colin0100

Honorary Members
  • Content count

    56
  • Joined

  • Last visited

About colin0100

  • Rank
    Regular Member

Profile Information

  • Location
    SYDNEY
  1. My PC will not connect to the internet, so I can not download it. Let's forget it maniac, I am too stressed out for this. I will reinstall my Windows. Thank you for recovering my files, that is the bonus for me. I hope you received my small donation made yesterday, it is the most I can really afford given my circumstances. I wish you well in your generosity and hope indeed that all goes well for you in life. Colin
  2. Running it now....earlier today I updated Malwarebytes and did a run, got 105 windows updates installed, updated to SP3. Now I can't get into the internet at all (Internet explorer has an error......)....I am on a laptop now that is wireless to my router. I was just about to re-install Windows when I saw your reply....so am running that now. If I stull can't connect to the interent I will have to post the log to my USB stick and send the results from this laptop: WHAT IS THE DANGER THAT THE MEMORY STICK WILL INFECT THIS LAPTOP?? Cheers Colin
  3. Windows update would not run: boot in normal mode. Advice please. Thanks Maniac.
  4. Managed to get to safe mode. It worked!!!! Will try a windows update now. --------- All processes killed ========== OTL ========== HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found. Registry key HKEY_USERS\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. C:\Documents and Settings\COLIN\Application Data\PriceGong\Data folder moved successfully. C:\Documents and Settings\COLIN\Application Data\PriceGong folder moved successfully. C:\Documents and Settings\COLIN\My Documents\My 4shared Sync folder moved successfully. C:\Program Files\Conduit\Community Alerts folder moved successfully. C:\Program Files\Conduit folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully. C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit folder moved successfully. C:\Program Files\4shared_Desktop_3[1].3.5M.exe moved successfully. C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer moved successfully. C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe moved successfully. C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt moved successfully. C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr moved successfully. C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif moved successfully. C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif moved successfully. C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif moved successfully. C:\Documents and Settings\COLIN\Application Data\evf moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\COLIN\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\COLIN\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41 bytes User: All Users User: COLIN ->Temp folder emptied: 39681467 bytes ->Temporary Internet Files folder emptied: 8409699 bytes ->Flash cache emptied: 343953 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 95375 bytes ->Flash cache emptied: 8889 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 53019 bytes User: MANEERAT ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 529186 bytes ->Flash cache emptied: 2023 bytes User: NetworkService ->Temp folder emptied: 63098450 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: new one ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 8570856 bytes %systemroot%\System32 .tmp files removed: 608594 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 564579 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes RecycleBin emptied: 1933086491 bytes Total Files Cleaned = 1,960.00 mb Unable to start System Restore Service. Error code 10 OTL by OldTimer - Version 3.2.53.1 log created on 07072012_090537 Files\Folders moved on Reboot... C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] moved successfully. C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php moved successfully. C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. PendingFileRenameOperations files... File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\google.com[1] not found! File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\index[1].php not found! File C:\Documents and Settings\COLIN\Local Settings\Temporary Internet Files\Content.IE5\OLQJW1IZ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found! Registry entries deleted on Reboot...
  5. I'm going to sleep now, Please leave instructions for the next task... Maniac, do you think this is recoverable???
  6. Deleted the 4share progs, rebooted (can't get to safe) tries Windows update, did not work...same as last time we tried. Ran an OTL scan for you =============== OTL logfile created on: 6/07/2012 10:17:48 PM - Run 5 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\COLIN\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.38% Memory free 3.85 Gb Paging File | 2.98 Gb Available in Paging File | 77.45% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 65.74 Gb Free Space | 28.24% Space Free | Partition Type: NTFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.42% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 228.95 Gb Free Space | 24.58% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/06 21:38:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe PRC - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 13:47:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 13:47:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe PRC - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PRC - [2008/12/31 16:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2007/10/25 12:11:39 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/08/13 08:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005/03/09 14:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/08/04 22:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe PRC - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 21:12:26 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1b45d66\system.drawing.dll MOD - [2012/06/13 21:12:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9aa3dcd\system.windows.forms.dll MOD - [2012/06/13 21:11:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/05/09 13:47:56 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/01/13 08:06:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3db6a3e6\mscorlib.dll MOD - [2012/01/13 08:06:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc2b0697\system.xml.dll MOD - [2012/01/13 08:06:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3a3c05f7\system.dll MOD - [2012/01/13 08:06:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/01/13 08:06:06 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012/01/13 08:06:05 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll MOD - [2007/10/25 12:11:37 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2006/01/17 15:56:10 | 000,183,296 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll MOD - [2006/01/17 15:56:10 | 000,105,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll MOD - [2006/01/17 15:56:10 | 000,075,264 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll MOD - [2006/01/16 18:34:03 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/01/16 18:34:03 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006/01/16 18:34:02 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 13:47:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2003/06/04 09:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) [Auto | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector) SRV - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COLIN\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/05/09 13:47:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 13:47:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/01/05 13:46:40 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/18 08:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM) DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2003/11/18 06:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/18 06:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/18 06:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/06/04 09:52:24 | 000,123,957 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i) DRV - [2003/06/04 09:52:20 | 000,046,900 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount) DRV - [2003/03/08 09:07:58 | 000,029,603 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{7B5D77E7-B219-4760-B284-AE305BDFD485}: "URL" = http://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3228846 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hem.passagen.se/siamthai/news.htm IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes,DefaultScope = {D1006A2C-3FB5-4F19-B330-F7B263F8C24A} IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=9 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\SearchScopes\{D1006A2C-3FB5-4F19-B330-F7B263F8C24A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\COLIN\Application Data\nprhapengine.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD} [2009/11/25 15:34:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}\ [2009/11/30 19:16:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/07/02 11:22:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Documents and Settings\COLIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/13 14:27:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 21:38:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/06 10:17:27 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/05 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\PriceGong [2012/07/05 12:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\My Documents\My 4shared Sync [2012/07/05 12:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012/07/05 12:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit [2012/07/05 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/07/05 12:48:57 | 003,502,192 | ---- | C] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/04 21:46:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/07/04 21:27:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/07/04 21:10:56 | 004,570,624 | R--- | C] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 13:02:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/03 23:05:18 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 09:30:48 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/02 23:06:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 10:33:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/02 10:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/02 10:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/02 10:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/02 10:26:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/02 01:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\COLIN\My Documents\ComboFix [2012/07/02 00:57:19 | 001,544,384 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/02 00:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Desktop\Malwarebytes (D) [2012/07/02 00:34:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/02 00:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/01 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/06/30 07:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2012/06/29 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2012/06/29 22:17:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2012/06/29 22:17:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2012/06/29 22:17:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2012/06/29 22:17:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2012/06/29 22:17:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2012/06/29 22:17:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2012/06/29 22:17:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2012/06/29 22:17:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2012/06/29 22:17:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2012/06/29 22:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2012/06/29 22:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2012/06/29 22:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2012/06/29 22:17:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2012/06/29 22:17:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2012/06/29 22:17:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2012/06/29 22:17:19 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2012/06/29 22:17:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2012/06/29 22:17:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2012/06/29 22:17:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2012/06/29 22:17:17 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2012/06/29 22:17:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2012/06/29 22:17:08 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2012/06/29 22:17:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2012/06/29 22:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2012/06/29 22:17:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2012/06/29 22:17:07 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2012/06/29 22:17:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2012/06/29 22:17:07 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2012/06/29 22:17:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2012/06/29 22:17:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2012/06/29 22:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2012/06/29 22:17:06 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2012/06/29 22:17:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2012/06/29 22:17:05 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2012/06/29 22:17:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2012/06/29 22:17:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2012/06/29 22:17:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2012/06/29 22:17:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2012/06/29 22:17:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2012/06/29 22:17:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2012/06/29 22:16:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2012/06/29 22:16:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2012/06/29 22:16:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2012/06/29 22:16:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2012/06/29 22:16:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2012/06/29 22:16:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2012/06/29 22:16:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2012/06/29 22:16:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2012/06/29 22:16:43 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2012/06/29 22:16:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2012/06/29 22:16:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2012/06/29 22:16:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2012/06/29 22:16:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2012/06/29 22:16:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2012/06/29 22:16:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2012/06/29 22:16:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2012/06/29 22:16:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2012/06/29 22:16:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2012/06/29 22:16:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2012/06/29 22:16:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2012/06/29 22:16:34 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2012/06/29 22:16:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2012/06/29 22:16:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2012/06/29 22:16:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2012/06/29 22:16:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2012/06/29 22:16:20 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2012/06/29 22:16:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2012/06/29 22:16:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2012/06/29 22:16:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2012/06/29 22:16:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2012/06/29 22:16:00 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2012/06/29 22:16:00 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2012/06/29 22:15:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2012/06/29 22:15:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2012/06/29 22:15:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2012/06/29 22:15:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2012/06/29 22:15:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2012/06/29 22:15:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2012/06/29 22:15:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2012/06/29 22:15:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2012/06/29 22:15:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2012/06/29 22:15:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2012/06/29 22:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2012/06/29 22:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2012/06/29 22:15:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2012/06/29 22:15:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2012/06/29 22:15:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2012/06/29 22:15:36 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2012/06/29 22:15:36 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2012/06/29 22:15:35 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2012/06/29 22:15:35 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2012/06/29 22:15:35 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2012/06/29 22:15:35 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2012/06/29 22:15:34 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2012/06/29 22:15:34 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2012/06/29 22:15:34 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2012/06/29 22:15:34 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2012/06/29 22:15:33 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2012/06/29 22:15:33 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2012/06/29 22:15:33 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2012/06/29 22:15:33 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2012/06/29 22:15:32 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2012/06/29 22:15:32 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2012/06/29 22:15:32 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2012/06/29 22:15:31 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2012/06/29 22:15:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2012/06/29 22:15:31 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2012/06/29 22:15:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2012/06/29 22:15:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2012/06/29 22:15:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2012/06/29 22:15:24 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2012/06/29 22:15:16 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2012/06/29 22:15:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2012/06/29 22:15:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2012/06/29 22:15:09 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2012/06/29 22:15:08 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2012/06/29 22:15:08 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2012/06/29 22:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2012/06/29 22:15:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2012/06/29 22:15:08 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2012/06/29 22:15:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2012/06/29 22:15:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2012/06/29 22:15:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2012/06/29 22:15:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2012/06/29 22:15:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2012/06/29 22:15:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2012/06/29 22:15:06 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2012/06/29 22:15:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2012/06/29 22:15:06 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2012/06/29 22:15:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2012/06/29 22:15:06 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2012/06/29 22:15:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2012/06/29 22:15:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2012/06/29 22:15:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2012/06/29 22:15:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2012/06/29 22:15:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2012/06/29 22:15:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2012/06/29 22:15:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2012/06/29 22:15:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2012/06/29 22:15:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2012/06/29 22:15:00 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2012/06/29 22:15:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2012/06/29 22:15:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2012/06/29 22:14:59 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2012/06/29 22:14:59 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2012/06/29 22:14:59 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2012/06/29 22:14:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2012/06/29 22:14:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2012/06/29 22:14:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2012/06/29 22:14:42 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2012/06/29 22:14:39 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2012/06/29 22:14:38 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2012/06/29 22:14:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2012/06/29 22:14:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2012/06/29 22:14:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2012/06/29 22:14:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2012/06/29 22:14:36 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2012/06/29 22:14:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2012/06/29 22:14:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2012/06/29 22:14:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2012/06/29 22:14:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2012/06/29 22:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2012/06/29 22:14:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2012/06/29 22:14:32 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2012/06/29 22:14:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2012/06/29 22:14:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2012/06/29 22:14:06 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2012/06/29 22:14:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2012/06/29 22:14:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2012/06/29 22:13:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2012/06/29 22:13:46 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2012/06/29 22:13:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2012/06/29 22:13:45 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2012/06/29 22:13:45 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2012/06/29 22:13:39 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2012/06/29 22:13:38 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2012/06/29 22:13:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2012/06/29 22:13:38 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2012/06/29 22:13:38 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2012/06/29 22:13:38 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2012/06/29 22:13:38 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2012/06/29 22:13:37 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2012/06/29 22:13:37 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2012/06/29 22:13:37 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2012/06/29 22:13:37 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2012/06/29 22:13:37 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2012/06/29 22:13:36 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2012/06/29 22:13:36 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2012/06/29 22:13:36 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2012/06/29 22:13:36 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2012/06/29 22:13:35 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2012/06/29 22:13:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2012/06/29 22:13:34 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2012/06/29 22:13:33 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2012/06/29 22:13:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2012/06/29 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2012/06/29 22:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2012/06/29 16:40:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\COLIN\Recent [2012/06/29 13:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2012/06/28 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/28 22:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\FixItCenter [2012/06/28 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Data Recovery [2012/06/26 13:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\HandBrake [2012/06/26 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Handbrake [2012/06/26 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/06/19 19:15:30 | 017,396,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2009/01/19 11:54:15 | 005,992,404 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\Portable GetRight 6.3e.exe [2008/12/09 11:27:59 | 002,167,968 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe [2008/07/10 19:55:26 | 000,383,755 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\download-VobSub_2.23.exe [2006/12/07 08:37:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\COLIN\Application Data\pcouffin.sys [2006/01/17 15:55:09 | 011,477,288 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe [2005/12/06 12:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2005/12/06 12:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe [2005/12/06 12:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/06 22:21:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/06 22:15:16 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/07/06 22:15:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/06 22:13:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/06 22:11:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/07/06 22:11:03 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/07/06 22:10:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/06 21:38:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/06 21:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/07/06 13:42:03 | 000,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/07/06 13:42:02 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/06 09:45:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job [2012/07/05 12:49:10 | 003,502,192 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/04 23:23:07 | 009,878,895 | ---- | M] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | M] () -- C:\FixitRegBackup.reg [2012/07/04 23:02:56 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/07/04 21:10:56 | 004,570,624 | R--- | M] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 18:24:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 23:05:17 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 17:10:45 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/07/02 23:07:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 11:22:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/02 10:33:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/02 00:57:21 | 001,544,384 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/01 09:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/06/29 23:15:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 22:20:55 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/29 22:19:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012/06/29 22:12:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/06/29 22:12:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/06/29 22:12:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/06/29 22:11:07 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/06/29 22:08:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/06/29 22:06:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/06/29 07:10:04 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/28 22:24:13 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2012/06/28 18:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/28 18:21:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/27 18:14:12 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\TV Guide - Australia's TV Guide - Yahoo!7.url [2012/06/26 16:35:23 | 000,505,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/26 16:35:23 | 000,089,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/26 13:58:20 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:01 | 000,029,635 | ---- | M] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 19:15:46 | 017,396,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2012/06/19 16:51:26 | 004,478,300 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/06/09 21:55:16 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\COLIN\default.pls [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/04 23:23:03 | 009,878,895 | ---- | C] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | C] () -- C:\FixitRegBackup.reg [2012/07/04 18:24:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 13:38:27 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/02 11:01:31 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/07/02 11:01:30 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2012/07/02 10:58:18 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2012/07/02 10:58:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012/07/02 10:58:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2012/07/02 10:58:15 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012/07/02 10:58:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/07/02 10:58:13 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk [2012/07/02 10:58:12 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk [2012/07/02 10:58:11 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk [2012/07/02 10:58:09 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk [2012/07/02 10:58:08 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk [2012/07/02 10:33:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/02 10:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/02 10:26:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/02 10:26:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/02 10:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/02 10:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/02 10:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/02 01:01:26 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/06/29 23:15:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 23:11:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/06/29 22:16:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012/06/29 22:15:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012/06/29 22:15:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012/06/29 22:15:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012/06/29 22:15:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012/06/29 22:15:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012/06/29 22:15:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012/06/29 22:15:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2012/06/29 22:14:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012/06/29 22:09:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/06/29 22:07:42 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/06/29 21:48:16 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2012/06/29 21:48:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2012/06/29 21:48:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2012/06/29 21:48:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2012/06/29 21:48:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2012/06/29 21:48:16 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2012/06/29 21:48:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2012/06/29 21:48:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2012/06/29 21:48:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2012/06/29 21:48:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2012/06/29 21:48:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2012/06/29 21:48:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2012/06/29 21:48:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2012/06/29 21:48:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2012/06/29 21:48:14 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2012/06/29 07:10:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/29 01:01:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/28 22:41:55 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012/06/28 21:57:07 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/06/28 18:21:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/28 18:21:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/26 13:58:20 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:00 | 000,029,635 | ---- | C] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 16:51:26 | 004,478,300 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/05/22 13:26:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\mbam.context.scan [2010/11/29 15:25:15 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2009/12/14 15:07:24 | 000,001,316 | ---- | C] () -- C:\Program Files\ComboFix.htm [2009/12/07 18:04:53 | 000,019,334 | ---- | C] () -- C:\Documents and Settings\All Users\xpnetdiag.xml [2009/08/07 18:15:33 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\AutoGK.ini [2009/06/05 16:02:25 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif [2009/06/05 16:02:25 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif [2009/06/05 16:02:25 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif [2009/04/01 15:14:51 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\COLIN\UserImages.bmp [2009/02/14 11:10:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/12/13 11:39:15 | 007,930,904 | ---- | C] () -- C:\Program Files\dap9.exe [2008/05/21 15:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\COLIN\usb002 [2008/02/06 16:44:12 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to DVD Shrink.lnk [2007/11/01 23:07:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf [2007/04/05 01:14:38 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\dm.ini [2007/01/25 09:01:30 | 000,005,986 | ---- | C] () -- C:\Documents and Settings\COLIN\UserCustomPreset_Adobe Premiere Pro 2.0.vpr [2006/12/07 08:37:54 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\ezpinst.exe [2006/12/07 08:37:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.cat [2006/12/07 08:37:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.inf [2006/06/10 14:27:28 | 000,002,615 | ---- | C] () -- C:\Program Files\ChingLiu.nfo [2006/02/27 18:15:06 | 000,217,329 | ---- | C] () -- C:\Program Files\gspot221.exe [2006/02/04 21:05:20 | 000,000,427 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ [2006/01/17 16:14:53 | 020,921,040 | ---- | C] ( ) -- C:\Program Files\AdbeRdr705_enu_full.exe [2006/01/14 13:20:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\fusioncache.dat [2006/01/13 16:55:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\COLIN\default.pls [2006/01/13 16:19:38 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/06 12:28:30 | 003,673,932 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86_Archive.cab [2005/12/06 12:28:04 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab [2005/12/06 12:28:02 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab [2005/12/06 12:28:02 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab [2005/12/06 12:28:02 | 000,041,888 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab [2005/12/06 12:28:00 | 000,916,806 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86.cab [2005/12/06 12:27:58 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab [2005/12/06 12:00:46 | 000,081,092 | ---- | C] () -- C:\Program Files\dxupdate.cab [2005/12/06 12:00:44 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab [2005/12/06 12:00:44 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2005/12/06 12:00:44 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab [2005/12/06 12:00:44 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab [2005/12/06 12:00:44 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2005/12/06 12:00:44 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab [2005/12/06 12:00:44 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab [2005/12/06 12:00:44 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab [2005/12/06 12:00:42 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab [2005/12/06 12:00:40 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab [2005/12/06 12:00:40 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2005/12/06 12:00:40 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2005/12/06 12:00:40 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2:SummaryInformation @Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s2 < End of report >
  7. Same, frozen. In control panel : add or remove progs I see: 4shared desktop and 4shared.com toolbar. Should I remove these and see if I can then do a windows update?
  8. Didn't work. Here's what happened: 1. Deleted the _OTL folder in C. 2. Did the copy/past and runFix on OTL. 3. Running for an hour, frozen. 4. Noticed a window showing MBAM service terminated unexpectidly. (I have put the log file below) 5. Turned the PC on/off and ran OTL again (thinking that maybe MBAM started during the fix and caused it to freeze. 6. Froze....rebooted (on/off) ...frozen.....on/off, now back 'normal'. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5224 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/12/2010 10:36:01 PM mbam-log-2010-12-01 (22-36-01).txt Scan type: Quick scan Objects scanned: 165449 Time elapsed: 9 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. going to bed now my friend...Pleas give me instructions for tomorrow while you are s;eepins..LOL/ Have fun. ==========OTL logfile created on: 5/07/2012 10:56:42 PM - Run 4 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\COLIN\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 30.92% Memory free 3.85 Gb Paging File | 2.26 Gb Available in Paging File | 58.81% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 65.78 Gb Free Space | 28.26% Space Free | Partition Type: NTFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.42% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 229.63 Gb Free Space | 24.65% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe PRC - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 13:47:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 13:47:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/12/09 22:00:14 | 004,613,624 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared Desktop\desktop.exe PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe PRC - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PRC - [2008/12/31 16:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe PRC - [2007/10/25 12:11:39 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/08/13 08:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005/03/09 14:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe PRC - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 21:12:26 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1b45d66\system.drawing.dll MOD - [2012/06/13 21:12:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9aa3dcd\system.windows.forms.dll MOD - [2012/06/13 21:11:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/05/09 13:47:56 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/01/13 08:06:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3db6a3e6\mscorlib.dll MOD - [2012/01/13 08:06:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc2b0697\system.xml.dll MOD - [2012/01/13 08:06:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3a3c05f7\system.dll MOD - [2012/01/13 08:06:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/01/13 08:06:06 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012/01/13 08:06:05 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011/12/02 01:44:26 | 000,407,040 | ---- | M] () -- C:\Program Files\4shared Desktop\CMenu32.dll MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll MOD - [2010/06/13 11:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll MOD - [2007/10/25 12:11:37 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2006/01/17 15:56:10 | 000,183,296 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll MOD - [2006/01/17 15:56:10 | 000,105,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll MOD - [2006/01/17 15:56:10 | 000,075,264 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll MOD - [2006/01/16 18:34:03 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/01/16 18:34:03 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006/01/16 18:34:02 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2005/10/08 09:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004/08/04 22:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 13:47:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2003/06/04 09:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) [Auto | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector) SRV - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COLIN\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/05/09 13:47:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 13:47:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/01/05 13:46:40 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/18 08:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM) DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2003/11/18 06:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/18 06:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/18 06:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/06/04 09:52:24 | 000,123,957 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i) DRV - [2003/06/04 09:52:20 | 000,046,900 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount) DRV - [2003/03/08 09:07:58 | 000,029,603 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{7B5D77E7-B219-4760-B284-AE305BDFD485}: "URL" = http://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3228846 IE - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\COLIN\Application Data\nprhapengine.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD} [2009/11/25 15:34:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}\ [2009/11/30 19:16:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/07/02 11:22:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Documents and Settings\COLIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-1682526488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ALL_LINK File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ONE_LINK File not found O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/13 14:27:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/05 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\PriceGong [2012/07/05 12:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\My Documents\My 4shared Sync [2012/07/05 12:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012/07/05 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\4shared.com [2012/07/05 12:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit [2012/07/05 12:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\4shared.com [2012/07/05 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/07/05 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\4shared Tools [2012/07/05 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\4shared Desktop [2012/07/05 12:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\4shared Desktop [2012/07/05 12:48:57 | 003,502,192 | ---- | C] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/04 21:46:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/07/04 21:27:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/07/04 21:10:56 | 004,570,624 | R--- | C] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 13:02:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/03 23:15:45 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/03 23:05:18 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 21:36:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 09:30:48 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/02 23:06:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 10:33:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/02 10:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/02 10:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/02 10:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/02 10:26:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/02 01:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\COLIN\My Documents\ComboFix [2012/07/02 00:57:19 | 001,544,384 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/02 00:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Desktop\Malwarebytes (D) [2012/07/02 00:34:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/02 00:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/01 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/06/30 07:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2012/06/29 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2012/06/29 22:17:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2012/06/29 22:17:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2012/06/29 22:17:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2012/06/29 22:17:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2012/06/29 22:17:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2012/06/29 22:17:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2012/06/29 22:17:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2012/06/29 22:17:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2012/06/29 22:17:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2012/06/29 22:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2012/06/29 22:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2012/06/29 22:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2012/06/29 22:17:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2012/06/29 22:17:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2012/06/29 22:17:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2012/06/29 22:17:19 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2012/06/29 22:17:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2012/06/29 22:17:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2012/06/29 22:17:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2012/06/29 22:17:17 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2012/06/29 22:17:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2012/06/29 22:17:08 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2012/06/29 22:17:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2012/06/29 22:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2012/06/29 22:17:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2012/06/29 22:17:07 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2012/06/29 22:17:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2012/06/29 22:17:07 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2012/06/29 22:17:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2012/06/29 22:17:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2012/06/29 22:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2012/06/29 22:17:06 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2012/06/29 22:17:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2012/06/29 22:17:05 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2012/06/29 22:17:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2012/06/29 22:17:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2012/06/29 22:17:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2012/06/29 22:17:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2012/06/29 22:17:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2012/06/29 22:17:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2012/06/29 22:16:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2012/06/29 22:16:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2012/06/29 22:16:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2012/06/29 22:16:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2012/06/29 22:16:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2012/06/29 22:16:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2012/06/29 22:16:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2012/06/29 22:16:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2012/06/29 22:16:43 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2012/06/29 22:16:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2012/06/29 22:16:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2012/06/29 22:16:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2012/06/29 22:16:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2012/06/29 22:16:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2012/06/29 22:16:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2012/06/29 22:16:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2012/06/29 22:16:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2012/06/29 22:16:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2012/06/29 22:16:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2012/06/29 22:16:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2012/06/29 22:16:34 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2012/06/29 22:16:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2012/06/29 22:16:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2012/06/29 22:16:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2012/06/29 22:16:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2012/06/29 22:16:20 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2012/06/29 22:16:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2012/06/29 22:16:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2012/06/29 22:16:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2012/06/29 22:16:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2012/06/29 22:16:00 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2012/06/29 22:16:00 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2012/06/29 22:15:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2012/06/29 22:15:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2012/06/29 22:15:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2012/06/29 22:15:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2012/06/29 22:15:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2012/06/29 22:15:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2012/06/29 22:15:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2012/06/29 22:15:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2012/06/29 22:15:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2012/06/29 22:15:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2012/06/29 22:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2012/06/29 22:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2012/06/29 22:15:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2012/06/29 22:15:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2012/06/29 22:15:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2012/06/29 22:15:36 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2012/06/29 22:15:36 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2012/06/29 22:15:35 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2012/06/29 22:15:35 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2012/06/29 22:15:35 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2012/06/29 22:15:35 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2012/06/29 22:15:34 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2012/06/29 22:15:34 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2012/06/29 22:15:34 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2012/06/29 22:15:34 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2012/06/29 22:15:33 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2012/06/29 22:15:33 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2012/06/29 22:15:33 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2012/06/29 22:15:33 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2012/06/29 22:15:32 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2012/06/29 22:15:32 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2012/06/29 22:15:32 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2012/06/29 22:15:31 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2012/06/29 22:15:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2012/06/29 22:15:31 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2012/06/29 22:15:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2012/06/29 22:15:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2012/06/29 22:15:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2012/06/29 22:15:24 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2012/06/29 22:15:16 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2012/06/29 22:15:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2012/06/29 22:15:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2012/06/29 22:15:09 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2012/06/29 22:15:08 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2012/06/29 22:15:08 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2012/06/29 22:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2012/06/29 22:15:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2012/06/29 22:15:08 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2012/06/29 22:15:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2012/06/29 22:15:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2012/06/29 22:15:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2012/06/29 22:15:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2012/06/29 22:15:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2012/06/29 22:15:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2012/06/29 22:15:06 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2012/06/29 22:15:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2012/06/29 22:15:06 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2012/06/29 22:15:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2012/06/29 22:15:06 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2012/06/29 22:15:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2012/06/29 22:15:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2012/06/29 22:15:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2012/06/29 22:15:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2012/06/29 22:15:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2012/06/29 22:15:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2012/06/29 22:15:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2012/06/29 22:15:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2012/06/29 22:15:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2012/06/29 22:15:00 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2012/06/29 22:15:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2012/06/29 22:15:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2012/06/29 22:14:59 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2012/06/29 22:14:59 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2012/06/29 22:14:59 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2012/06/29 22:14:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2012/06/29 22:14:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2012/06/29 22:14:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2012/06/29 22:14:42 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2012/06/29 22:14:39 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2012/06/29 22:14:38 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2012/06/29 22:14:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2012/06/29 22:14:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2012/06/29 22:14:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2012/06/29 22:14:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2012/06/29 22:14:36 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2012/06/29 22:14:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2012/06/29 22:14:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2012/06/29 22:14:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2012/06/29 22:14:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2012/06/29 22:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2012/06/29 22:14:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2012/06/29 22:14:32 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2012/06/29 22:14:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2012/06/29 22:14:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2012/06/29 22:14:06 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2012/06/29 22:14:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2012/06/29 22:14:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2012/06/29 22:13:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2012/06/29 22:13:46 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2012/06/29 22:13:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2012/06/29 22:13:45 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2012/06/29 22:13:45 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2012/06/29 22:13:39 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2012/06/29 22:13:38 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2012/06/29 22:13:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2012/06/29 22:13:38 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2012/06/29 22:13:38 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2012/06/29 22:13:38 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2012/06/29 22:13:38 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2012/06/29 22:13:37 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2012/06/29 22:13:37 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2012/06/29 22:13:37 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2012/06/29 22:13:37 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2012/06/29 22:13:37 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2012/06/29 22:13:36 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2012/06/29 22:13:36 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2012/06/29 22:13:36 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2012/06/29 22:13:36 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2012/06/29 22:13:35 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2012/06/29 22:13:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2012/06/29 22:13:34 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2012/06/29 22:13:33 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2012/06/29 22:13:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2012/06/29 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2012/06/29 22:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2012/06/29 16:40:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\COLIN\Recent [2012/06/29 13:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2012/06/28 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/28 22:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\FixItCenter [2012/06/28 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Data Recovery [2012/06/26 13:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\HandBrake [2012/06/26 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Handbrake [2012/06/26 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/06/19 19:15:30 | 017,396,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2009/01/19 11:54:15 | 005,992,404 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\Portable GetRight 6.3e.exe [2008/12/09 11:27:59 | 002,167,968 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe [2008/07/10 19:55:26 | 000,383,755 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\download-VobSub_2.23.exe [2006/12/07 08:37:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\COLIN\Application Data\pcouffin.sys [2006/01/17 15:55:09 | 011,477,288 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe [2005/12/06 12:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2005/12/06 12:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe [2005/12/06 12:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/05 23:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/07/05 17:10:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/07/05 14:15:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/05 12:49:26 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\COLIN\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk [2012/07/05 12:49:10 | 003,502,192 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/05 12:24:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/05 12:17:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/05 12:15:09 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/07/05 12:14:42 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/07/05 12:14:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/05 10:22:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/04 23:23:07 | 009,878,895 | ---- | M] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | M] () -- C:\FixitRegBackup.reg [2012/07/04 23:02:56 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/07/04 21:10:56 | 004,570,624 | R--- | M] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 18:24:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 23:05:17 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 17:10:45 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/07/03 09:22:59 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job [2012/07/02 23:07:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 11:22:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/02 10:33:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/02 00:57:21 | 001,544,384 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/01 09:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/07/01 00:27:36 | 000,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/06/29 23:15:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 22:20:55 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/29 22:19:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012/06/29 22:12:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/06/29 22:12:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/06/29 22:12:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/06/29 22:11:07 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/06/29 22:08:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/06/29 22:06:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/06/29 07:10:04 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/28 22:24:13 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2012/06/28 18:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/28 18:21:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/27 18:14:12 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\TV Guide - Australia's TV Guide - Yahoo!7.url [2012/06/26 16:35:23 | 000,505,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/26 16:35:23 | 000,089,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/26 13:58:20 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:01 | 000,029,635 | ---- | M] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 19:15:46 | 017,396,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2012/06/19 16:51:26 | 004,478,300 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/06/09 21:55:16 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\COLIN\default.pls [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/05 12:49:26 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk [2012/07/04 23:23:03 | 009,878,895 | ---- | C] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | C] () -- C:\FixitRegBackup.reg [2012/07/04 18:24:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 13:38:27 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/02 11:01:31 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/07/02 11:01:30 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2012/07/02 10:58:18 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2012/07/02 10:58:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012/07/02 10:58:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2012/07/02 10:58:15 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012/07/02 10:58:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/07/02 10:58:13 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk [2012/07/02 10:58:12 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk [2012/07/02 10:58:11 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk [2012/07/02 10:58:09 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk [2012/07/02 10:58:08 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk [2012/07/02 10:33:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/02 10:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/02 10:26:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/02 10:26:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/02 10:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/02 10:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/02 10:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/02 01:01:26 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/06/29 23:15:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 23:11:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/06/29 22:16:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012/06/29 22:15:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012/06/29 22:15:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012/06/29 22:15:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012/06/29 22:15:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012/06/29 22:15:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012/06/29 22:15:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012/06/29 22:15:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2012/06/29 22:14:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012/06/29 22:09:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/06/29 22:07:42 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/06/29 21:48:16 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2012/06/29 21:48:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2012/06/29 21:48:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2012/06/29 21:48:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2012/06/29 21:48:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2012/06/29 21:48:16 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2012/06/29 21:48:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2012/06/29 21:48:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2012/06/29 21:48:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2012/06/29 21:48:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2012/06/29 21:48:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2012/06/29 21:48:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2012/06/29 21:48:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2012/06/29 21:48:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2012/06/29 21:48:14 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2012/06/29 07:10:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/29 01:01:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/28 22:41:55 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012/06/28 21:57:07 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/06/28 18:21:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/28 18:21:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/26 13:58:20 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:00 | 000,029,635 | ---- | C] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 16:51:26 | 004,478,300 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/05/22 13:26:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\mbam.context.scan [2010/11/29 15:25:15 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2009/12/14 15:07:24 | 000,001,316 | ---- | C] () -- C:\Program Files\ComboFix.htm [2009/12/07 18:04:53 | 000,019,334 | ---- | C] () -- C:\Documents and Settings\All Users\xpnetdiag.xml [2009/08/07 18:15:33 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\AutoGK.ini [2009/06/05 16:02:25 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif [2009/06/05 16:02:25 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif [2009/06/05 16:02:25 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif [2009/04/01 15:14:51 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\COLIN\UserImages.bmp [2009/02/14 11:10:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/12/13 11:39:15 | 007,930,904 | ---- | C] () -- C:\Program Files\dap9.exe [2008/05/21 15:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\COLIN\usb002 [2008/02/06 16:44:12 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to DVD Shrink.lnk [2007/11/01 23:07:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf [2007/04/05 01:14:38 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\dm.ini [2007/01/25 09:01:30 | 000,005,986 | ---- | C] () -- C:\Documents and Settings\COLIN\UserCustomPreset_Adobe Premiere Pro 2.0.vpr [2006/12/07 08:37:54 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\ezpinst.exe [2006/12/07 08:37:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.cat [2006/12/07 08:37:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.inf [2006/06/10 14:27:28 | 000,002,615 | ---- | C] () -- C:\Program Files\ChingLiu.nfo [2006/02/27 18:15:06 | 000,217,329 | ---- | C] () -- C:\Program Files\gspot221.exe [2006/02/04 21:05:20 | 000,000,427 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ [2006/01/17 16:14:53 | 020,921,040 | ---- | C] ( ) -- C:\Program Files\AdbeRdr705_enu_full.exe [2006/01/14 13:20:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\fusioncache.dat [2006/01/13 16:55:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\COLIN\default.pls [2006/01/13 16:19:38 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/06 12:28:30 | 003,673,932 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86_Archive.cab [2005/12/06 12:28:04 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab [2005/12/06 12:28:02 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab [2005/12/06 12:28:02 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab [2005/12/06 12:28:02 | 000,041,888 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab [2005/12/06 12:28:00 | 000,916,806 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86.cab [2005/12/06 12:27:58 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab [2005/12/06 12:00:46 | 000,081,092 | ---- | C] () -- C:\Program Files\dxupdate.cab [2005/12/06 12:00:44 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab [2005/12/06 12:00:44 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2005/12/06 12:00:44 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab [2005/12/06 12:00:44 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab [2005/12/06 12:00:44 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2005/12/06 12:00:44 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab [2005/12/06 12:00:44 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab [2005/12/06 12:00:44 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab [2005/12/06 12:00:42 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab [2005/12/06 12:00:40 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab [2005/12/06 12:00:40 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2005/12/06 12:00:40 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2005/12/06 12:00:40 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2:SummaryInformation @Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s2 < End of report > =
  10. OK, runnig the scna for all users now...zzzzz
  11. Maniac, 11pm here, I must go to sleep...please give me a task and I'll do it tomorrow (my time). I have this 4shared takbar that I want to get rid of also. G'night Colin
  12. here ya go..... ======== OTL logfile created on: 5/07/2012 9:52:31 PM - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\COLIN\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 23.71% Memory free 3.85 Gb Paging File | 2.16 Gb Available in Paging File | 56.19% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.77 Gb Total Space | 65.78 Gb Free Space | 28.26% Space Free | Partition Type: NTFS Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.42% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 229.63 Gb Free Space | 24.65% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe PRC - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 13:47:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 13:47:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/12/09 22:00:14 | 004,613,624 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared Desktop\desktop.exe PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe PRC - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PRC - [2008/12/31 16:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe PRC - [2007/10/25 12:11:39 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/08/13 08:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005/03/09 14:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe PRC - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 21:12:26 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1b45d66\system.drawing.dll MOD - [2012/06/13 21:12:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c9aa3dcd\system.windows.forms.dll MOD - [2012/06/13 21:11:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/05/09 13:47:56 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/01/13 08:06:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3db6a3e6\mscorlib.dll MOD - [2012/01/13 08:06:32 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc2b0697\system.xml.dll MOD - [2012/01/13 08:06:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3a3c05f7\system.dll MOD - [2012/01/13 08:06:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/01/13 08:06:06 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012/01/13 08:06:05 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011/12/02 01:44:26 | 000,407,040 | ---- | M] () -- C:\Program Files\4shared Desktop\CMenu32.dll MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll MOD - [2010/06/13 11:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll MOD - [2007/10/25 12:11:37 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2006/01/17 15:56:10 | 000,183,296 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll MOD - [2006/01/17 15:56:10 | 000,105,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll MOD - [2006/01/17 15:56:10 | 000,075,264 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll MOD - [2006/01/16 18:34:03 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/01/16 18:34:03 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006/01/16 18:34:02 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2005/10/08 09:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004/08/04 22:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/05/09 13:47:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 13:47:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/05/09 13:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/09/13 15:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2003/06/04 09:52:22 | 001,200,128 | ---- | M] (PowerQuest Corporation) [Auto | Stopped] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector) SRV - [2002/11/26 02:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COLIN\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/07/05 21:28:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/05/09 13:47:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 13:47:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/01/05 13:46:40 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/08/18 08:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM) DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2003/11/18 06:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/18 06:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/18 06:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/06/04 09:52:24 | 000,123,957 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i) DRV - [2003/06/04 09:52:20 | 000,046,900 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount) DRV - [2003/03/08 09:07:58 | 000,029,603 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{7B5D77E7-B219-4760-B284-AE305BDFD485}: "URL" = http://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3228846 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\COLIN\Application Data\nprhapengine.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{CD8C954F-6F55-4B18-9C29-CFF7CAE269DD} [2009/11/25 15:34:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}: C:\Documents and Settings\COLIN\Local Settings\Application Data\{503D3B1B-796E-4F8E-8AA3-6C90139C2300}\ [2009/11/30 19:16:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/07/02 11:22:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sha.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKCU..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Documents and Settings\COLIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ALL_LINK File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ONE_LINK File not found O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD}: DhcpNameServer = 203.12.160.35 203.12.160.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6}: NameServer = 61.8.0.113,210.23.129.34 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\COLIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/13 14:27:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/05 21:28:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/07/05 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\PriceGong [2012/07/05 12:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\My Documents\My 4shared Sync [2012/07/05 12:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012/07/05 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\4shared.com [2012/07/05 12:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\Conduit [2012/07/05 12:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\4shared.com [2012/07/05 12:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/07/05 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\4shared Tools [2012/07/05 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\4shared Desktop [2012/07/05 12:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\4shared Desktop [2012/07/05 12:48:57 | 003,502,192 | ---- | C] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/04 21:46:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/07/04 21:27:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/07/04 21:10:56 | 004,570,624 | R--- | C] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 13:02:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/03 23:15:45 | 000,000,000 | ---D | C] -- C:\_OTL [2012/07/03 23:05:18 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 21:36:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 09:30:48 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/02 23:06:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 10:33:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/02 10:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/02 10:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/02 10:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/02 10:26:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/02 01:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\COLIN\My Documents\ComboFix [2012/07/02 00:57:19 | 001,544,384 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/02 00:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Desktop\Malwarebytes (D) [2012/07/02 00:34:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/02 00:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/01 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/06/30 07:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2012/06/29 22:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2012/06/29 22:17:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2012/06/29 22:17:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2012/06/29 22:17:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2012/06/29 22:17:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2012/06/29 22:17:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2012/06/29 22:17:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2012/06/29 22:17:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2012/06/29 22:17:36 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2012/06/29 22:17:35 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2012/06/29 22:17:35 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2012/06/29 22:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2012/06/29 22:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2012/06/29 22:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2012/06/29 22:17:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2012/06/29 22:17:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2012/06/29 22:17:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2012/06/29 22:17:19 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2012/06/29 22:17:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2012/06/29 22:17:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2012/06/29 22:17:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2012/06/29 22:17:17 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2012/06/29 22:17:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2012/06/29 22:17:08 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2012/06/29 22:17:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2012/06/29 22:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2012/06/29 22:17:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2012/06/29 22:17:07 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2012/06/29 22:17:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2012/06/29 22:17:07 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2012/06/29 22:17:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2012/06/29 22:17:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2012/06/29 22:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2012/06/29 22:17:06 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2012/06/29 22:17:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2012/06/29 22:17:05 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2012/06/29 22:17:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2012/06/29 22:17:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2012/06/29 22:17:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2012/06/29 22:17:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2012/06/29 22:17:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2012/06/29 22:17:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2012/06/29 22:17:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2012/06/29 22:17:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2012/06/29 22:17:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2012/06/29 22:17:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2012/06/29 22:17:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2012/06/29 22:16:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2012/06/29 22:16:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2012/06/29 22:16:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2012/06/29 22:16:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2012/06/29 22:16:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2012/06/29 22:16:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2012/06/29 22:16:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2012/06/29 22:16:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2012/06/29 22:16:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2012/06/29 22:16:43 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2012/06/29 22:16:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2012/06/29 22:16:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2012/06/29 22:16:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2012/06/29 22:16:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2012/06/29 22:16:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2012/06/29 22:16:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2012/06/29 22:16:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2012/06/29 22:16:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2012/06/29 22:16:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2012/06/29 22:16:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2012/06/29 22:16:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2012/06/29 22:16:34 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2012/06/29 22:16:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2012/06/29 22:16:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2012/06/29 22:16:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2012/06/29 22:16:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2012/06/29 22:16:20 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2012/06/29 22:16:18 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2012/06/29 22:16:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2012/06/29 22:16:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2012/06/29 22:16:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2012/06/29 22:16:00 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2012/06/29 22:16:00 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2012/06/29 22:15:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2012/06/29 22:15:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2012/06/29 22:15:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2012/06/29 22:15:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2012/06/29 22:15:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2012/06/29 22:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2012/06/29 22:15:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2012/06/29 22:15:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2012/06/29 22:15:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2012/06/29 22:15:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2012/06/29 22:15:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2012/06/29 22:15:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2012/06/29 22:15:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2012/06/29 22:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2012/06/29 22:15:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2012/06/29 22:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2012/06/29 22:15:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2012/06/29 22:15:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2012/06/29 22:15:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2012/06/29 22:15:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2012/06/29 22:15:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2012/06/29 22:15:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2012/06/29 22:15:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2012/06/29 22:15:41 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2012/06/29 22:15:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2012/06/29 22:15:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2012/06/29 22:15:36 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2012/06/29 22:15:36 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2012/06/29 22:15:35 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2012/06/29 22:15:35 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2012/06/29 22:15:35 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2012/06/29 22:15:35 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2012/06/29 22:15:34 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2012/06/29 22:15:34 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2012/06/29 22:15:34 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2012/06/29 22:15:34 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2012/06/29 22:15:33 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2012/06/29 22:15:33 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2012/06/29 22:15:33 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2012/06/29 22:15:33 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2012/06/29 22:15:32 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2012/06/29 22:15:32 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2012/06/29 22:15:32 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2012/06/29 22:15:31 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2012/06/29 22:15:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2012/06/29 22:15:31 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2012/06/29 22:15:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2012/06/29 22:15:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2012/06/29 22:15:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2012/06/29 22:15:24 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2012/06/29 22:15:16 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2012/06/29 22:15:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2012/06/29 22:15:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2012/06/29 22:15:09 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2012/06/29 22:15:08 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2012/06/29 22:15:08 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2012/06/29 22:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2012/06/29 22:15:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2012/06/29 22:15:08 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2012/06/29 22:15:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2012/06/29 22:15:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2012/06/29 22:15:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2012/06/29 22:15:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2012/06/29 22:15:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2012/06/29 22:15:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2012/06/29 22:15:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2012/06/29 22:15:06 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2012/06/29 22:15:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2012/06/29 22:15:06 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2012/06/29 22:15:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2012/06/29 22:15:06 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2012/06/29 22:15:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2012/06/29 22:15:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2012/06/29 22:15:05 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2012/06/29 22:15:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2012/06/29 22:15:04 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2012/06/29 22:15:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2012/06/29 22:15:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2012/06/29 22:15:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2012/06/29 22:15:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2012/06/29 22:15:00 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2012/06/29 22:15:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2012/06/29 22:15:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2012/06/29 22:14:59 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2012/06/29 22:14:59 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2012/06/29 22:14:59 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2012/06/29 22:14:59 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2012/06/29 22:14:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2012/06/29 22:14:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2012/06/29 22:14:42 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2012/06/29 22:14:39 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2012/06/29 22:14:38 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2012/06/29 22:14:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2012/06/29 22:14:37 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2012/06/29 22:14:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2012/06/29 22:14:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2012/06/29 22:14:36 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2012/06/29 22:14:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2012/06/29 22:14:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2012/06/29 22:14:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2012/06/29 22:14:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2012/06/29 22:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2012/06/29 22:14:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2012/06/29 22:14:32 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2012/06/29 22:14:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2012/06/29 22:14:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2012/06/29 22:14:06 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2012/06/29 22:14:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2012/06/29 22:14:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2012/06/29 22:14:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2012/06/29 22:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2012/06/29 22:13:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2012/06/29 22:13:46 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2012/06/29 22:13:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2012/06/29 22:13:45 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2012/06/29 22:13:45 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2012/06/29 22:13:39 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2012/06/29 22:13:38 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2012/06/29 22:13:38 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2012/06/29 22:13:38 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2012/06/29 22:13:38 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2012/06/29 22:13:38 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2012/06/29 22:13:38 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2012/06/29 22:13:37 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2012/06/29 22:13:37 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2012/06/29 22:13:37 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2012/06/29 22:13:37 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2012/06/29 22:13:37 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2012/06/29 22:13:36 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2012/06/29 22:13:36 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2012/06/29 22:13:36 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2012/06/29 22:13:36 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2012/06/29 22:13:35 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2012/06/29 22:13:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2012/06/29 22:13:34 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2012/06/29 22:13:33 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2012/06/29 22:13:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2012/06/29 22:09:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2012/06/29 22:09:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2012/06/29 21:48:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2012/06/29 21:48:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2012/06/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2012/06/29 16:40:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\COLIN\Recent [2012/06/29 13:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2012/06/28 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/28 22:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Local Settings\Application Data\FixItCenter [2012/06/28 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Data Recovery [2012/06/26 13:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Application Data\HandBrake [2012/06/26 13:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\COLIN\Start Menu\Programs\Handbrake [2012/06/26 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/06/19 19:15:30 | 017,396,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2009/01/19 11:54:15 | 005,992,404 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\Portable GetRight 6.3e.exe [2008/12/09 11:27:59 | 002,167,968 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe [2008/07/10 19:55:26 | 000,383,755 | ---- | C] (Headlight Software, Inc.) -- C:\Program Files\download-VobSub_2.23.exe [2006/12/07 08:37:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\COLIN\Application Data\pcouffin.sys [2006/01/17 15:55:09 | 011,477,288 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe [2005/12/06 12:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2005/12/06 12:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe [2005/12/06 12:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/05 22:10:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/07/05 17:10:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/07/05 14:15:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/05 12:49:26 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\COLIN\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk [2012/07/05 12:49:10 | 003,502,192 | ---- | M] (New IT Solutions) -- C:\Program Files\4shared_Desktop_3[1].3.5M.exe [2012/07/05 12:24:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/05 12:17:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/05 12:15:09 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/07/05 12:14:42 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/07/05 12:14:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/05 10:22:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/04 23:23:07 | 009,878,895 | ---- | M] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | M] () -- C:\FixitRegBackup.reg [2012/07/04 23:02:56 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/07/04 21:10:56 | 004,570,624 | R--- | M] (Swearware) -- C:\Documents and Settings\COLIN\Desktop\ComboFix.exe [2012/07/04 18:24:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 23:05:17 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\COLIN\Desktop\tdsskiller.exe [2012/07/03 22:47:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\COLIN\Desktop\unhide.exe [2012/07/03 21:36:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\COLIN\Desktop\OTL.exe [2012/07/03 17:10:45 | 000,001,167 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/07/03 09:22:59 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job [2012/07/02 23:07:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\Desktop\aswMBR.exe [2012/07/02 11:22:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/02 10:33:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/02 00:57:21 | 001,544,384 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\COLIN\Desktop\mplayer_installer_1922.exe [2012/07/01 09:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\COLIN\My Documents\aswMBR.exe [2012/07/01 00:27:36 | 000,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/06/29 23:15:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 22:20:55 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/29 22:19:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012/06/29 22:12:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/06/29 22:12:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/06/29 22:12:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/06/29 22:11:07 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/06/29 22:08:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/06/29 22:06:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/06/29 07:10:04 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/28 22:24:13 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2012/06/28 18:43:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/28 18:21:11 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/27 18:14:12 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\TV Guide - Australia's TV Guide - Yahoo!7.url [2012/06/26 16:35:23 | 000,505,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/26 16:35:23 | 000,089,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/26 13:58:20 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:01 | 000,029,635 | ---- | M] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 19:15:46 | 017,396,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpas-fe.exe [2012/06/19 16:51:26 | 004,478,300 | ---- | M] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/06/09 21:55:16 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\COLIN\default.pls [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/05 12:49:26 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk [2012/07/04 23:23:03 | 009,878,895 | ---- | C] () -- C:\Qoobox.zip [2012/07/04 23:14:38 | 000,014,094 | ---- | C] () -- C:\FixitRegBackup.reg [2012/07/04 18:24:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012/07/04 18:24:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012/07/04 18:23:26 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Adobe Premiere Pro 2.0 (2).lnk [2012/07/03 13:38:27 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/07/02 11:01:31 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/07/02 11:01:30 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2012/07/02 10:58:18 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2012/07/02 10:58:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012/07/02 10:58:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2012/07/02 10:58:15 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012/07/02 10:58:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/07/02 10:58:13 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk [2012/07/02 10:58:12 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk [2012/07/02 10:58:11 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk [2012/07/02 10:58:09 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk [2012/07/02 10:58:08 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk [2012/07/02 10:33:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/02 10:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/02 10:26:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/02 10:26:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/02 10:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/02 10:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/02 10:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/02 01:01:26 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2 [2012/06/29 23:15:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Shortcut to Internet Explorer.lnk [2012/06/29 23:11:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk [2012/06/29 22:16:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012/06/29 22:15:51 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012/06/29 22:15:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012/06/29 22:15:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012/06/29 22:15:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012/06/29 22:15:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012/06/29 22:15:11 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012/06/29 22:15:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2012/06/29 22:14:38 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012/06/29 22:09:29 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/06/29 22:07:42 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/06/29 21:48:16 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2012/06/29 21:48:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2012/06/29 21:48:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2012/06/29 21:48:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2012/06/29 21:48:16 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2012/06/29 21:48:16 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2012/06/29 21:48:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2012/06/29 21:48:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2012/06/29 21:48:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2012/06/29 21:48:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2012/06/29 21:48:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2012/06/29 21:48:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2012/06/29 21:48:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2012/06/29 21:48:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2012/06/29 21:48:14 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2012/06/29 07:10:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMer [2012/06/29 07:10:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-0gWFIiFCgcbrMe [2012/06/29 01:01:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/28 22:41:55 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012/06/28 21:57:07 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Command Prompt.job [2012/06/28 18:21:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqtr [2012/06/28 18:21:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-VptbbJKs7vqKqt [2012/06/26 13:58:20 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\COLIN\Desktop\Handbrake.lnk [2012/06/26 13:47:00 | 000,029,635 | ---- | C] () -- C:\Program Files\download.htm [2012/06/21 17:25:07 | 000,273,663 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\Operating_costs_of_gas_appliances.pdf [2012/06/19 16:51:26 | 004,478,300 | ---- | C] () -- C:\Documents and Settings\COLIN\My Documents\GAS HEATER Manual%20Heater%20User%20Manual.pdf [2012/05/22 13:26:42 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\mbam.context.scan [2010/11/29 15:25:15 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys [2009/12/14 15:07:24 | 000,001,316 | ---- | C] () -- C:\Program Files\ComboFix.htm [2009/12/07 18:04:53 | 000,019,334 | ---- | C] () -- C:\Documents and Settings\All Users\xpnetdiag.xml [2009/08/07 18:15:33 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\AutoGK.ini [2009/06/05 16:02:25 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNat.gif [2009/06/05 16:02:25 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNzn.gif [2009/06/05 16:02:25 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\waQ1P0bNby.gif [2009/04/01 15:14:51 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\COLIN\UserImages.bmp [2009/02/14 11:10:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/12/13 11:39:15 | 007,930,904 | ---- | C] () -- C:\Program Files\dap9.exe [2008/05/21 15:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\COLIN\usb002 [2008/02/06 16:44:12 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to DVD Shrink.lnk [2007/11/01 23:07:09 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/26 23:13:42 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\COLIN\Application Data\evf [2007/04/05 01:14:38 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\dm.ini [2007/01/25 09:01:30 | 000,005,986 | ---- | C] () -- C:\Documents and Settings\COLIN\UserCustomPreset_Adobe Premiere Pro 2.0.vpr [2006/12/07 08:37:54 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\ezpinst.exe [2006/12/07 08:37:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.cat [2006/12/07 08:37:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\COLIN\Application Data\pcouffin.inf [2006/06/10 14:27:28 | 000,002,615 | ---- | C] () -- C:\Program Files\ChingLiu.nfo [2006/02/27 18:15:06 | 000,217,329 | ---- | C] () -- C:\Program Files\gspot221.exe [2006/02/04 21:05:20 | 000,000,427 | ---- | C] () -- C:\Program Files\FILE_ID.DIZ [2006/01/17 16:14:53 | 020,921,040 | ---- | C] ( ) -- C:\Program Files\AdbeRdr705_enu_full.exe [2006/01/14 13:20:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\fusioncache.dat [2006/01/13 16:55:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\COLIN\default.pls [2006/01/13 16:19:38 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\COLIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/06 12:28:30 | 003,673,932 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86_Archive.cab [2005/12/06 12:28:04 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab [2005/12/06 12:28:02 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab [2005/12/06 12:28:02 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab [2005/12/06 12:28:02 | 000,041,888 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab [2005/12/06 12:28:00 | 000,916,806 | ---- | C] () -- C:\Program Files\Dec2005_MDX1_x86.cab [2005/12/06 12:27:58 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab [2005/12/06 12:00:46 | 000,081,092 | ---- | C] () -- C:\Program Files\dxupdate.cab [2005/12/06 12:00:44 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab [2005/12/06 12:00:44 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2005/12/06 12:00:44 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab [2005/12/06 12:00:44 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab [2005/12/06 12:00:44 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2005/12/06 12:00:44 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab [2005/12/06 12:00:44 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab [2005/12/06 12:00:44 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab [2005/12/06 12:00:42 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab [2005/12/06 12:00:40 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab [2005/12/06 12:00:40 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2005/12/06 12:00:40 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2005/12/06 12:00:40 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\COLIN\Desktop\router_land.php-tracking=ga1&banner=6.2:SummaryInformation @Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s2 < End of report >
  13. Run Fix, Run scan?
  14. The following happened: how would you like me to proceed? AND when I click 'start' and then Interent I get a page from conduit.com telling me there is a violation of its use. Related? I will not proceed until I hear from you. The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup For assisted support options: Microsoft Online Assisted Support (no-cost for Windows Update issues)
  15. OH: when I click on 'start' the internet explorer shows (no add ons) but the link gives an error, but I can get around it.