11 626688]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-11 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-9-19 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-10-24 25832]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-19 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]

=============== Created Last 30 ================

2010-12-29 08:25:20 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-29 07:23:00 -------- d-----w- c:\users\charles\appdata\roaming\Malwarebytes
2010-12-29 07:22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 07:22:54 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-29 07:22:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 07:22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 06:02:15 -------- d-----w- c:\users\charles\appdata\roaming\GoldWaveCDDB
2010-12-29 06:02:15 -------- d-----w- c:\progra~2\GoldWaveCDDB
2010-12-29 00:33:49 2380 ----a-w- c:\users\charles\cc_20101229_133328 registry as of 29 12 2010.reg
2010-12-28 21:33:24 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74cb243f-e510-4da1-8408-078544cf3663}\mpengine.dll
2010-12-28 08:50:10 -------- d-----w- c:\program files\common files\ATI Technologies
2010-12-28 08:50:06 -------- d-----w- c:\program files\ATI Stream
2010-12-27 23:25:59 -------- d-----w- C:\AMD
2010-12-26 03:17:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-26 03:17:51 -------- d-----w- c:\program files\ffdshow
2010-12-26 03:13:41 -------- d-----w- c:\progra~2\TVersity
2010-12-26 03:05:48 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-12-26 03:05:44 -------- d-----w- c:\program files\Soluto
2010-12-26 03:02:40 -------- d-----w- c:\progra~2\Soluto
2010-12-25 08:57:41 63948 ----a-w- c:\users\charles\cc_20101225_215720 registry as of 25 12 2010.reg
2010-12-19 23:32:28 -------- d-----w- c:\users\charles\at mount
2010-12-16 04:30:51 -------- d-----w- c:\program files\Freemake
2010-12-15 22:45:19 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 22:45:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-12 01:43:57 -------- d-----w- c:\users\charles\.zenmap
2010-12-12 01:43:14 -------- d-----w- c:\program files\WinPcap
2010-12-12 01:43:06 -------- d-----w- c:\program files\Nmap
2010-12-11 07:11:55 -------- d-----w- c:\program files\GoldWave
2010-12-08 23:05:42 -------- d-----w- C:\wsetup

==================== Find3M ====================

2010-11-26 03:02:08 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-11-26 02:54:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54:28 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54:00 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:52:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-11-26 02:52:36 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:52:18 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-11-26 02:30:20 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 02:30:08 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 02:28:44 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:24:36 52736 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:22:26 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-11-26 02:17:18 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17:04 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:16:54 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-11-26 02:15:58 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-11-26 02:15:42 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-11-26 02:09:12 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-04 22:02:54 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-29 06:59:40 7534 ----a-w- c:\users\charles\cc_20101029_195922 registry 29 10 2010.reg
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 05:23:23 14430 ----a-w- c:\users\charles\cc_20101019_182257 registry as of 19 10 2010.reg
2010-10-18 21:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 13:26:49.38 ===============

ken545
2011-01-03, 23:28
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Lets look a bit deeper into your system


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Rubadubdub
2011-01-07, 03:24
Hi thanks,

I re-tryed prior to getting this reply with rkill and malwarebytes and the infections seem to have gone (no longer showing in task manager).
I did do all that you suggested in the reply tho and the results are detailed below:
I cannot find the extras.txt file anywhere and only the OTL.txt notepad doc opened on completion

OTL logfile created on: 1/7/2011 2:09:39 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Charles\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.40 Gb Total Space | 116.04 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Drive D: | 182.26 Gb Total Space | 65.03 Gb Free Space | 35.68% Space Free | Partition Type: NTFS

Computer Name: CHARLES-LAPTOP | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\zipfldra.dll ()
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (PCGenFAM) -- C:\windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (toshidpt) -- C:\windows\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (cdrbsdrv) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7
FF - prefs.js..extensions.enabledItems: info@priceblink.com:2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.14amo
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9100/proxy.pac"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 15:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 15:09:58 | 000,000,000 | ---D | M]

[2010/01/23 11:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2011/01/07 11:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/16 23:12:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/12/08 13:22:23 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/07 17:03:15 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/08/11 11:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 14:22:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/01 14:19:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/27 10:29:31 | 000,000,000 | ---D | M] (BarTab) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\bartap@philikon.de
[2010/11/21 19:39:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\firefox@ghostery.com
[2010/12/08 13:22:24 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\info@priceblink.com
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\SkipScreen@SkipScreen
[2010/11/11 17:18:41 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\smarterwiki@wikiatic.com
[2007/10/05 15:16:34 | 000,001,908 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\aboutcom.xml
[2009/03/14 15:59:18 | 000,000,902 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\allrecipes.xml
[2008/01/16 11:27:18 | 000,002,458 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\amie-street.xml
[2009/10/04 16:31:26 | 000,005,573 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\associated-content.xml
[2009/03/22 14:28:18 | 000,001,096 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\blipprcom.xml
[2008/08/10 00:02:24 | 000,000,416 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\charlie.xml
[2010/09/02 16:54:10 | 000,002,059 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\daemon-search.xml
[2009/03/22 14:29:50 | 000,002,713 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\damn-interesting.xml
[2010/05/12 22:42:44 | 000,000,914 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dictionarycom.xml
[2009/03/21 16:08:14 | 000,002,014 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dogpile.xml
[2008/09/26 16:32:04 | 000,005,356 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\egydown--full-free-software.xml
[2009/01/11 16:53:58 | 000,001,330 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\ezinearticles.xml
[2009/09/25 12:47:24 | 000,000,930 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\facebook.xml
[2008/05/04 12:49:10 | 000,000,980 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\globeandmail.xml
[2009/06/14 13:19:02 | 000,011,100 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\gutenberg-en.xml
[2011/01/07 11:58:42 | 000,002,279 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\howstuffworks.xml
[2009/03/14 16:24:40 | 000,002,103 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\instructables.xml
[2008/03/01 14:10:42 | 000,001,703 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\live-search.xml
[2008/04/25 23:19:14 | 000,005,355 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\microsoft-support-search.xml
[2008/11/13 11:08:32 | 000,005,339 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\motdambianscom.xml
[2008/04/05 12:52:06 | 000,002,520 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\mozilla-add-ons.xml
[2009/03/22 14:25:18 | 000,001,937 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\organizedwisdom-health-en.xml
[2009/01/03 16:01:16 | 000,001,102 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\project-playlist-music-search.xml
[2008/06/23 16:08:24 | 000,002,039 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\romulation-rom-search.xml
[2008/08/09 18:11:26 | 000,002,022 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\shoemoney.xml
[2010/05/12 22:42:22 | 000,000,911 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\thesauruscom.xml
[2007/12/13 11:25:22 | 000,000,964 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\trade-me-search.xml
[2008/03/21 14:28:28 | 000,001,058 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-en.xml
[2008/02/16 15:11:08 | 000,001,068 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-english.xml
[2008/08/24 11:42:30 | 000,002,255 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikiquote-en.xml
[2008/11/19 18:02:26 | 000,009,268 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\yahoo7.xml
[2010/01/23 11:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/25 21:33:59 | 000,428,403 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14747 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 118.82.130.61 118.82.130.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (zipfldra.dll) - C:\windows\System32\zipfldra.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.now.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 13:02:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/07 13:01:58 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Charles\Desktop\ATF-Cleaner.exe
[2011/01/07 12:57:26 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/01/03 17:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2010/12/29 21:25:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/12/29 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/12/29 20:22:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 20:22:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/29 20:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\GoldWaveCDDB
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWaveCDDB
[2010/12/28 21:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/28 21:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/12/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2010/12/28 21:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Stream
[2010/12/28 21:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010/12/28 12:25:59 | 000,000,000 | ---D | C] -- C:\AMD
[2010/12/26 16:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/26 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
[2010/12/26 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2010/12/26 16:05:48 | 000,181,704 | ---- | C] (Soluto LTD.) -- C:\windows\System32\drivers\PCGenFAM.sys
[2010/12/26 16:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/12/26 16:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2010/12/26 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/12/20 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charles\at mount
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Freemake
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2010/12/16 17:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2010/12/16 11:45:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/12/16 11:44:49 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/12/16 11:44:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/12/16 11:44:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/12/16 11:44:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/12/16 11:44:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/12/16 11:44:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/12/16 11:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/12/16 11:44:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/12/16 11:44:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/12/16 11:44:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/12/16 11:44:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/12/16 11:44:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010/12/16 11:44:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010/12/16 11:44:15 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010/12/16 11:44:15 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010/12/16 11:44:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/12/16 11:44:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/12/16 11:44:07 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010/12/16 11:44:05 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/12/16 11:44:03 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/12/12 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Charles\.zenmap
[2010/12/12 14:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2010/12/11 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/12/09 12:05:42 | 000,000,000 | ---D | C] -- C:\wsetup
[2010/12/09 12:05:41 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\vlc
[2010/12/09 12:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 14:02:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/07 12:57:26 | 000,000,864 | ---- | M] () -- C:\Users\Charles\Desktop\Handbrake.lnk
[2011/01/07 11:52:05 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 11:52:05 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 11:05:10 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/03 20:32:29 | 005,747,478 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 20:32:29 | 002,703,630 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/03 11:24:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/01/03 03:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/01 09:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/01/01 09:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/01/01 09:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/01/01 08:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/01/01 08:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/01/01 08:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/01/01 08:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2010/12/29 20:22:54 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 18:18:37 | 000,001,284 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/29 13:33:51 | 000,002,380 | ---- | M] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/29 13:33:08 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/28 21:58:47 | 000,000,937 | ---- | M] () -- C:\Users\Charles\Desktop\TheSage.lnk
[2010/12/26 16:13:52 | 000,002,063 | ---- | M] () -- C:\Users\Charles\Desktop\TVersity.lnk
[2010/12/26 15:36:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/12/26 15:21:43 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/25 21:57:45 | 000,063,948 | ---- | M] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/25 21:33:59 | 000,428,403 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/19 14:34:58 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\xrecode II.lnk
[2010/12/17 07:45:23 | 000,384,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/16 17:30:55 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/16 17:02:25 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/15 11:11:04 | 000,024,576 | ---- | M] () -- C:\Users\Charles\Documents\Curriculum Vitae.doc
[2010/12/13 15:12:33 | 000,082,944 | ---- | M] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:54:59 | 000,426,705 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101225-213358.backup
[2010/12/12 14:43:49 | 000,000,935 | ---- | M] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:19:41 | 000,215,384 | ---- | M] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | M] () -- C:\Users\Charles\Desktop\GoldWave.lnk
[2010/12/09 12:05:34 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 20:22:54 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 13:33:49 | 000,002,380 | ---- | C] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/26 16:17:52 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/12/26 16:07:08 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/25 21:57:41 | 000,063,948 | ---- | C] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/16 17:30:55 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/13 15:12:33 | 000,082,944 | ---- | C] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:43:49 | 000,000,935 | ---- | C] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:18:39 | 000,215,384 | ---- | C] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | C] () -- C:\Users\Charles\Desktop\GoldWave.lnk
[2010/12/09 12:05:34 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/20 11:03:20 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/10/05 09:24:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/31 19:41:13 | 000,003,457 | ---- | C] () -- C:\Users\Charles\AppData\Local\bff.dat
[2010/06/04 22:00:28 | 000,004,608 | ---- | C] () -- C:\windows\System32\zipfldra.dll
[2010/04/09 12:16:22 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2010/04/09 12:12:00 | 000,007,680 | ---- | C] () -- C:\windows\System32\CNMVS61.DLL
[2010/04/06 17:39:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 13:14:25 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/02/03 17:39:53 | 000,000,017 | ---- | C] () -- C:\Users\Charles\AppData\Local\resmon.resmoncfg
[2010/01/29 12:44:34 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010/01/22 20:01:16 | 000,047,104 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 11:41:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/21 09:18:30 | 000,000,536 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2010/01/20 15:39:16 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/30 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\AnvSoft
[2010/09/02 16:55:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DAEMON Tools Lite
[2010/12/29 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\dBpoweramp
[2010/09/30 18:57:24 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Dropbox
[2010/02/12 15:31:30 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\FUJIFILM
[2010/12/29 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GoldWaveCDDB
[2010/02/19 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HandBrake
[2010/01/29 13:03:03 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ImgBurn
[2010/01/21 09:18:44 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Template
[2011/01/06 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeraCopy
[2010/12/28 21:57:45 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TheSage
[2010/12/28 14:44:19 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\uTorrent
[2010/11/25 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\xrecode2
[2010/11/15 21:00:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2011-01-07, 04:27
What where going to remove is a backdoor trojan, it has the option to go out and download other junk to your computer, it could also steal passwords but I am not sure of what it has done. To be on the safeside I would use a known clean computer and change all your passwords for sites you frequent, especially shopping and banking websites.



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
MOD - C:\Windows\System32\zipfldra.dll ()
O20 - AppInit_DLLs: (zipfldra.dll) - C:\windows\System32\zipfldra.dll ()
[2010/12/12 14:54:59 | 000,426,705 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101225-213358.backup
[2010/06/04 22:00:28 | 000,004,608 | ---- | C] () -- C:\windows\System32\zipfldra.dll


:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Rubadubdub
2011-01-08, 03:52
hi reports are as follows

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zipfldra.dll deleted successfully.
C:\Windows\System32\zipfldra.dll moved successfully.
C:\Windows\System32\drivers\etc\hosts.20101225-213358.backup moved successfully.
File C:\windows\System32\zipfldra.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Charles
->Temp folder emptied: 4859 bytes
->Temporary Internet Files folder emptied: 575603 bytes
->FireFox cache emptied: 147695469 bytes
->Flash cache emptied: 42979 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-CHARLES-LAPTOP
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 62854 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 172032 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2294 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 142.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01082011_141349

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL logfile created on: 1/8/2011 2:18:04 PM - Run 4
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Charles\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.40 Gb Total Space | 115.86 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive D: | 182.26 Gb Total Space | 65.03 Gb Free Space | 35.68% Space Free | Partition Type: NTFS

Computer Name: CHARLES-LAPTOP | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (PCGenFAM) -- C:\windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (toshidpt) -- C:\windows\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (cdrbsdrv) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7
FF - prefs.js..extensions.enabledItems: info@priceblink.com:2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.14amo
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9100/proxy.pac"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 15:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 15:09:58 | 000,000,000 | ---D | M]

[2010/01/23 11:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2011/01/07 11:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/16 23:12:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/12/08 13:22:23 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/07 17:03:15 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/08/11 11:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 14:22:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/01 14:19:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/27 10:29:31 | 000,000,000 | ---D | M] (BarTab) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\bartap@philikon.de
[2010/11/21 19:39:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\firefox@ghostery.com
[2010/12/08 13:22:24 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\info@priceblink.com
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\SkipScreen@SkipScreen
[2010/11/11 17:18:41 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\smarterwiki@wikiatic.com
[2007/10/05 15:16:34 | 000,001,908 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\aboutcom.xml
[2009/03/14 15:59:18 | 000,000,902 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\allrecipes.xml
[2008/01/16 11:27:18 | 000,002,458 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\amie-street.xml
[2009/10/04 16:31:26 | 000,005,573 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\associated-content.xml
[2009/03/22 14:28:18 | 000,001,096 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\blipprcom.xml
[2008/08/10 00:02:24 | 000,000,416 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\charlie.xml
[2010/09/02 16:54:10 | 000,002,059 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\daemon-search.xml
[2009/03/22 14:29:50 | 000,002,713 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\damn-interesting.xml
[2010/05/12 22:42:44 | 000,000,914 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dictionarycom.xml
[2009/03/21 16:08:14 | 000,002,014 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dogpile.xml
[2008/09/26 16:32:04 | 000,005,356 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\egydown--full-free-software.xml
[2009/01/11 16:53:58 | 000,001,330 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\ezinearticles.xml
[2009/09/25 12:47:24 | 000,000,930 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\facebook.xml
[2008/05/04 12:49:10 | 000,000,980 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\globeandmail.xml
[2009/06/14 13:19:02 | 000,011,100 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\gutenberg-en.xml
[2011/01/07 11:58:42 | 000,002,279 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\howstuffworks.xml
[2009/03/14 16:24:40 | 000,002,103 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\instructables.xml
[2008/03/01 14:10:42 | 000,001,703 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\live-search.xml
[2008/04/25 23:19:14 | 000,005,355 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\microsoft-support-search.xml
[2008/11/13 11:08:32 | 000,005,339 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\motdambianscom.xml
[2008/04/05 12:52:06 | 000,002,520 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\mozilla-add-ons.xml
[2009/03/22 14:25:18 | 000,001,937 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\organizedwisdom-health-en.xml
[2009/01/03 16:01:16 | 000,001,102 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\project-playlist-music-search.xml
[2008/06/23 16:08:24 | 000,002,039 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\romulation-rom-search.xml
[2008/08/09 18:11:26 | 000,002,022 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\shoemoney.xml
[2010/05/12 22:42:22 | 000,000,911 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\thesauruscom.xml
[2007/12/13 11:25:22 | 000,000,964 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\trade-me-search.xml
[2008/03/21 14:28:28 | 000,001,058 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-en.xml
[2008/02/16 15:11:08 | 000,001,068 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-english.xml
[2008/08/24 11:42:30 | 000,002,255 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikiquote-en.xml
[2008/11/19 18:02:26 | 000,009,268 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\yahoo7.xml
[2010/01/23 11:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/08 14:14:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 118.82.130.61 118.82.130.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.now.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 14:13:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/07 14:26:43 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe
[2011/01/07 13:02:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/07 13:01:58 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Charles\Desktop\ATF-Cleaner.exe
[2011/01/07 12:57:26 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/01/03 17:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2010/12/29 21:25:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/12/29 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/12/29 20:22:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 20:22:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/29 20:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\GoldWaveCDDB
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWaveCDDB
[2010/12/28 21:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/28 21:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/12/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2010/12/28 21:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Stream
[2010/12/28 21:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010/12/28 12:25:59 | 000,000,000 | ---D | C] -- C:\AMD
[2010/12/26 16:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/26 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
[2010/12/26 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2010/12/26 16:05:48 | 000,181,704 | ---- | C] (Soluto LTD.) -- C:\windows\System32\drivers\PCGenFAM.sys
[2010/12/26 16:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/12/26 16:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2010/12/26 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/12/20 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charles\at mount
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Freemake
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2010/12/16 17:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2010/12/16 11:45:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/12/16 11:44:49 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/12/16 11:44:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/12/16 11:44:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/12/16 11:44:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/12/16 11:44:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/12/16 11:44:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/12/16 11:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/12/16 11:44:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/12/16 11:44:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/12/16 11:44:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/12/16 11:44:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/12/16 11:44:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010/12/16 11:44:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010/12/16 11:44:15 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010/12/16 11:44:15 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010/12/16 11:44:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/12/16 11:44:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/12/16 11:44:07 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010/12/16 11:44:05 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/12/16 11:44:03 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/12/12 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Charles\.zenmap
[2010/12/12 14:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2010/12/11 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave

========== Files - Modified Within 30 Days ==========

[2011/01/08 14:15:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/08 14:14:59 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 14:14:07 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/01/08 11:57:25 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 11:57:25 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 12:57:26 | 000,000,864 | ---- | M] () -- C:\Users\Charles\Desktop\Handbrake.lnk
[2011/01/03 20:32:29 | 005,747,478 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 20:32:29 | 002,703,630 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/03 11:24:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/01/03 03:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/01 09:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/01/01 09:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/01/01 09:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/01/01 08:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/01/01 08:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/01/01 08:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/01/01 08:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2010/12/29 20:22:54 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 18:18:37 | 000,001,284 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/29 13:33:51 | 000,002,380 | ---- | M] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/29 13:33:08 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/28 21:58:47 | 000,000,937 | ---- | M] () -- C:\Users\Charles\Desktop\TheSage.lnk
[2010/12/26 16:13:52 | 000,002,063 | ---- | M] () -- C:\Users\Charles\Desktop\TVersity.lnk
[2010/12/26 15:36:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/12/26 15:21:43 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/25 21:57:45 | 000,063,948 | ---- | M] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/25 21:33:59 | 000,428,403 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110107-175352.backup
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/19 14:34:58 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\xrecode II.lnk
[2010/12/17 07:45:23 | 000,384,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/16 17:30:55 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/16 17:02:25 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/15 11:11:04 | 000,024,576 | ---- | M] () -- C:\Users\Charles\Documents\Curriculum Vitae.doc
[2010/12/13 15:12:33 | 000,082,944 | ---- | M] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:43:49 | 000,000,935 | ---- | M] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:19:41 | 000,215,384 | ---- | M] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | M] () -- C:\Users\Charles\Desktop\GoldWave.lnk

========== Files Created - No Company Name ==========

[2010/12/29 20:22:54 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 13:33:49 | 000,002,380 | ---- | C] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/26 16:17:52 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/12/26 16:07:08 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/25 21:57:41 | 000,063,948 | ---- | C] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/16 17:30:55 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/13 15:12:33 | 000,082,944 | ---- | C] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:43:49 | 000,000,935 | ---- | C] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:18:39 | 000,215,384 | ---- | C] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | C] () -- C:\Users\Charles\Desktop\GoldWave.lnk
[2010/10/20 11:03:20 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/10/05 09:24:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/31 19:41:13 | 000,003,457 | ---- | C] () -- C:\Users\Charles\AppData\Local\bff.dat
[2010/04/09 12:16:22 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2010/04/09 12:12:00 | 000,007,680 | ---- | C] () -- C:\windows\System32\CNMVS61.DLL
[2010/04/06 17:39:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 13:14:25 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/02/03 17:39:53 | 000,000,017 | ---- | C] () -- C:\Users\Charles\AppData\Local\resmon.resmoncfg
[2010/01/29 12:44:34 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010/01/22 20:01:16 | 000,047,104 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 11:41:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/21 09:18:30 | 000,000,536 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2010/01/20 15:39:16 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >


Thanks

ken545
2011-01-08, 04:39
Missed this one and its gotta go, post the log it produces but hold off on running a new scan and posting a new log.


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2010/12/25 21:33:59 | 000,428,403 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110107-175352.backup


:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Rubadubdub
2011-01-09, 04:00
logs as follows

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\Windows\System32\drivers\etc\hosts.20110107-175352.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Charles
->Temp folder emptied: 1600 bytes
->Temporary Internet Files folder emptied: 63583 bytes
->FireFox cache emptied: 28379009 bytes
->Flash cache emptied: 582 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-CHARLES-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2189734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01092011_144137

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5485

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/01/2011 2:57:48 p.m.
mbam-log-2011-01-09 (14-57-48).txt

Scan type: Quick scan
Objects scanned: 149216
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ken545
2011-01-09, 05:19
Things running any better ? Run a new scan with OTL and post a new log and let me take another look

Rubadubdub
2011-01-10, 02:30
Hi,
Things seem to be running fine thank you very much for the help.
OTL log below

OTL logfile created on: 1/10/2011 1:25:13 PM - Run 5
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Charles\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.40 Gb Total Space | 118.38 Gb Free Space | 43.30% Space Free | Partition Type: NTFS
Drive D: | 182.26 Gb Total Space | 65.03 Gb Free Space | 35.68% Space Free | Partition Type: NTFS

Computer Name: CHARLES-LAPTOP | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Charles\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (PCGenFAM) -- C:\windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (toshidpt) -- C:\windows\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (cdrbsdrv) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: bartap@philikon.de:2.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7
FF - prefs.js..extensions.enabledItems: info@priceblink.com:2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.14amo
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9100/proxy.pac"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 15:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 15:09:58 | 000,000,000 | ---D | M]

[2010/01/23 11:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2011/01/09 14:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/16 23:12:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/12/08 13:22:23 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/07 17:03:15 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/08/11 11:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/12/25 21:14:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 14:22:31 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/01 14:19:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/27 10:29:31 | 000,000,000 | ---D | M] (BarTab) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\bartap@philikon.de
[2010/11/21 19:39:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\firefox@ghostery.com
[2010/12/08 13:22:24 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\info@priceblink.com
[2010/12/09 17:03:02 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\SkipScreen@SkipScreen
[2010/11/11 17:18:41 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\extensions\smarterwiki@wikiatic.com
[2007/10/05 15:16:34 | 000,001,908 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\aboutcom.xml
[2009/03/14 15:59:18 | 000,000,902 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\allrecipes.xml
[2008/01/16 11:27:18 | 000,002,458 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\amie-street.xml
[2009/10/04 16:31:26 | 000,005,573 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\associated-content.xml
[2009/03/22 14:28:18 | 000,001,096 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\blipprcom.xml
[2008/08/10 00:02:24 | 000,000,416 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\charlie.xml
[2010/09/02 16:54:10 | 000,002,059 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\daemon-search.xml
[2009/03/22 14:29:50 | 000,002,713 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\damn-interesting.xml
[2010/05/12 22:42:44 | 000,000,914 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dictionarycom.xml
[2009/03/21 16:08:14 | 000,002,014 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\dogpile.xml
[2008/09/26 16:32:04 | 000,005,356 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\egydown--full-free-software.xml
[2009/01/11 16:53:58 | 000,001,330 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\ezinearticles.xml
[2009/09/25 12:47:24 | 000,000,930 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\facebook.xml
[2008/05/04 12:49:10 | 000,000,980 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\globeandmail.xml
[2009/06/14 13:19:02 | 000,011,100 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\gutenberg-en.xml
[2011/01/07 11:58:42 | 000,002,279 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\howstuffworks.xml
[2009/03/14 16:24:40 | 000,002,103 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\instructables.xml
[2008/03/01 14:10:42 | 000,001,703 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\live-search.xml
[2008/04/25 23:19:14 | 000,005,355 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\microsoft-support-search.xml
[2008/11/13 11:08:32 | 000,005,339 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\motdambianscom.xml
[2008/04/05 12:52:06 | 000,002,520 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\mozilla-add-ons.xml
[2009/03/22 14:25:18 | 000,001,937 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\organizedwisdom-health-en.xml
[2009/01/03 16:01:16 | 000,001,102 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\project-playlist-music-search.xml
[2008/06/23 16:08:24 | 000,002,039 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\romulation-rom-search.xml
[2008/08/09 18:11:26 | 000,002,022 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\shoemoney.xml
[2010/05/12 22:42:22 | 000,000,911 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\thesauruscom.xml
[2007/12/13 11:25:22 | 000,000,964 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\trade-me-search.xml
[2008/03/21 14:28:28 | 000,001,058 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-en.xml
[2008/02/16 15:11:08 | 000,001,068 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikipedia-english.xml
[2008/08/24 11:42:30 | 000,002,255 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\wikiquote-en.xml
[2008/11/19 18:02:26 | 000,009,268 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\bihvf4h3.default\searchplugins\yahoo7.xml
[2010/01/23 11:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/09 14:41:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 118.82.130.61 118.82.130.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.now.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 14:13:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/07 14:26:43 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe
[2011/01/07 13:02:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/07 13:01:58 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Charles\Desktop\ATF-Cleaner.exe
[2011/01/07 12:57:26 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/01/03 17:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2010/12/29 21:25:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/12/29 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/12/29 20:22:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 20:22:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/29 20:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\GoldWaveCDDB
[2010/12/29 19:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWaveCDDB
[2010/12/28 21:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/28 21:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/12/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2010/12/28 21:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Stream
[2010/12/28 21:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010/12/28 12:25:59 | 000,000,000 | ---D | C] -- C:\AMD
[2010/12/26 16:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/26 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
[2010/12/26 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2010/12/26 16:05:48 | 000,181,704 | ---- | C] (Soluto LTD.) -- C:\windows\System32\drivers\PCGenFAM.sys
[2010/12/26 16:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/12/26 16:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2010/12/26 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/12/20 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charles\at mount
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Freemake
[2010/12/16 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2010/12/16 17:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2010/12/16 11:45:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/12/16 11:44:49 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/12/16 11:44:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/12/16 11:44:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/12/16 11:44:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/12/16 11:44:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/12/16 11:44:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/12/16 11:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/12/16 11:44:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/12/16 11:44:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/12/16 11:44:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/12/16 11:44:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/12/16 11:44:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010/12/16 11:44:16 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010/12/16 11:44:15 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010/12/16 11:44:15 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010/12/16 11:44:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/12/16 11:44:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/12/16 11:44:07 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010/12/16 11:44:05 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/12/16 11:44:03 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/12/12 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Charles\.zenmap
[2010/12/12 14:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2010/12/11 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave

========== Files - Modified Within 30 Days ==========

[2011/01/10 13:10:24 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 13:10:24 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 13:02:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/10 13:01:56 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 14:53:22 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/09 14:41:44 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/01/07 12:57:26 | 000,000,864 | ---- | M] () -- C:\Users\Charles\Desktop\Handbrake.lnk
[2011/01/03 20:32:29 | 005,747,478 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 20:32:29 | 002,703,630 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/03 11:24:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/01/03 03:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2011/01/01 09:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/01/01 09:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/01/01 09:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/01/01 08:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/01/01 08:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/01/01 08:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/01/01 08:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2010/12/29 18:18:37 | 000,001,284 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/29 13:33:51 | 000,002,380 | ---- | M] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/29 13:33:08 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/28 21:58:47 | 000,000,937 | ---- | M] () -- C:\Users\Charles\Desktop\TheSage.lnk
[2010/12/26 16:13:52 | 000,002,063 | ---- | M] () -- C:\Users\Charles\Desktop\TVersity.lnk
[2010/12/26 15:36:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/12/26 15:21:43 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/25 21:57:45 | 000,063,948 | ---- | M] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/19 14:34:58 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\xrecode II.lnk
[2010/12/17 07:45:23 | 000,384,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/16 17:30:55 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/16 17:02:25 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/15 11:11:04 | 000,024,576 | ---- | M] () -- C:\Users\Charles\Documents\Curriculum Vitae.doc
[2010/12/13 15:12:33 | 000,082,944 | ---- | M] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:43:49 | 000,000,935 | ---- | M] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:19:41 | 000,215,384 | ---- | M] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | M] () -- C:\Users\Charles\Desktop\GoldWave.lnk

========== Files Created - No Company Name ==========

[2010/12/29 20:22:54 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 13:33:49 | 000,002,380 | ---- | C] () -- C:\Users\Charles\cc_20101229_133328 registry as of 29 12 2010.reg
[2010/12/26 16:17:52 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/12/26 16:07:08 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/25 21:57:41 | 000,063,948 | ---- | C] () -- C:\Users\Charles\cc_20101225_215720 registry as of 25 12 2010.reg
[2010/12/16 17:30:55 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2010/12/13 15:12:33 | 000,082,944 | ---- | C] () -- C:\Users\Charles\Fly Trap.doc
[2010/12/12 14:43:49 | 000,000,935 | ---- | C] () -- C:\Users\Charles\Desktop\Nmap - Zenmap GUI.lnk
[2010/12/12 14:18:39 | 000,215,384 | ---- | C] () -- C:\Users\Charles\Desktop\bookmarks-2010-12-12.json
[2010/12/11 20:11:56 | 000,000,718 | ---- | C] () -- C:\Users\Charles\Desktop\GoldWave.lnk
[2010/10/20 11:03:20 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2010/10/05 09:24:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/31 19:41:13 | 000,003,457 | ---- | C] () -- C:\Users\Charles\AppData\Local\bff.dat
[2010/04/09 12:16:22 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2010/04/09 12:12:00 | 000,007,680 | ---- | C] () -- C:\windows\System32\CNMVS61.DLL
[2010/04/06 17:39:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/06 13:14:25 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/02/03 17:39:53 | 000,000,017 | ---- | C] () -- C:\Users\Charles\AppData\Local\resmon.resmoncfg
[2010/01/29 12:44:34 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010/01/22 20:01:16 | 000,047,104 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 11:41:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/21 09:18:30 | 000,000,536 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2010/01/20 15:39:16 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/14 12:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >

ken545
2011-01-10, 03:14
Lets just run these through OTL

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.


:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

Rubadubdub
2011-01-10, 03:32
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Charles
->Temp folder emptied: 167804 bytes
->Temporary Internet Files folder emptied: 91557 bytes
->FireFox cache emptied: 82092956 bytes
->Flash cache emptied: 582 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-CHARLES-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7825296 bytes

Total Files Cleaned = 86.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01102011_141853

Files\Folders moved on Reboot...
C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO4JZLHN\background_button_green_full[1].png moved successfully.
C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGEAOTXA\list-item-plus[1].png moved successfully.
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ken545
2011-01-10, 03:55
Great :bigthumb:

To be sure your system is clean I recommend running this free online virus scanner.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic