Locked up my files...and other stuff

[colin0100]

Same, frozen.

In control panel : add or remove progs I see:

4shared desktop

and

4shared.com toolbar.

Should I remove these and see if I can then do a windows update?

[Maniac]

Yes, please.

[colin0100]

Deleted the 4share progs, rebooted (can't get to safe) tries Windows update, did not work...same as last time we tried.

Ran an OTL scan for you

=============== OTL logfile created on: 6/07/2012 10:17:48 PM - Run 5

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\COLIN\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.38% Memory free

3.85 Gb Paging File | 2.98 Gb Available in Paging File | 77.45% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.77 Gb Total Space | 65.74 Gb Free Space | 28.24% Space Free | Partition Type: NTFS

Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.42% Space Free | Partition Type: FAT32

Drive G: | 931.51 Gb Total Space | 228.95 Gb Free Space | 24.58% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS

Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 21:38:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe

PRC - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012/05/09 13:47:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012/05/09 13:47:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe

PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe

PRC - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

PRC - [2008/12/31 16:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe

PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2007/10/25 12:11:39 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2005/08/13 08:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005/03/09 14:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE

PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/08/04 22:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe

PRC - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 21:12:26 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1b45d66\system.drawing.dll

MOD - [2012/06/13 21:12:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9aa3dcd\system.windows.forms.dll

MOD - [2012/06/13 21:11:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

MOD - [2012/05/09 13:47:56 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012/01/13 08:06:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3db6a3e6\mscorlib.dll

MOD - [2012/01/13 08:06:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc2b0697\system.xml.dll

MOD - [2012/01/13 08:06:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3a3c05f7\system.dll

MOD - [2012/01/13 08:06:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2012/01/13 08:06:06 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll

MOD - [2012/01/13 08:06:05 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll

MOD - [2007/10/25 12:11:37 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll

MOD - [2006/01/17 15:56:10 | 000,183,296 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll

MOD - [2006/01/17 15:56:10 | 000,105,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll

MOD - [2006/01/17 15:56:10 | 000,075,264 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

MOD - [2006/01/16 18:34:03 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2006/01/16 18:34:03 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll

MOD - [2006/01/16 18:34:02 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll

MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/05/09 13:47:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)

SRV - [2003/06/04 09:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) [Auto | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector)

SRV - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)

DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COLIN\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/05/09 13:47:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/05/09 13:47:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2006/01/05 13:46:40 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/18 08:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)

DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)

DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)

DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)

DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)

DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)

DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)

DRV - [2003/11/18 06:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/18 06:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/18 06:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/06/04 09:52:24 | 000,123,957 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)

DRV - [2003/06/04 09:52:20 | 000,046,900 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)

DRV - [2003/03/08 09:07:58 | 000,029,603 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{7B5D77E7-B219-4760-B284-AE305BDFD485}: "URL" = http://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3228846

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hem.passagen.se/siamthai/news.htm

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes,DefaultScope = {D1006A2C-3FB5-4F19-B330-F7B263F8C24A}

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=9

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{D1006A2C-3FB5-4F19-B330-F7B263F8C24A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en

IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\COLIN\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD} [2009/11/25 15:34:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}\ [2009/11/30 19:16:23 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/02 11:22:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

O4 - Startup: C:\Documents and Settings\COLIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 (MUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/01/13 14:27:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 21:38:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe

[2012/07/06 10:17:27 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/07/05 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\PriceGong

[2012/07/05 12:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\My Documents\My 4shared Sync

[2012/07/05 12:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/07/05 12:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit

[2012/07/05 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2012/07/05 12:48:57 | 003,502,192 | ---- | C] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe

[2012/07/04 21:46:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/07/04 21:27:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/07/04 21:10:56 | 004,570,624 | R--- | C] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe

[2012/07/04 13:02:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/03 23:05:18 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe

[2012/07/03 22:47:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe

[2012/07/03 09:30:48 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/02 23:06:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe

[2012/07/02 10:33:04 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/07/02 10:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/07/02 10:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/07/02 10:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/07/02 10:26:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/07/02 01:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\COLIN\My Documents\ComboFix

[2012/07/02 00:57:19 | 001,544,384 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe

[2012/07/02 00:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Desktop\Malwarebytes (D)

[2012/07/02 00:34:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/02 00:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012/07/01 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe

[2012/06/30 07:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2012/06/29 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime

[2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime

[2012/06/29 22:17:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime

[2012/06/29 22:17:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime

[2012/06/29 22:17:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime

[2012/06/29 22:17:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime

[2012/06/29 22:17:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2012/06/29 22:17:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2012/06/29 22:17:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2012/06/29 22:17:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll

[2012/06/29 22:17:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll

[2012/06/29 22:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll

[2012/06/29 22:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime

[2012/06/29 22:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2012/06/29 22:17:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe

[2012/06/29 22:17:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll

[2012/06/29 22:17:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe

[2012/06/29 22:17:19 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2012/06/29 22:17:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll

[2012/06/29 22:17:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2012/06/29 22:17:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2012/06/29 22:17:17 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2012/06/29 22:17:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2012/06/29 22:17:08 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll

[2012/06/29 22:17:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll

[2012/06/29 22:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe

[2012/06/29 22:17:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2012/06/29 22:17:07 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll

[2012/06/29 22:17:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll

[2012/06/29 22:17:07 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll

[2012/06/29 22:17:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe

[2012/06/29 22:17:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2012/06/29 22:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll

[2012/06/29 22:17:06 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll

[2012/06/29 22:17:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2012/06/29 22:17:05 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe

[2012/06/29 22:17:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2012/06/29 22:17:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2012/06/29 22:17:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2012/06/29 22:17:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2012/06/29 22:17:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2012/06/29 22:17:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2012/06/29 22:16:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2012/06/29 22:16:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2012/06/29 22:16:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2012/06/29 22:16:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2012/06/29 22:16:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll

[2012/06/29 22:16:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime

[2012/06/29 22:16:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2012/06/29 22:16:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2012/06/29 22:16:43 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys

[2012/06/29 22:16:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2012/06/29 22:16:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime

[2012/06/29 22:16:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2012/06/29 22:16:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2012/06/29 22:16:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe

[2012/06/29 22:16:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll

[2012/06/29 22:16:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2012/06/29 22:16:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2012/06/29 22:16:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2012/06/29 22:16:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2012/06/29 22:16:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime

[2012/06/29 22:16:34 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll

[2012/06/29 22:16:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll

[2012/06/29 22:16:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll

[2012/06/29 22:16:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll

[2012/06/29 22:16:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2012/06/29 22:16:20 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll

[2012/06/29 22:16:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe

[2012/06/29 22:16:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex

[2012/06/29 22:16:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll

[2012/06/29 22:16:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe

[2012/06/29 22:16:00 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys

[2012/06/29 22:16:00 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll

[2012/06/29 22:15:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll

[2012/06/29 22:15:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll

[2012/06/29 22:15:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll

[2012/06/29 22:15:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll

[2012/06/29 22:15:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll

[2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll

[2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll

[2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll

[2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll

[2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll

[2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll

[2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll

[2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

[2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll

[2012/06/29 22:15:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll

[2012/06/29 22:15:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

[2012/06/29 22:15:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll

[2012/06/29 22:15:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll

[2012/06/29 22:15:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll

[2012/06/29 22:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll

[2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll

[2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll

[2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll

[2012/06/29 22:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll

[2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll

[2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll

[2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll

[2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

[2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll

[2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll

[2012/06/29 22:15:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll

[2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll

[2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll

[2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll

[2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll

[2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll

[2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll

[2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll

[2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll

[2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll

[2012/06/29 22:15:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll

[2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll

[2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll

[2012/06/29 22:15:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll

[2012/06/29 22:15:36 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll

[2012/06/29 22:15:36 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll

[2012/06/29 22:15:35 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll

[2012/06/29 22:15:35 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe

[2012/06/29 22:15:35 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll

[2012/06/29 22:15:35 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe

[2012/06/29 22:15:34 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe

[2012/06/29 22:15:34 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe

[2012/06/29 22:15:34 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2012/06/29 22:15:34 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe

[2012/06/29 22:15:33 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll

[2012/06/29 22:15:33 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe

[2012/06/29 22:15:33 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll

[2012/06/29 22:15:33 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe

[2012/06/29 22:15:32 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll

[2012/06/29 22:15:32 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll

[2012/06/29 22:15:32 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime

[2012/06/29 22:15:31 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe

[2012/06/29 22:15:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll

[2012/06/29 22:15:31 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll

[2012/06/29 22:15:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2012/06/29 22:15:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe

[2012/06/29 22:15:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime

[2012/06/29 22:15:24 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll

[2012/06/29 22:15:16 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll

[2012/06/29 22:15:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll

[2012/06/29 22:15:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll

[2012/06/29 22:15:09 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll

[2012/06/29 22:15:08 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll

[2012/06/29 22:15:08 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll

[2012/06/29 22:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe

[2012/06/29 22:15:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll

[2012/06/29 22:15:08 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll

[2012/06/29 22:15:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll

[2012/06/29 22:15:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll

[2012/06/29 22:15:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll

[2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll

[2012/06/29 22:15:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2012/06/29 22:15:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll

[2012/06/29 22:15:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll

[2012/06/29 22:15:06 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll

[2012/06/29 22:15:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe

[2012/06/29 22:15:06 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe

[2012/06/29 22:15:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2012/06/29 22:15:06 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2012/06/29 22:15:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll

[2012/06/29 22:15:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll

[2012/06/29 22:15:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll

[2012/06/29 22:15:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll

[2012/06/29 22:15:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe

[2012/06/29 22:15:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll

[2012/06/29 22:15:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe

[2012/06/29 22:15:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll

[2012/06/29 22:15:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll

[2012/06/29 22:15:00 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll

[2012/06/29 22:15:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe

[2012/06/29 22:15:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe

[2012/06/29 22:14:59 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2012/06/29 22:14:59 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2012/06/29 22:14:59 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2012/06/29 22:14:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys

[2012/06/29 22:14:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime

[2012/06/29 22:14:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

[2012/06/29 22:14:42 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe

[2012/06/29 22:14:39 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe

[2012/06/29 22:14:38 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll

[2012/06/29 22:14:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2012/06/29 22:14:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll

[2012/06/29 22:14:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll

[2012/06/29 22:14:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll

[2012/06/29 22:14:36 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll

[2012/06/29 22:14:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe

[2012/06/29 22:14:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe

[2012/06/29 22:14:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime

[2012/06/29 22:14:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe

[2012/06/29 22:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe

[2012/06/29 22:14:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2012/06/29 22:14:32 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll

[2012/06/29 22:14:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll

[2012/06/29 22:14:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll

[2012/06/29 22:14:06 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll

[2012/06/29 22:14:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll

[2012/06/29 22:14:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll

[2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll

[2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll

[2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll

[2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll

[2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll

[2012/06/29 22:13:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll

[2012/06/29 22:13:46 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe

[2012/06/29 22:13:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll

[2012/06/29 22:13:45 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll

[2012/06/29 22:13:45 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe

[2012/06/29 22:13:39 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe

[2012/06/29 22:13:38 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll

[2012/06/29 22:13:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll

[2012/06/29 22:13:38 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe

[2012/06/29 22:13:38 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe

[2012/06/29 22:13:38 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll

[2012/06/29 22:13:38 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe

[2012/06/29 22:13:37 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll

[2012/06/29 22:13:37 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll

[2012/06/29 22:13:37 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll

[2012/06/29 22:13:37 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll

[2012/06/29 22:13:37 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll

[2012/06/29 22:13:36 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll

[2012/06/29 22:13:36 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll

[2012/06/29 22:13:36 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll

[2012/06/29 22:13:36 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll

[2012/06/29 22:13:35 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe

[2012/06/29 22:13:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll

[2012/06/29 22:13:34 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe

[2012/06/29 22:13:33 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll

[2012/06/29 22:13:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe

[2012/06/29 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2012/06/29 22:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe

[2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll

[2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll

[2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll

[2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll

[2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc

[2012/06/29 16:40:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\COLIN\Recent

[2012/06/29 13:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

[2012/06/28 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/06/28 22:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\FixItCenter

[2012/06/28 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Data Recovery

[2012/06/26 13:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\HandBrake

[2012/06/26 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Handbrake

[2012/06/26 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2012/06/19 19:15:30 | 017,396,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe

[2009/01/19 11:54:15 | 005,992,404 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\Portable GetRight 6.3e.exe

[2008/12/09 11:27:59 | 002,167,968 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe

[2008/07/10 19:55:26 | 000,383,755 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\download-VobSub_2.23.exe

[2006/12/07 08:37:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\COLIN\Application Data\pcouffin.sys

[2006/01/17 15:55:09 | 011,477,288 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe

[2005/12/06 12:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll

[2005/12/06 12:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe

[2005/12/06 12:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll

[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 22:21:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/07/06 22:15:16 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk

[2012/07/06 22:15:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/06 22:13:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/07/06 22:11:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/06 22:11:03 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Command Prompt.job

[2012/07/06 22:10:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/06 21:38:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe

[2012/07/06 21:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/06 13:42:03 | 000,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/07/06 13:42:02 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/06 09:45:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job

[2012/07/05 12:49:10 | 003,502,192 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe

[2012/07/04 23:23:07 | 009,878,895 | ---- | M] () -- C:\Qoobox.zip

[2012/07/04 23:14:38 | 000,014,094 | ---- | M] () -- C:\FixitRegBackup.reg

[2012/07/04 23:02:56 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/07/04 21:10:56 | 004,570,624 | R--- | M] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe

[2012/07/04 18:24:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2012/07/04 18:24:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2012/07/04 18:23:26 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk

[2012/07/03 23:05:17 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe

[2012/07/03 22:47:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe

[2012/07/03 17:10:45 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2

[2012/07/02 23:07:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe

[2012/07/02 11:22:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/07/02 10:33:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/07/02 00:57:21 | 001,544,384 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe

[2012/07/01 09:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe

[2012/06/29 23:15:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk

[2012/06/29 22:20:55 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/29 22:19:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2012/06/29 22:12:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012/06/29 22:12:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/06/29 22:12:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/06/29 22:11:07 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2012/06/29 22:08:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/06/29 22:06:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/06/29 07:10:04 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer

[2012/06/29 07:10:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe

[2012/06/28 22:24:13 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk

[2012/06/28 18:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt

[2012/06/28 18:21:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr

[2012/06/27 18:14:12 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\TV Guide - Australia's TV Guide - Yahoo!7.url

[2012/06/26 16:35:23 | 000,505,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/26 16:35:23 | 000,089,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/26 13:58:20 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk

[2012/06/26 13:47:01 | 000,029,635 | ---- | M] () -- C:\Program Files\download.htm

[2012/06/21 17:25:07 | 000,273,663 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf

[2012/06/19 19:15:46 | 017,396,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe

[2012/06/19 16:51:26 | 004,478,300 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf

[2012/06/09 21:55:16 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\COLIN\default.pls

[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 23:23:03 | 009,878,895 | ---- | C] () -- C:\Qoobox.zip

[2012/07/04 23:14:38 | 000,014,094 | ---- | C] () -- C:\FixitRegBackup.reg

[2012/07/04 18:24:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2012/07/04 18:24:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2012/07/04 18:23:26 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk

[2012/07/03 13:38:27 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/07/02 11:01:31 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[2012/07/02 11:01:30 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2012/07/02 10:58:18 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk

[2012/07/02 10:58:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk

[2012/07/02 10:58:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk

[2012/07/02 10:58:15 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk

[2012/07/02 10:58:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/07/02 10:58:13 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk

[2012/07/02 10:58:12 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk

[2012/07/02 10:58:11 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk

[2012/07/02 10:58:09 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk

[2012/07/02 10:58:08 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk

[2012/07/02 10:33:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/07/02 10:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/07/02 10:26:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/07/02 10:26:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/07/02 10:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/07/02 10:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/07/02 10:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/07/02 01:01:26 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2

[2012/06/29 23:15:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk

[2012/06/29 23:11:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk

[2012/06/29 22:16:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2012/06/29 22:15:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2012/06/29 22:15:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2012/06/29 22:15:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2012/06/29 22:15:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2012/06/29 22:15:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2012/06/29 22:15:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2012/06/29 22:15:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2012/06/29 22:14:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2012/06/29 22:09:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/06/29 22:07:42 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/06/29 21:48:16 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat

[2012/06/29 21:48:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat

[2012/06/29 21:48:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat

[2012/06/29 21:48:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2012/06/29 21:48:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2012/06/29 21:48:16 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2012/06/29 21:48:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2012/06/29 21:48:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2012/06/29 21:48:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2012/06/29 21:48:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2012/06/29 21:48:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2012/06/29 21:48:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2012/06/29 21:48:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2012/06/29 21:48:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2012/06/29 21:48:14 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2012/06/29 07:10:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer

[2012/06/29 07:10:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe

[2012/06/29 01:01:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/06/28 22:41:55 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/06/28 21:57:07 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Command Prompt.job

[2012/06/28 18:21:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr

[2012/06/28 18:21:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt

[2012/06/26 13:58:20 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk

[2012/06/26 13:47:00 | 000,029,635 | ---- | C] () -- C:\Program Files\download.htm

[2012/06/21 17:25:07 | 000,273,663 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf

[2012/06/19 16:51:26 | 004,478,300 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf

[2012/05/22 13:26:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\mbam.context.scan

[2010/11/29 15:25:15 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys

[2009/12/14 15:07:24 | 000,001,316 | ---- | C] () -- C:\Program Files\ComboFix.htm

[2009/12/07 18:04:53 | 000,019,334 | ---- | C] () -- C:\Documents and Settings\All Users\xpnetdiag.xml

[2009/08/07 18:15:33 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\AutoGK.ini

[2009/06/05 16:02:25 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif

[2009/06/05 16:02:25 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif

[2009/06/05 16:02:25 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif

[2009/04/01 15:14:51 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\COLIN\UserImages.bmp

[2009/02/14 11:10:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2008/12/13 11:39:15 | 007,930,904 | ---- | C] () -- C:\Program Files\dap9.exe

[2008/05/21 15:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\COLIN\usb002

[2008/02/06 16:44:12 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to DVD Shrink.lnk

[2007/11/01 23:07:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf

[2007/04/05 01:14:38 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\dm.ini

[2007/01/25 09:01:30 | 000,005,986 | ---- | C] () -- C:\Documents and Settings\COLIN\UserCustomPreset_Adobe Premiere Pro 2.0.vpr

[2006/12/07 08:37:54 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\ezpinst.exe

[2006/12/07 08:37:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.cat

[2006/12/07 08:37:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.inf

[2006/06/10 14:27:28 | 000,002,615 | ---- | C] () -- C:\Program Files\ChingLiu.nfo

[2006/02/27 18:15:06 | 000,217,329 | ---- | C] () -- C:\Program Files\gspot221.exe

[2006/02/04 21:05:20 | 000,000,427 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ

[2006/01/17 16:14:53 | 020,921,040 | ---- | C] ( ) -- C:\Program Files\AdbeRdr705_enu_full.exe

[2006/01/14 13:20:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\fusioncache.dat

[2006/01/13 16:55:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\COLIN\default.pls

[2006/01/13 16:19:38 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/12/06 12:28:30 | 003,673,932 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86_Archive.cab

[2005/12/06 12:28:04 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab

[2005/12/06 12:28:02 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab

[2005/12/06 12:28:02 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab

[2005/12/06 12:28:02 | 000,041,888 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab

[2005/12/06 12:28:00 | 000,916,806 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86.cab

[2005/12/06 12:27:58 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab

[2005/12/06 12:00:46 | 000,081,092 | ---- | C] () -- C:\Program Files\dxupdate.cab

[2005/12/06 12:00:44 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab

[2005/12/06 12:00:44 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab

[2005/12/06 12:00:44 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab

[2005/12/06 12:00:44 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab

[2005/12/06 12:00:44 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab

[2005/12/06 12:00:44 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab

[2005/12/06 12:00:44 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab

[2005/12/06 12:00:44 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab

[2005/12/06 12:00:42 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab

[2005/12/06 12:00:40 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab

[2005/12/06 12:00:40 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab

[2005/12/06 12:00:40 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab

[2005/12/06 12:00:40 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2:SummaryInformation

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s2

< End of report >

[colin0100]

I'm going to sleep now, Please leave instructions for the next task...

Maniac, do you think this is recoverable???

[Maniac]

I do my best.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
  IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3228846
  IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=9
  O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
  [2012/07/05 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\PriceGong
  [2012/07/05 12:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\My Documents\My 4shared Sync
  [2012/07/05 12:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
  [2012/07/05 12:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit
  [2012/07/05 12:48:57 | 003,502,192 | ---- | C] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe
  [2012/06/29 07:10:04 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer
  [2012/06/29 07:10:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe
  [2012/06/28 18:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt
  [2012/06/28 18:21:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr
  [2009/06/05 16:02:25 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif
  [2009/06/05 16:02:25 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif
  [2009/06/05 16:02:25 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif
  [2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf
  
  :files
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[colin0100]

Managed to get to safe mode. It worked!!!!

Will try a windows update now.

---------

All processes killed

========== OTL ==========

HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.

Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.

C:\Documents and Settings\COLIN\Application Data\PriceGong\Data folder moved successfully.

C:\Documents and Settings\COLIN\Application Data\PriceGong folder moved successfully.

C:\Documents and Settings\COLIN\My Documents\My 4shared Sync folder moved successfully.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit folder moved successfully.

C:\Program Files\4shared_Desktop_3[1].3.5M.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer moved successfully.

C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe moved successfully.

C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt moved successfully.

C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr moved successfully.

C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif moved successfully.

C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif moved successfully.

C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif moved successfully.

C:\Documents and Settings\COLIN\Application Data\evf moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\COLIN\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\COLIN\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41 bytes

User: All Users

User: COLIN

->Temp folder emptied: 39681467 bytes

->Temporary Internet Files folder emptied: 8409699 bytes

->Flash cache emptied: 343953 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 95375 bytes

->Flash cache emptied: 8889 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 53019 bytes

User: MANEERAT

->Temp folder emptied: 49152 bytes

->Temporary Internet Files folder emptied: 529186 bytes

->Flash cache emptied: 2023 bytes

User: NetworkService

->Temp folder emptied: 63098450 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: new one

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 8570856 bytes

%systemroot%\System32 .tmp files removed: 608594 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 564579 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes

RecycleBin emptied: 1933086491 bytes

Total Files Cleaned = 1,960.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.53.1 log created on 07072012_090537

Files\Folders moved on Reboot...

C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php moved successfully.

C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

PendingFileRenameOperations files...

File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] not found!

File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php not found!

File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

Registry entries deleted on Reboot...

[colin0100]

Windows update would not run: boot in normal mode.

Advice please. Thanks Maniac.

[Maniac]

Try to run aswMBR.

[colin0100]

Running it now....earlier today I updated Malwarebytes and did a run, got 105 windows updates installed, updated to SP3.

Now I can't get into the internet at all (Internet explorer has an error......)....I am on a laptop now that is wireless to my router.

I was just about to re-install Windows when I saw your reply....so am running that now.

If I stull can't connect to the interent I will have to post the log to my USB stick and send the results from this laptop: WHAT IS THE DANGER THAT THE MEMORY STICK WILL INFECT THIS LAPTOP??

Cheers

Colin

[Maniac]

There is a chance, so try this:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
  

[colin0100]

My PC will not connect to the internet, so I can not download it.

Let's forget it maniac, I am too stressed out for this. I will reinstall my Windows.

Thank you for recovering my files, that is the bonus for me.

I hope you received my small donation made yesterday, it is the most I can really afford given my circumstances.

I wish you well in your generosity and hope indeed that all goes well for you in life.

Colin

[Maniac]

I'm sorry about that, Colin!

Modern malware has evolved and become loathsome. Things get complicated at times compared to previous years and is now difficult to fight it. I hope at least I was a little helpful. Thank you for everything!

Some malware prevention tips for you:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!