Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

problems with redirects after removing strong malware defender [Closed

Started by khameleon , Mar 06 2012 12:46 PM

  • This topic is locked This topic is locked

#1
khameleon
Posted 06 March 2012 - 12:46 PM

khameleon

    Member

  • Member
  • PipPip
  • 11 posts
I somehow managed to get the 'Strong Malware Defender' crap on my computer and the steps I took afterwards are as follows.

In safe mode with networking
I ran the kaspersky TDSSkiller thingy,
then ran Rkill
then ran Malwarebytes Anti-Malware free software
then ran Hitman Pro
I downloaded hostfix.bat and then finally ran the microsoft fixit

At first glance everything was removed and all looked ok. But now it seems that most links redirect to other sites which I presume also contain the same malware. It does seem that not everything gets redirected but most.

I also cannot start my security centre or run microsft security essentials, it tries to open but snaps shut before you can read whats on the screen. i've ran the various anti malware software over and over but none of them are picking anything up so I'm puzzled.


OTL logfile created on: 06/03/2012 18:27:00 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Jamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 68.48% Memory free
11.98 Gb Paging File | 9.95 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 9.50 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 183.42 Gb Free Space | 61.53% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/02/20 08:41:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/16 21:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 08:41:02 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 09:13:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 17:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/10 21:46:54 | 002,044,688 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 03:31:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2010/08/31 13:41:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/08/31 13:38:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/31 13:33:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/29 15:48:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/03 14:31:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/05 22:16:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/15 10:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/09/08 18:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 16:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 21:46:04 | 000,107,280 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/28 13:23:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/28 13:23:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/09 10:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/14 06:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV:64bit: - [2008/04/04 13:47:40 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH8000.sys -- (SaiH8000)
DRV:64bit: - [2008/04/04 13:33:32 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH353E.sys -- (SaiH353E)
DRV:64bit: - [2007/01/19 21:52:58 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/01/19 21:51:06 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 11 85 D2 1A C5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F13C8DB1-A19D-4277-9DB9-9F5D1C634C6E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{D9607377-A083-4FD0-8CA4-AC22E75F235D}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{F13C8DB1-A19D-4277-9DB9-9F5D1C634C6E}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ukmandown....google.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/08/27 19:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 08:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 17:10:57 | 000,000,000 | ---D | M]

[2010/09/20 16:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2012/02/29 15:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions
[2012/02/29 15:21:54 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2011/11/13 16:00:16 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2012/03/04 07:49:56 | 000,001,210 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\searchplugins\search.xml
[2011/12/30 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\[email protected]
[2012/02/20 08:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 11:43:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 09:04:15 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 09:04:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:04:15 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 09:04:15 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 09:04:15 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/04 07:48:23 | 000,435,366 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14980 more lines...
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...0/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975CD5B0-29A9-49C4-B66E-551EEB1BE85B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99811C9F-0B72-4670-85BC-D81F7B2B038A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9CD1F1-9097-4741-B44C-D648D676CB46}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 18:24:57 | 004,427,148 | ---- | C] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 18:01:52 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/06 17:51:52 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Jamie\Desktop\mseinstall.exe
[2012/03/06 17:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/06 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/06 17:29:40 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/03/06 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9897FC06-128D-47B1-9834-401E52F9F1AA}
[2012/03/06 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96AC7C9A-2EEC-4B14-9FDE-E611CC52AA46}
[2012/03/05 22:48:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/05 22:48:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/05 22:48:11 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/05 22:48:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/05 22:48:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/05 22:48:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/05 22:48:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/05 22:48:11 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/05 22:48:11 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/05 22:48:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/05 22:48:11 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/05 22:48:11 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/05 22:48:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/05 22:48:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/05 22:48:11 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/05 22:48:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/05 22:48:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/05 22:48:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/05 22:48:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/05 22:48:11 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/05 22:48:11 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/05 22:48:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/05 22:48:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/05 22:48:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/05 22:48:11 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/05 22:48:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/05 22:48:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/05 22:48:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/05 22:48:11 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/05 22:48:11 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/05 22:48:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/05 22:48:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/05 22:48:11 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/05 22:48:11 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/05 22:48:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/05 22:48:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/05 22:48:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/05 22:48:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/05 22:48:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/05 22:48:11 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/05 22:48:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/05 22:48:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/05 22:48:11 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/05 22:48:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/05 22:48:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/05 22:48:11 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/05 22:48:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/05 22:48:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/05 22:48:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/05 22:48:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/05 22:48:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/05 22:48:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/05 22:48:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/05 22:48:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/05 22:48:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/05 22:48:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/05 22:48:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/05 22:48:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/05 22:48:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/05 22:48:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/05 22:48:11 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/05 22:48:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/05 22:48:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/05 22:48:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/05 22:48:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/05 22:48:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/05 22:48:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/05 22:48:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/05 22:48:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/05 22:48:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/05 22:48:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/05 22:48:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/05 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A0199840-84F4-4984-BF9B-5991F3C93D9B}
[2012/03/05 22:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7C28ADD2-760D-476D-9E02-7BA025C587BD}
[2012/03/05 22:37:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/05 22:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/03/05 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A18CE8A7-108E-4431-90A7-65DCE281DA56}
[2012/03/05 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96531FAB-80FA-4738-94E0-02C9519C2B6B}
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/03/04 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3E17818C-14CA-4BC7-83C2-B5F4221C6205}
[2012/03/04 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3CFD0327-E254-4487-87C1-651D57628193}
[2012/03/04 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/04 19:46:15 | 008,116,368 | ---- | C] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/04 19:41:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 19:40:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:30:29 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{830AE76B-5977-4F7B-B2F0-51DDC6CAF839}
[2012/03/04 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{06CEBD63-5894-420F-A790-4841C12FF322}
[2012/03/04 07:48:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMCUD
[2012/03/04 07:48:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\44e57d
[2012/03/03 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B0F8BA53-82FA-456B-8D5C-3D21D4BF0A4E}
[2012/03/03 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56E415DC-1D12-425E-942D-ABB148EA20E0}
[2012/03/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9F8B3527-75FA-4EF5-9A5F-A89207F84E26}
[2012/03/03 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2870CF32-B19C-4561-A02A-6C9C21F7AA5A}
[2012/03/02 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8B00BB2-4B79-4509-BB4B-047197D2C914}
[2012/03/02 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{66438647-0D7E-47C5-B684-6E55C49FE336}
[2012/03/02 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F7FB3D62-129F-40D3-8C63-605C8F76742B}
[2012/03/02 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{55D393CE-56E7-4EFA-8843-5EF1AC0A2E8F}
[2012/03/01 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DB6B9847-87D6-41A6-8109-4A878766590A}
[2012/03/01 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{ADF18C42-0DC2-4F4F-A5FC-88E1959E7C88}
[2012/03/01 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{25B9AF66-8746-48D2-9E87-8A41A140C8C9}
[2012/03/01 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{59A5C562-F56B-4FC7-9536-FE1231B474C7}
[2012/02/29 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3D9EE779-BDC2-49B3-8775-B35EBE536D87}
[2012/02/29 22:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D00A7E14-41A5-462A-A291-08A9302E4C62}
[2012/02/29 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DD44BEBE-374B-4DE5-8E12-9004AA2FF58F}
[2012/02/29 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AEEE5123-F9C2-4575-94E7-BC9760D55C09}
[2012/02/28 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F052E7B4-811D-4763-82FF-CB055C819000}
[2012/02/28 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{03FB6D89-68E4-4DC9-BD02-3C8BA6708585}
[2012/02/28 10:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8680DB8E-191A-4BC1-9A40-7197FD46C6E0}
[2012/02/28 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{870EC471-3B9E-46A4-B0AD-A3D89C4AC25B}
[2012/02/28 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C57D6908-30D4-488E-9855-D53221342FCA}
[2012/02/28 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4EEBAC6B-A8A2-4718-B24A-96C41B3B2861}
[2012/02/27 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E1E5CBC5-7AE6-4A9E-8085-63DDDA188FF8}
[2012/02/27 22:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BB644CEA-6660-41B6-877C-82025064FCC4}
[2012/02/27 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AF81D8A7-53B8-44F4-A3DC-E56DC7B1D720}
[2012/02/27 10:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1534E855-828E-415B-B1C4-7D01D84D93FB}
[2012/02/27 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A93F56C6-7AD9-4214-B4DD-23FE3AABAE60}
[2012/02/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4284D3C3-B15F-49B5-A746-0B7FDA135F09}
[2012/02/26 22:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{598EDA65-AAE9-4255-A68A-D553CD1CFEE1}
[2012/02/26 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F2D5A8B2-11C1-4D35-A283-761C794C02C9}
[2012/02/26 10:31:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{53EDCE4F-1E2E-44D8-9C2D-82BD841B8BC5}
[2012/02/26 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7B6970C9-7907-4C89-8CE5-B00C42D0D40F}
[2012/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{637525FC-A313-454E-AC46-B33C0FDD8E8D}
[2012/02/25 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47DBA8EF-915D-476D-8159-EB2041972CBB}
[2012/02/25 10:30:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8AA1E3EA-7821-42E0-AC51-61C2F4FC08D2}
[2012/02/25 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0FA9E63B-1970-46E6-B878-BAFCA24B1749}
[2012/02/24 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{69245EB5-92EA-466F-B51D-3B5E412825A2}
[2012/02/24 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1B3D25F2-574B-49CC-AA7F-B0C2EA9BA18F}
[2012/02/24 22:29:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47454996-FDD2-4F59-BCB5-D8ACF6118AC1}
[2012/02/24 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8739017-A74C-476D-9290-C2D0116677D8}
[2012/02/24 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{373B1F00-95DC-4569-B6CC-557364F1D769}
[2012/02/24 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D6934B6F-D8AA-48BC-814E-DF27C3E84851}
[2012/02/23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{624B2875-E203-4C91-AF01-AC2DB4034F3F}
[2012/02/23 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CCC2C4D5-66AF-4D81-81ED-A5682DDAF0FF}
[2012/02/23 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{483C105F-1237-46B6-B51D-8DE4A5510048}
[2012/02/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{060EF237-C6B0-4211-9947-AAEA35402837}
[2012/02/22 22:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F026EE2E-ACFF-4CE0-8FE1-B3D9DCBAC422}
[2012/02/22 22:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{89987609-1ABA-4820-9DAC-1A98E822CF99}
[2012/02/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3066D7D3-AD18-40B2-84C0-8DA623E9E0DE}
[2012/02/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2F1DFA78-E0B4-4683-9409-B19A376F8839}
[2012/02/22 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93E24A83-A69A-4CDA-B0EB-83BEE4470E71}
[2012/02/21 22:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BBE0B6F0-27C0-42C1-991F-124F525117A7}
[2012/02/21 22:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CB429DC1-4AA3-4482-92FA-7F73B408BA2D}
[2012/02/21 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{43ABE4DC-B3EE-4FE2-BA41-64BD408366BD}
[2012/02/21 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B854EB1A-B09C-4EC6-ADF2-4DD0DFF09642}
[2012/02/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9C0124C0-493D-486B-B916-5627D28DF910}
[2012/02/20 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B8E4C85D-0FCE-4F3A-907D-C977F4452852}
[2012/02/20 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BDC4E659-288E-439A-97B6-A228C2B0BBC5}
[2012/02/20 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{23700DB1-F1F7-42C2-B4D8-28864C0997DE}
[2012/02/19 22:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D490FDFF-7183-42F0-95D9-F195825BD4AD}
[2012/02/19 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B146AF4A-BE50-4D0B-9AF0-1F695EA2F611}
[2012/02/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{796F77A0-1A87-44E2-9407-8359DD4C0B34}
[2012/02/19 10:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85AF67EE-F7A1-4345-A531-AA4682B81EC8}
[2012/02/18 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{550DDE23-5670-4A7B-A4FF-ED3B2FF990F7}
[2012/02/18 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C2C3BEE6-E077-4A24-846F-F999FC50B058}
[2012/02/18 10:24:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{312F25AF-2138-459B-895B-352A1D9C7824}
[2012/02/18 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07AD92D9-BDC2-4ECB-B1A9-3CBAEE884D3A}
[2012/02/17 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C473D19F-F5E9-4790-A316-B964D7E69679}
[2012/02/17 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{68BC92AC-634A-4DB1-9DDE-7C17B3E83A1C}
[2012/02/17 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B15BD7B9-128C-41D7-A80E-A6BB346962A1}
[2012/02/17 10:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A6254115-7DD0-41C9-9858-32A8A82E4A66}
[2012/02/16 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{168C840D-9F92-41AD-8979-AD70B3AB1BD6}
[2012/02/16 22:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07187DED-F56B-48E3-9965-4FAE858102B0}
[2012/02/16 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CFDEAC7F-0282-47BB-BF03-C0E416C38D41}
[2012/02/16 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{545FEF53-ECD5-4B47-AC45-3308A1872DB1}
[2012/02/15 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{804ED3FA-2F52-4D95-9C4D-FFB70B130D06}
[2012/02/15 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3357032E-A854-49E7-92B0-573F8451DADC}
[2012/02/15 10:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC98BCC7-3C36-4C29-8D48-078C8FB866A6}
[2012/02/15 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3BDF7056-2A41-4A40-94F5-C113A8CE927B}
[2012/02/14 23:34:37 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 23:34:32 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 23:34:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 23:34:17 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8EF142D8-7093-4C0A-A8FE-EDFFD50AFF11}
[2012/02/14 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7A617C0A-F191-42AA-964E-2008058E386E}
[2012/02/14 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E93CE342-95D5-4407-895F-4AFFE7D23AA6}
[2012/02/14 10:21:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8586C08C-6F8F-48D3-8BC9-17FAEEAE1401}
[2012/02/13 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC32D965-2281-4442-BBD5-41BDE86ACAFB}
[2012/02/13 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{83D83199-B421-4F91-8B9C-88D88AD93304}
[2012/02/13 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B07A3993-88B4-440C-8B46-87D90A69C42F}
[2012/02/13 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{10333931-8E1E-4A97-AD1F-D3FD49371079}
[2012/02/12 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{007A83A4-3051-47A3-9082-8D8484130DDF}
[2012/02/12 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E5E42F10-493C-4E45-8A07-C96F050713AC}
[2012/02/12 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{486CB6CA-3FAE-4406-8183-D9FD43106267}
[2012/02/12 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{28410237-DF4A-44CF-B0AB-0457E277DD21}
[2012/02/12 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3785EB1A-61F7-400D-8421-572E36FE8ABD}
[2012/02/11 22:19:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3648F4B8-8D08-4C63-BA81-DEA8BDECCDA8}
[2012/02/11 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85535C0E-354A-4B82-B9A0-4A2939BC1DD6}
[2012/02/11 10:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F62037E3-3967-4DF0-8AAD-000838F1A7EF}
[2012/02/11 10:19:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DCC683CA-E069-4001-A374-BEFE363830CE}
[2012/02/10 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F8D83652-F52C-41C2-A039-EC8BA9A5E1F7}
[2012/02/10 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8F5412F7-6E4D-463A-8900-360471E85345}
[2012/02/10 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CA65FC17-77A9-4D4D-A3D9-A2C4B3966EB4}
[2012/02/10 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C8708C66-9218-4339-A43C-ECD44B59DF8F}
[2012/02/09 22:17:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{30783FCE-19A0-49D4-A896-D9A35A644928}
[2012/02/09 22:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9408E0AC-8211-4D23-A951-19EAF7B908BD}
[2012/02/09 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{39FB7CBE-19D2-4879-889D-D3B7A90C2718}
[2012/02/09 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{90575C32-7B38-4669-AAED-DC3E00FE04A9}
[2012/02/08 22:17:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4B48B1CD-8132-4A36-BEA4-61BE7D9A7F98}
[2012/02/08 22:16:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0B45A574-74C7-4829-8BEC-E11FBA5E300C}
[2012/02/08 16:05:07 | 001,331,272 | ---- | C] (Blue Coat Systems, Inc.) -- C:\Users\Jamie\Desktop\k9-webprotection.exe
[2012/02/08 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{36EC32FB-1343-4DEF-963E-E8231D3B04B7}
[2012/02/08 10:16:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{87C46AD6-DD68-4922-92F3-9000D2AF5C1D}
[2012/02/07 22:16:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2840FD44-D60C-4BBA-9815-64859D6FB3A5}
[2012/02/07 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0B04D7BD-E469-43CE-A879-9DC6F20AF69A}
[2012/02/07 10:15:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D2472D22-28FF-4D6A-87BA-3F121957F0A0}
[2012/02/07 10:15:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CA2E71FD-E6A6-4A7C-B960-38763573F2EA}
[2012/02/06 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E095938D-CE2F-463B-B589-9E0995D9C964}
[2012/02/06 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C1B4B28E-C432-47A1-A676-70BC53123028}
[2012/02/06 10:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0D7CB3B2-4022-4B14-912C-FDCBDC5EE361}
[2012/02/06 10:14:47 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0D04BFE3-AD0D-4519-A126-E4FB22505606}
[2012/02/05 22:14:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4911DDC4-869B-4A86-8D6E-DD8F1B6D80BB}
[2012/02/05 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B72E80C7-8DED-4C6B-84F1-53F9B0FEC605}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 18:25:08 | 004,427,148 | ---- | M] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 17:52:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:51:56 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Jamie\Desktop\mseinstall.exe
[2012/03/06 17:35:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 17:35:33 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 17:29:59 | 000,739,350 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/06 17:29:59 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 17:29:59 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 17:17:52 | 000,001,441 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/06 04:28:27 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Yxgti.job
[2012/03/06 04:28:18 | 002,373,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/06 04:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 04:27:46 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 04:17:36 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 22:48:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/05 22:48:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/05 22:48:11 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/05 22:48:11 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/05 22:48:11 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/05 22:48:11 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/05 22:48:11 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/05 22:48:11 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/05 22:48:11 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/05 22:48:11 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/05 22:48:11 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/05 22:48:11 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/05 22:48:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/05 22:48:11 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/05 22:48:11 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/05 22:48:11 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/05 22:48:11 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/05 22:48:11 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/05 22:48:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/05 22:48:11 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/05 22:48:11 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/05 22:48:11 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/05 22:48:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/05 22:48:11 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/05 22:48:11 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/05 22:48:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/05 22:48:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/05 22:48:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/05 22:48:11 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/05 22:48:11 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/05 22:48:11 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/05 22:48:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/05 22:48:11 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/05 22:48:11 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/05 22:48:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/05 22:48:11 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/05 22:48:11 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/05 22:48:11 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/05 22:48:11 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/05 22:48:11 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/05 22:48:11 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/05 22:48:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/05 22:48:11 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/05 22:48:11 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/05 22:48:11 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/05 22:48:11 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/05 22:48:11 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/05 22:48:11 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/05 22:48:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/05 22:48:11 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/05 22:48:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/05 22:48:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/05 22:48:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/05 22:48:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/05 22:48:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/05 22:48:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/05 22:48:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/05 22:48:11 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/05 22:48:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/05 22:48:11 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/05 22:48:11 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/05 22:48:11 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/05 22:48:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/05 22:48:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/05 22:48:11 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/05 22:48:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/05 22:48:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/05 22:48:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/05 22:48:11 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/05 22:48:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/05 22:48:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/05 22:43:55 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/03/05 22:43:55 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/03/05 22:16:56 | 000,027,424 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:24 | 000,000,833 | ---- | M] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/05 09:27:37 | 000,980,480 | ---- | M] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/05 09:19:11 | 000,000,632 | RHS- | M] () -- C:\Users\Jamie\ntuser.pol
[2012/03/05 00:00:06 | 000,000,130 | ---- | M] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:46:23 | 008,116,368 | ---- | M] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:40:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:34:22 | 001,008,141 | ---- | M] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/03/04 19:30:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 16:47:20 | 000,435,366 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\host_new.old
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-160442.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-152418.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-001543.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-000049.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-235805.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-180734.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/03 19:54:40 | 000,147,456 | RHS- | M] () -- C:\Windows\SysWow64\KBDYCC5.dll
[2012/02/27 01:03:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/26 16:54:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/26 15:56:41 | 002,565,641 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/20 20:02:41 | 003,418,866 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2012/02/12 09:04:21 | 000,002,048 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/08 16:40:46 | 009,666,560 | ---- | M] () -- C:\Users\Jamie\Desktop\f5d7050v5.exe
[2012/02/08 16:05:08 | 001,331,272 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Users\Jamie\Desktop\k9-webprotection.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 17:30:07 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:49 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:18 | 000,000,833 | ---- | C] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 09:11:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jamie\ntuser.pol
[2012/03/04 19:52:08 | 000,980,480 | ---- | C] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/04 19:51:15 | 000,000,130 | ---- | C] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:30:29 | 001,008,141 | ---- | C] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/03/03 19:54:40 | 000,147,456 | RHS- | C] () -- C:\Windows\SysWow64\KBDYCC5.dll
[2012/03/03 19:54:40 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Yxgti.job
[2012/02/29 19:05:30 | 002,565,641 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/26 16:54:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/20 20:03:39 | 003,418,866 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2012/02/08 16:40:20 | 009,666,560 | ---- | C] () -- C:\Users\Jamie\Desktop\f5d7050v5.exe
[2011/10/13 20:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/10 09:47:47 | 000,739,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 21:47:09 | 000,010,417 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\SmarThruOptions.xml
[2011/01/13 21:46:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011/01/13 21:46:50 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011/01/13 21:46:34 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/01/13 21:46:32 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2011/01/13 21:14:45 | 000,110,592 | ---- | C] () -- C:\Windows\WiaInst.exe
[2010/11/17 10:31:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/24 18:36:17 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/29 13:45:31 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/31 13:34:49 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
[2010/08/31 13:34:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/31 13:34:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/25 17:02:25 | 000,162,878 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\UserTile.png
[2010/05/13 19:47:56 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010/05/02 10:23:10 | 000,000,549 | ---- | C] () -- C:\Users\Jamie\AppData\Local\CastleLinkProps.dat
[2010/04/18 11:06:36 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 22:38:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/28 22:38:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/28 22:38:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/16 15:05:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Files - Unicode (All) ==========
[2011/06/25 22:05:19 | 000,000,000 | ---D | M](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
[2011/06/25 22:05:19 | 000,000,000 | ---D | C](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
(C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ

< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 06 March 2012 - 01:37 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, khameleon! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for khameleon only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw
Posted 08 March 2012 - 11:16 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Drive C: | 232.79 Gb Total Space | 9.50 Gb Free Space | 4.08% Space Free | Partition Type: NTFS

To ensure our tools run properly, the minimum free disk space required is 15%. I advise that you free some space up on drive C by uninstalling unwanted programs and deleting any personal files you don't want.


Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.

Step 2

Do redirects still occur after running the following OTL fix?

  • Save this file to your desktop: Attached File  fix.txt   2.06KB   91 downloads
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt
  • 0

#4
khameleon
Posted 08 March 2012 - 02:43 PM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Nedklaw

Thanks for your help on this I'm very grateful. After running the fix it does seem like the google redirects have stopped, I've tried a few different searches and web sites and nothing yet.

Here are the 3 logs.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F13C8DB1-A19D-4277-9DB9-9F5D1C634C6E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F13C8DB1-A19D-4277-9DB9-9F5D1C634C6E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
C:\ProgramData\SMCUD folder moved successfully.
C:\ProgramData\44e57d folder moved successfully.
C:\Windows\Tasks\Yxgti.job moved successfully.
C:\Windows\SysWOW64\KBDYCC5.dll moved successfully.
Folder C:\Users\Jamie\AppData\Local\†††__††††ˆ\ not found.
Folder C:\Users\Jamie\AppData\Local\†††__††††ˆ\ not found.
C:\Windows\SysWow64\tmp8F90.tmp deleted successfully.
C:\Windows\SysWow64\tmp8F91.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jamie\Desktop\cmd.bat deleted successfully.
C:\Users\Jamie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jake Adam & Kira
->Temp folder emptied: 967 bytes
->Temporary Internet Files folder emptied: 77828 bytes
->FireFox cache emptied: 8428793 bytes
->Flash cache emptied: 56475 bytes

User: Jamie
->Temp folder emptied: 64798724 bytes
->Temporary Internet Files folder emptied: 190607649 bytes
->Java cache emptied: 37959 bytes
->FireFox cache emptied: 594180510 bytes
->Apple Safari cache emptied: 24709120 bytes
->Flash cache emptied: 56967 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209394 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101889 bytes
RecycleBin emptied: 543043644 bytes

Total Files Cleaned = 1,360.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.35.1 log created on 03082012_194530

Files\Folders moved on Reboot...
C:\Users\Jamie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jamie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U96OIAT7\ADSAdClient31[1].htm not found!

Registry entries deleted on Reboot...


OTL logfile created on: 08/03/2012 19:53:43 - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Jamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 73.72% Memory free
11.98 Gb Paging File | 10.32 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 45.14 Gb Free Space | 19.39% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 185.54 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/02/20 08:41:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/16 21:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2010/11/20 12:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 08:41:02 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 09:13:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 17:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/10 21:46:54 | 002,044,688 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 03:31:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2010/08/31 13:41:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/08/31 13:38:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/31 13:33:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/29 15:48:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/03 14:31:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/05 22:16:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/15 10:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/09/08 18:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 16:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 21:46:04 | 000,107,280 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/28 13:23:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/28 13:23:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/09 10:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/14 06:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV:64bit: - [2008/04/04 13:47:40 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH8000.sys -- (SaiH8000)
DRV:64bit: - [2008/04/04 13:33:32 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH353E.sys -- (SaiH353E)
DRV:64bit: - [2007/01/19 21:52:58 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/01/19 21:51:06 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 11 85 D2 1A C5 CA 01 [binary data]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{D9607377-A083-4FD0-8CA4-AC22E75F235D}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ukmandown....google.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/08/27 19:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 08:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 17:10:57 | 000,000,000 | ---D | M]

[2010/09/20 16:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2012/03/06 21:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions
[2012/02/29 15:21:54 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/06 21:38:12 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2011/11/13 16:00:16 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2012/03/04 07:49:56 | 000,001,210 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\searchplugins\search.xml
[2011/12/30 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\[email protected]
[2012/02/20 08:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 11:43:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 09:04:15 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 09:04:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:04:15 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 09:04:15 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 09:04:15 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/04 07:48:23 | 000,435,366 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14980 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...0/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975CD5B0-29A9-49C4-B66E-551EEB1BE85B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99811C9F-0B72-4670-85BC-D81F7B2B038A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9CD1F1-9097-4741-B44C-D648D676CB46}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 19:45:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/08 19:44:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/08 19:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/03/08 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8E8F1461-049A-444F-8032-E7CC5FC5CBC7}
[2012/03/08 18:41:53 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F504E88A-D92B-402C-A36F-AD7A0E64C97F}
[2012/03/08 06:41:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{252F4BA6-AEDF-49BC-8713-4233FCF213A7}
[2012/03/08 06:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{6301728D-9E93-4359-880C-F34A596DACD5}
[2012/03/07 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47EE98C5-2493-4112-AD78-1BD73E8DC6EC}
[2012/03/07 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56C238D6-43C4-4F32-AE95-ABC2009733FF}
[2012/03/07 06:40:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D376FA6A-F283-4020-B1C6-859311FFDD96}
[2012/03/07 06:40:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{32A15D09-98E2-4F41-9AC5-E5329F77AF8D}
[2012/03/07 06:40:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{75B6CD19-8FE4-45A2-B315-89D723316847}
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/03/06 21:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/03/06 21:23:27 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/03/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/03/06 18:24:57 | 004,427,148 | ---- | C] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 18:01:52 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/06 17:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/06 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/06 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9897FC06-128D-47B1-9834-401E52F9F1AA}
[2012/03/06 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96AC7C9A-2EEC-4B14-9FDE-E611CC52AA46}
[2012/03/05 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A0199840-84F4-4984-BF9B-5991F3C93D9B}
[2012/03/05 22:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7C28ADD2-760D-476D-9E02-7BA025C587BD}
[2012/03/05 22:37:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/05 22:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/03/05 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A18CE8A7-108E-4431-90A7-65DCE281DA56}
[2012/03/05 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96531FAB-80FA-4738-94E0-02C9519C2B6B}
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/03/04 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3E17818C-14CA-4BC7-83C2-B5F4221C6205}
[2012/03/04 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3CFD0327-E254-4487-87C1-651D57628193}
[2012/03/04 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/04 19:46:15 | 008,116,368 | ---- | C] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/04 19:41:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 19:40:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:30:29 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{830AE76B-5977-4F7B-B2F0-51DDC6CAF839}
[2012/03/04 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{06CEBD63-5894-420F-A790-4841C12FF322}
[2012/03/03 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B0F8BA53-82FA-456B-8D5C-3D21D4BF0A4E}
[2012/03/03 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56E415DC-1D12-425E-942D-ABB148EA20E0}
[2012/03/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9F8B3527-75FA-4EF5-9A5F-A89207F84E26}
[2012/03/03 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2870CF32-B19C-4561-A02A-6C9C21F7AA5A}
[2012/03/02 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8B00BB2-4B79-4509-BB4B-047197D2C914}
[2012/03/02 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{66438647-0D7E-47C5-B684-6E55C49FE336}
[2012/03/02 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F7FB3D62-129F-40D3-8C63-605C8F76742B}
[2012/03/02 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{55D393CE-56E7-4EFA-8843-5EF1AC0A2E8F}
[2012/03/01 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DB6B9847-87D6-41A6-8109-4A878766590A}
[2012/03/01 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{ADF18C42-0DC2-4F4F-A5FC-88E1959E7C88}
[2012/03/01 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{25B9AF66-8746-48D2-9E87-8A41A140C8C9}
[2012/03/01 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{59A5C562-F56B-4FC7-9536-FE1231B474C7}
[2012/02/29 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3D9EE779-BDC2-49B3-8775-B35EBE536D87}
[2012/02/29 22:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D00A7E14-41A5-462A-A291-08A9302E4C62}
[2012/02/29 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DD44BEBE-374B-4DE5-8E12-9004AA2FF58F}
[2012/02/29 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AEEE5123-F9C2-4575-94E7-BC9760D55C09}
[2012/02/28 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F052E7B4-811D-4763-82FF-CB055C819000}
[2012/02/28 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{03FB6D89-68E4-4DC9-BD02-3C8BA6708585}
[2012/02/28 10:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8680DB8E-191A-4BC1-9A40-7197FD46C6E0}
[2012/02/28 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{870EC471-3B9E-46A4-B0AD-A3D89C4AC25B}
[2012/02/28 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C57D6908-30D4-488E-9855-D53221342FCA}
[2012/02/28 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4EEBAC6B-A8A2-4718-B24A-96C41B3B2861}
[2012/02/27 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E1E5CBC5-7AE6-4A9E-8085-63DDDA188FF8}
[2012/02/27 22:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BB644CEA-6660-41B6-877C-82025064FCC4}
[2012/02/27 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AF81D8A7-53B8-44F4-A3DC-E56DC7B1D720}
[2012/02/27 10:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1534E855-828E-415B-B1C4-7D01D84D93FB}
[2012/02/27 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A93F56C6-7AD9-4214-B4DD-23FE3AABAE60}
[2012/02/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4284D3C3-B15F-49B5-A746-0B7FDA135F09}
[2012/02/26 22:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{598EDA65-AAE9-4255-A68A-D553CD1CFEE1}
[2012/02/26 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F2D5A8B2-11C1-4D35-A283-761C794C02C9}
[2012/02/26 10:31:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{53EDCE4F-1E2E-44D8-9C2D-82BD841B8BC5}
[2012/02/26 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7B6970C9-7907-4C89-8CE5-B00C42D0D40F}
[2012/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{637525FC-A313-454E-AC46-B33C0FDD8E8D}
[2012/02/25 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47DBA8EF-915D-476D-8159-EB2041972CBB}
[2012/02/25 10:30:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8AA1E3EA-7821-42E0-AC51-61C2F4FC08D2}
[2012/02/25 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0FA9E63B-1970-46E6-B878-BAFCA24B1749}
[2012/02/24 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{69245EB5-92EA-466F-B51D-3B5E412825A2}
[2012/02/24 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1B3D25F2-574B-49CC-AA7F-B0C2EA9BA18F}
[2012/02/24 22:29:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47454996-FDD2-4F59-BCB5-D8ACF6118AC1}
[2012/02/24 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8739017-A74C-476D-9290-C2D0116677D8}
[2012/02/24 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{373B1F00-95DC-4569-B6CC-557364F1D769}
[2012/02/24 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D6934B6F-D8AA-48BC-814E-DF27C3E84851}
[2012/02/23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{624B2875-E203-4C91-AF01-AC2DB4034F3F}
[2012/02/23 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CCC2C4D5-66AF-4D81-81ED-A5682DDAF0FF}
[2012/02/23 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{483C105F-1237-46B6-B51D-8DE4A5510048}
[2012/02/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{060EF237-C6B0-4211-9947-AAEA35402837}
[2012/02/22 22:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F026EE2E-ACFF-4CE0-8FE1-B3D9DCBAC422}
[2012/02/22 22:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{89987609-1ABA-4820-9DAC-1A98E822CF99}
[2012/02/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3066D7D3-AD18-40B2-84C0-8DA623E9E0DE}
[2012/02/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2F1DFA78-E0B4-4683-9409-B19A376F8839}
[2012/02/22 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93E24A83-A69A-4CDA-B0EB-83BEE4470E71}
[2012/02/21 22:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BBE0B6F0-27C0-42C1-991F-124F525117A7}
[2012/02/21 22:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CB429DC1-4AA3-4482-92FA-7F73B408BA2D}
[2012/02/21 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{43ABE4DC-B3EE-4FE2-BA41-64BD408366BD}
[2012/02/21 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B854EB1A-B09C-4EC6-ADF2-4DD0DFF09642}
[2012/02/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9C0124C0-493D-486B-B916-5627D28DF910}
[2012/02/20 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B8E4C85D-0FCE-4F3A-907D-C977F4452852}
[2012/02/20 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BDC4E659-288E-439A-97B6-A228C2B0BBC5}
[2012/02/20 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{23700DB1-F1F7-42C2-B4D8-28864C0997DE}
[2012/02/19 22:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D490FDFF-7183-42F0-95D9-F195825BD4AD}
[2012/02/19 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B146AF4A-BE50-4D0B-9AF0-1F695EA2F611}
[2012/02/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{796F77A0-1A87-44E2-9407-8359DD4C0B34}
[2012/02/19 10:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85AF67EE-F7A1-4345-A531-AA4682B81EC8}
[2012/02/18 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{550DDE23-5670-4A7B-A4FF-ED3B2FF990F7}
[2012/02/18 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C2C3BEE6-E077-4A24-846F-F999FC50B058}
[2012/02/18 10:24:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{312F25AF-2138-459B-895B-352A1D9C7824}
[2012/02/18 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07AD92D9-BDC2-4ECB-B1A9-3CBAEE884D3A}
[2012/02/17 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C473D19F-F5E9-4790-A316-B964D7E69679}
[2012/02/17 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{68BC92AC-634A-4DB1-9DDE-7C17B3E83A1C}
[2012/02/17 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B15BD7B9-128C-41D7-A80E-A6BB346962A1}
[2012/02/17 10:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A6254115-7DD0-41C9-9858-32A8A82E4A66}
[2012/02/16 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{168C840D-9F92-41AD-8979-AD70B3AB1BD6}
[2012/02/16 22:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07187DED-F56B-48E3-9965-4FAE858102B0}
[2012/02/16 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CFDEAC7F-0282-47BB-BF03-C0E416C38D41}
[2012/02/16 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{545FEF53-ECD5-4B47-AC45-3308A1872DB1}
[2012/02/15 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{804ED3FA-2F52-4D95-9C4D-FFB70B130D06}
[2012/02/15 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3357032E-A854-49E7-92B0-573F8451DADC}
[2012/02/15 10:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC98BCC7-3C36-4C29-8D48-078C8FB866A6}
[2012/02/15 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3BDF7056-2A41-4A40-94F5-C113A8CE927B}
[2012/02/14 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8EF142D8-7093-4C0A-A8FE-EDFFD50AFF11}
[2012/02/14 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7A617C0A-F191-42AA-964E-2008058E386E}
[2012/02/14 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E93CE342-95D5-4407-895F-4AFFE7D23AA6}
[2012/02/14 10:21:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8586C08C-6F8F-48D3-8BC9-17FAEEAE1401}
[2012/02/13 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC32D965-2281-4442-BBD5-41BDE86ACAFB}
[2012/02/13 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{83D83199-B421-4F91-8B9C-88D88AD93304}
[2012/02/13 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B07A3993-88B4-440C-8B46-87D90A69C42F}
[2012/02/13 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{10333931-8E1E-4A97-AD1F-D3FD49371079}
[2012/02/12 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{007A83A4-3051-47A3-9082-8D8484130DDF}
[2012/02/12 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E5E42F10-493C-4E45-8A07-C96F050713AC}
[2012/02/12 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{486CB6CA-3FAE-4406-8183-D9FD43106267}
[2012/02/12 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{28410237-DF4A-44CF-B0AB-0457E277DD21}
[2012/02/12 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3785EB1A-61F7-400D-8421-572E36FE8ABD}
[2012/02/11 22:19:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3648F4B8-8D08-4C63-BA81-DEA8BDECCDA8}
[2012/02/11 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85535C0E-354A-4B82-B9A0-4A2939BC1DD6}
[2012/02/11 10:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F62037E3-3967-4DF0-8AAD-000838F1A7EF}
[2012/02/11 10:19:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DCC683CA-E069-4001-A374-BEFE363830CE}
[2012/02/10 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F8D83652-F52C-41C2-A039-EC8BA9A5E1F7}
[2012/02/10 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8F5412F7-6E4D-463A-8900-360471E85345}
[2012/02/10 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CA65FC17-77A9-4D4D-A3D9-A2C4B3966EB4}
[2012/02/10 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C8708C66-9218-4339-A43C-ECD44B59DF8F}
[2012/02/09 22:17:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{30783FCE-19A0-49D4-A896-D9A35A644928}
[2012/02/09 22:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9408E0AC-8211-4D23-A951-19EAF7B908BD}
[2012/02/09 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{39FB7CBE-19D2-4879-889D-D3B7A90C2718}
[2012/02/09 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{90575C32-7B38-4669-AAED-DC3E00FE04A9}
[2012/02/08 22:17:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4B48B1CD-8132-4A36-BEA4-61BE7D9A7F98}
[2012/02/08 22:16:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0B45A574-74C7-4829-8BEC-E11FBA5E300C}
[2012/02/08 16:05:07 | 001,331,272 | ---- | C] (Blue Coat Systems, Inc.) -- C:\Users\Jamie\Desktop\k9-webprotection.exe
[2012/02/08 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{36EC32FB-1343-4DEF-963E-E8231D3B04B7}
[2012/02/08 10:16:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{87C46AD6-DD68-4922-92F3-9000D2AF5C1D}
[2012/02/07 22:16:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2840FD44-D60C-4BBA-9815-64859D6FB3A5}
[2012/02/07 22:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0B04D7BD-E469-43CE-A879-9DC6F20AF69A}

========== Files - Modified Within 30 Days ==========

[2012/03/08 19:57:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 19:57:15 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 19:49:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 19:48:59 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 19:44:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/06 21:22:57 | 001,328,072 | ---- | M] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 18:25:08 | 004,427,148 | ---- | M] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 17:52:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:59 | 000,739,350 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/06 17:29:59 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 17:29:59 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 17:17:52 | 000,001,441 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/06 04:28:18 | 002,373,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/06 04:17:36 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:24 | 000,000,833 | ---- | M] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/05 09:27:37 | 000,980,480 | ---- | M] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/05 09:19:11 | 000,000,632 | RHS- | M] () -- C:\Users\Jamie\ntuser.pol
[2012/03/05 00:00:06 | 000,000,130 | ---- | M] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:46:23 | 008,116,368 | ---- | M] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:40:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:34:22 | 001,008,141 | ---- | M] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/03/04 19:30:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 16:47:20 | 000,435,366 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\host_new.old
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-160442.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-152418.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-001543.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-000049.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-235805.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-180734.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/26 16:54:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/26 15:56:41 | 002,565,641 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/20 20:02:41 | 003,418,866 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2012/02/12 09:04:21 | 000,002,048 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/08 16:40:46 | 009,666,560 | ---- | M] () -- C:\Users\Jamie\Desktop\f5d7050v5.exe
[2012/02/08 16:05:08 | 001,331,272 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Users\Jamie\Desktop\k9-webprotection.exe

========== Files Created - No Company Name ==========

[2012/03/06 21:22:57 | 001,328,072 | ---- | C] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 17:30:07 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:49 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:18 | 000,000,833 | ---- | C] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 09:11:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jamie\ntuser.pol
[2012/03/04 19:52:08 | 000,980,480 | ---- | C] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/04 19:51:15 | 000,000,130 | ---- | C] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:30:29 | 001,008,141 | ---- | C] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/02/29 19:05:30 | 002,565,641 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/26 16:54:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/20 20:03:39 | 003,418,866 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2012/02/08 16:40:20 | 009,666,560 | ---- | C] () -- C:\Users\Jamie\Desktop\f5d7050v5.exe
[2011/10/13 20:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/10 09:47:47 | 000,739,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 21:47:09 | 000,010,417 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\SmarThruOptions.xml
[2011/01/13 21:46:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011/01/13 21:46:50 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011/01/13 21:14:45 | 000,110,592 | ---- | C] () -- C:\Windows\WiaInst.exe
[2010/11/17 10:31:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/24 18:36:17 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/29 13:45:31 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/31 13:34:49 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
[2010/08/31 13:34:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/31 13:34:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/25 17:02:25 | 000,162,878 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\UserTile.png
[2010/05/13 19:47:56 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010/05/02 10:23:10 | 000,000,549 | ---- | C] () -- C:\Users\Jamie\AppData\Local\CastleLinkProps.dat
[2010/04/18 11:06:36 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 22:38:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/28 22:38:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/28 22:38:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/16 15:05:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010/09/15 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/03/24 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Command and Conquer 4
[2010/05/15 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\EVEMon
[2011/10/28 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\GetRightToGo
[2011/09/27 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\inkscape
[2011/08/04 16:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LolClient
[2010/09/19 10:21:38 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LucasArts
[2010/12/10 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mumble
[2011/11/14 11:47:56 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\OpenOffice.org
[2011/09/29 13:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Origin
[2012/03/07 03:15:42 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2011/12/16 14:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Raptr
[2011/01/13 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\SmarThru4
[2011/01/05 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Stellarium
[2011/12/29 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Systweak
[2011/05/26 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TS3Client
[2010/06/28 13:23:58 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Ubisoft
[2011/05/16 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\wargaming.net
[2010/11/03 09:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Windows Live Writer
[2012/03/05 22:16:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/25 22:05:19 | 000,000,000 | ---D | M](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
[2011/06/25 22:05:19 | 000,000,000 | ---D | C](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
(C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ

< End of report >



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 20:01:21
-----------------------------
20:01:21.525 OS Version: Windows x64 6.1.7601 Service Pack 1
20:01:21.525 Number of processors: 8 586 0x1A05
20:01:21.526 ComputerName: JAMIE-PC UserName: Jamie
20:01:22.446 Initialize success
20:02:13.853 AVAST engine defs: 12030800
20:02:35.895 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:02:35.897 Disk 0 Vendor: Hitachi_HDS721032CLA362 JPFOA39C Size: 305245MB BusType: 3
20:02:35.899 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
20:02:35.900 Disk 1 Vendor: Hitachi_HDS721025CLA382 JP1OA39C Size: 238475MB BusType: 3
20:02:35.907 Disk 1 MBR read successfully
20:02:35.909 Disk 1 MBR scan
20:02:35.912 Disk 1 Windows 7 default MBR code
20:02:35.914 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
20:02:35.923 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238373 MB offset 206848
20:02:35.943 Disk 1 scanning C:\Windows\system32\drivers
20:02:51.969 Service scanning
20:04:10.533 Modules scanning
20:04:10.538 Disk 1 trace - called modules:
20:04:10.885 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:04:10.889 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80066a9060]
20:04:10.893 3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> [0xfffffa800630f520]
20:04:10.896 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006311060]
20:04:13.037 AVAST engine scan C:\Windows
20:04:18.750 AVAST engine scan C:\Windows\system32
20:07:58.049 AVAST engine scan C:\Windows\system32\drivers
20:08:17.279 AVAST engine scan C:\Users\Jamie
20:12:46.317 Disk 1 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
20:12:46.322 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 20:13:07
-----------------------------
20:13:07.525 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:07.525 Number of processors: 8 586 0x1A05
20:13:07.526 ComputerName: JAMIE-PC UserName: Jamie
20:13:08.262 Initialize success
20:13:11.099 AVAST engine defs: 12030800
20:13:16.317 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:13:16.319 Disk 0 Vendor: Hitachi_HDS721032CLA362 JPFOA39C Size: 305245MB BusType: 3
20:13:16.321 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
20:13:16.322 Disk 1 Vendor: Hitachi_HDS721025CLA382 JP1OA39C Size: 238475MB BusType: 3
20:13:16.363 Disk 1 MBR read successfully
20:13:16.365 Disk 1 MBR scan
20:13:16.368 Disk 1 Windows 7 default MBR code
20:13:16.373 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
20:13:16.386 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238373 MB offset 206848
20:13:16.412 Disk 1 scanning C:\Windows\system32\drivers
20:13:32.499 Service scanning
20:14:40.872 Modules scanning
20:14:40.877 Disk 1 trace - called modules:
20:14:40.891 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:14:40.894 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80066a9060]
20:14:40.897 3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> [0xfffffa800630f520]
20:14:40.900 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006311060]
20:14:41.513 AVAST engine scan C:\Windows
20:14:45.244 AVAST engine scan C:\Windows\system32
20:18:07.411 AVAST engine scan C:\Windows\system32\drivers
20:18:25.951 AVAST engine scan C:\Users\Jamie
20:37:24.342 AVAST engine scan C:\ProgramData
20:40:02.268 Scan finished successfully
20:42:33.131 Disk 1 MBR has been saved successfully to "C:\Users\Jamie\Desktop\MBR.dat"
20:42:33.135 The log file has been saved successfully to "C:\Users\Jamie\Desktop\aswMBR.txt"


Thanks.
  • 0

#5
Nedklaw
Posted 10 March 2012 - 10:34 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button.
  • Attach the log it produces in your next reply.

Things I want to see in your next reply

  • OTL.txt
  • 0

#6
khameleon
Posted 11 March 2012 - 07:36 AM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 10/03/2012 22:45:38 - Run 4
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Jamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 61.58% Memory free
11.98 Gb Paging File | 9.68 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 44.81 Gb Free Space | 19.25% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 185.54 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/02/20 08:41:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/16 21:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2011/06/01 16:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 08:41:02 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 09:13:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 17:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/10 21:46:54 | 002,044,688 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 03:31:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2010/08/31 13:41:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/08/31 13:38:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/31 13:33:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/29 15:48:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/03 14:31:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/05 22:16:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/15 10:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/09/08 18:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 16:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 21:46:04 | 000,107,280 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/28 13:23:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/28 13:23:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/09 10:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/14 06:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV:64bit: - [2008/04/04 13:47:40 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH8000.sys -- (SaiH8000)
DRV:64bit: - [2008/04/04 13:33:32 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH353E.sys -- (SaiH353E)
DRV:64bit: - [2007/01/19 21:52:58 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/01/19 21:51:06 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 11 85 D2 1A C5 CA 01 [binary data]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{D9607377-A083-4FD0-8CA4-AC22E75F235D}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ukmandown....google.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/08/27 19:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 08:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 17:10:57 | 000,000,000 | ---D | M]

[2010/09/20 16:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2012/03/06 21:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions
[2012/02/29 15:21:54 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/06 21:38:12 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2011/11/13 16:00:16 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2012/03/04 07:49:56 | 000,001,210 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\searchplugins\search.xml
[2011/12/30 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\[email protected]
[2012/02/20 08:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 11:43:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 09:04:15 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 09:04:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:04:15 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 09:04:15 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 09:04:15 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/04 07:48:23 | 000,435,366 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14980 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...0/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975CD5B0-29A9-49C4-B66E-551EEB1BE85B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99811C9F-0B72-4670-85BC-D81F7B2B038A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9CD1F1-9097-4741-B44C-D648D676CB46}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4819418D-64DB-4E44-9ECC-38AC5F9F6BC1}
[2012/03/10 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{520152D5-349F-481B-84C4-657E41E202D2}
[2012/03/10 06:43:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{523FAA66-FDE8-4A24-A33F-49306FE31424}
[2012/03/10 06:43:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{71DBA18A-573F-48CB-81E2-97F68C929BCB}
[2012/03/09 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93C97F93-04D0-4E2B-A297-5AC2FBFBECCD}
[2012/03/09 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{10264BA1-24F9-4155-8E5E-59AA05737D4C}
[2012/03/09 06:42:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DCB0C121-6B1B-4B85-AA1F-5CC180998FB1}
[2012/03/09 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{278B9F08-447C-4E9B-B181-9B7A320FDF61}
[2012/03/08 19:45:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/08 19:44:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/08 19:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/03/08 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8E8F1461-049A-444F-8032-E7CC5FC5CBC7}
[2012/03/08 18:41:53 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F504E88A-D92B-402C-A36F-AD7A0E64C97F}
[2012/03/08 06:41:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{252F4BA6-AEDF-49BC-8713-4233FCF213A7}
[2012/03/08 06:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{6301728D-9E93-4359-880C-F34A596DACD5}
[2012/03/07 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47EE98C5-2493-4112-AD78-1BD73E8DC6EC}
[2012/03/07 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56C238D6-43C4-4F32-AE95-ABC2009733FF}
[2012/03/07 06:40:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D376FA6A-F283-4020-B1C6-859311FFDD96}
[2012/03/07 06:40:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{32A15D09-98E2-4F41-9AC5-E5329F77AF8D}
[2012/03/07 06:40:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{75B6CD19-8FE4-45A2-B315-89D723316847}
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/03/06 21:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/03/06 21:23:27 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/03/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/03/06 18:24:57 | 004,427,148 | ---- | C] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 18:01:52 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/06 17:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/06 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/06 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9897FC06-128D-47B1-9834-401E52F9F1AA}
[2012/03/06 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96AC7C9A-2EEC-4B14-9FDE-E611CC52AA46}
[2012/03/05 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A0199840-84F4-4984-BF9B-5991F3C93D9B}
[2012/03/05 22:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7C28ADD2-760D-476D-9E02-7BA025C587BD}
[2012/03/05 22:37:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/05 22:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/03/05 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A18CE8A7-108E-4431-90A7-65DCE281DA56}
[2012/03/05 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96531FAB-80FA-4738-94E0-02C9519C2B6B}
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/03/04 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3E17818C-14CA-4BC7-83C2-B5F4221C6205}
[2012/03/04 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3CFD0327-E254-4487-87C1-651D57628193}
[2012/03/04 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/04 19:46:15 | 008,116,368 | ---- | C] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/04 19:41:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 19:40:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:30:29 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{830AE76B-5977-4F7B-B2F0-51DDC6CAF839}
[2012/03/04 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{06CEBD63-5894-420F-A790-4841C12FF322}
[2012/03/03 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B0F8BA53-82FA-456B-8D5C-3D21D4BF0A4E}
[2012/03/03 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56E415DC-1D12-425E-942D-ABB148EA20E0}
[2012/03/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9F8B3527-75FA-4EF5-9A5F-A89207F84E26}
[2012/03/03 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2870CF32-B19C-4561-A02A-6C9C21F7AA5A}
[2012/03/02 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8B00BB2-4B79-4509-BB4B-047197D2C914}
[2012/03/02 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{66438647-0D7E-47C5-B684-6E55C49FE336}
[2012/03/02 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F7FB3D62-129F-40D3-8C63-605C8F76742B}
[2012/03/02 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{55D393CE-56E7-4EFA-8843-5EF1AC0A2E8F}
[2012/03/01 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DB6B9847-87D6-41A6-8109-4A878766590A}
[2012/03/01 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{ADF18C42-0DC2-4F4F-A5FC-88E1959E7C88}
[2012/03/01 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{25B9AF66-8746-48D2-9E87-8A41A140C8C9}
[2012/03/01 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{59A5C562-F56B-4FC7-9536-FE1231B474C7}
[2012/02/29 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3D9EE779-BDC2-49B3-8775-B35EBE536D87}
[2012/02/29 22:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D00A7E14-41A5-462A-A291-08A9302E4C62}
[2012/02/29 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DD44BEBE-374B-4DE5-8E12-9004AA2FF58F}
[2012/02/29 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AEEE5123-F9C2-4575-94E7-BC9760D55C09}
[2012/02/28 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F052E7B4-811D-4763-82FF-CB055C819000}
[2012/02/28 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{03FB6D89-68E4-4DC9-BD02-3C8BA6708585}
[2012/02/28 10:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8680DB8E-191A-4BC1-9A40-7197FD46C6E0}
[2012/02/28 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{870EC471-3B9E-46A4-B0AD-A3D89C4AC25B}
[2012/02/28 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C57D6908-30D4-488E-9855-D53221342FCA}
[2012/02/28 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4EEBAC6B-A8A2-4718-B24A-96C41B3B2861}
[2012/02/27 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E1E5CBC5-7AE6-4A9E-8085-63DDDA188FF8}
[2012/02/27 22:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BB644CEA-6660-41B6-877C-82025064FCC4}
[2012/02/27 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AF81D8A7-53B8-44F4-A3DC-E56DC7B1D720}
[2012/02/27 10:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1534E855-828E-415B-B1C4-7D01D84D93FB}
[2012/02/27 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A93F56C6-7AD9-4214-B4DD-23FE3AABAE60}
[2012/02/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4284D3C3-B15F-49B5-A746-0B7FDA135F09}
[2012/02/26 22:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{598EDA65-AAE9-4255-A68A-D553CD1CFEE1}
[2012/02/26 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F2D5A8B2-11C1-4D35-A283-761C794C02C9}
[2012/02/26 10:31:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{53EDCE4F-1E2E-44D8-9C2D-82BD841B8BC5}
[2012/02/26 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7B6970C9-7907-4C89-8CE5-B00C42D0D40F}
[2012/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{637525FC-A313-454E-AC46-B33C0FDD8E8D}
[2012/02/25 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47DBA8EF-915D-476D-8159-EB2041972CBB}
[2012/02/25 10:30:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8AA1E3EA-7821-42E0-AC51-61C2F4FC08D2}
[2012/02/25 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0FA9E63B-1970-46E6-B878-BAFCA24B1749}
[2012/02/24 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{69245EB5-92EA-466F-B51D-3B5E412825A2}
[2012/02/24 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1B3D25F2-574B-49CC-AA7F-B0C2EA9BA18F}
[2012/02/24 22:29:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47454996-FDD2-4F59-BCB5-D8ACF6118AC1}
[2012/02/24 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8739017-A74C-476D-9290-C2D0116677D8}
[2012/02/24 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{373B1F00-95DC-4569-B6CC-557364F1D769}
[2012/02/24 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D6934B6F-D8AA-48BC-814E-DF27C3E84851}
[2012/02/23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{624B2875-E203-4C91-AF01-AC2DB4034F3F}
[2012/02/23 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CCC2C4D5-66AF-4D81-81ED-A5682DDAF0FF}
[2012/02/23 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{483C105F-1237-46B6-B51D-8DE4A5510048}
[2012/02/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{060EF237-C6B0-4211-9947-AAEA35402837}
[2012/02/22 22:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F026EE2E-ACFF-4CE0-8FE1-B3D9DCBAC422}
[2012/02/22 22:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{89987609-1ABA-4820-9DAC-1A98E822CF99}
[2012/02/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3066D7D3-AD18-40B2-84C0-8DA623E9E0DE}
[2012/02/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2F1DFA78-E0B4-4683-9409-B19A376F8839}
[2012/02/22 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93E24A83-A69A-4CDA-B0EB-83BEE4470E71}
[2012/02/21 22:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BBE0B6F0-27C0-42C1-991F-124F525117A7}
[2012/02/21 22:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CB429DC1-4AA3-4482-92FA-7F73B408BA2D}
[2012/02/21 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{43ABE4DC-B3EE-4FE2-BA41-64BD408366BD}
[2012/02/21 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B854EB1A-B09C-4EC6-ADF2-4DD0DFF09642}
[2012/02/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9C0124C0-493D-486B-B916-5627D28DF910}
[2012/02/20 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B8E4C85D-0FCE-4F3A-907D-C977F4452852}
[2012/02/20 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BDC4E659-288E-439A-97B6-A228C2B0BBC5}
[2012/02/20 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{23700DB1-F1F7-42C2-B4D8-28864C0997DE}
[2012/02/19 22:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D490FDFF-7183-42F0-95D9-F195825BD4AD}
[2012/02/19 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B146AF4A-BE50-4D0B-9AF0-1F695EA2F611}
[2012/02/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{796F77A0-1A87-44E2-9407-8359DD4C0B34}
[2012/02/19 10:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85AF67EE-F7A1-4345-A531-AA4682B81EC8}
[2012/02/18 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{550DDE23-5670-4A7B-A4FF-ED3B2FF990F7}
[2012/02/18 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C2C3BEE6-E077-4A24-846F-F999FC50B058}
[2012/02/18 10:24:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{312F25AF-2138-459B-895B-352A1D9C7824}
[2012/02/18 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07AD92D9-BDC2-4ECB-B1A9-3CBAEE884D3A}
[2012/02/17 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C473D19F-F5E9-4790-A316-B964D7E69679}
[2012/02/17 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{68BC92AC-634A-4DB1-9DDE-7C17B3E83A1C}
[2012/02/17 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B15BD7B9-128C-41D7-A80E-A6BB346962A1}
[2012/02/17 10:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A6254115-7DD0-41C9-9858-32A8A82E4A66}
[2012/02/16 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{168C840D-9F92-41AD-8979-AD70B3AB1BD6}
[2012/02/16 22:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{07187DED-F56B-48E3-9965-4FAE858102B0}
[2012/02/16 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CFDEAC7F-0282-47BB-BF03-C0E416C38D41}
[2012/02/16 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{545FEF53-ECD5-4B47-AC45-3308A1872DB1}
[2012/02/15 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{804ED3FA-2F52-4D95-9C4D-FFB70B130D06}
[2012/02/15 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3357032E-A854-49E7-92B0-573F8451DADC}
[2012/02/15 10:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC98BCC7-3C36-4C29-8D48-078C8FB866A6}
[2012/02/15 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3BDF7056-2A41-4A40-94F5-C113A8CE927B}
[2012/02/14 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8EF142D8-7093-4C0A-A8FE-EDFFD50AFF11}
[2012/02/14 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7A617C0A-F191-42AA-964E-2008058E386E}
[2012/02/14 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E93CE342-95D5-4407-895F-4AFFE7D23AA6}
[2012/02/14 10:21:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8586C08C-6F8F-48D3-8BC9-17FAEEAE1401}
[2012/02/13 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC32D965-2281-4442-BBD5-41BDE86ACAFB}
[2012/02/13 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{83D83199-B421-4F91-8B9C-88D88AD93304}
[2012/02/13 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B07A3993-88B4-440C-8B46-87D90A69C42F}
[2012/02/13 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{10333931-8E1E-4A97-AD1F-D3FD49371079}
[2012/02/12 22:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{007A83A4-3051-47A3-9082-8D8484130DDF}
[2012/02/12 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E5E42F10-493C-4E45-8A07-C96F050713AC}
[2012/02/12 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{486CB6CA-3FAE-4406-8183-D9FD43106267}
[2012/02/12 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{28410237-DF4A-44CF-B0AB-0457E277DD21}
[2012/02/12 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3785EB1A-61F7-400D-8421-572E36FE8ABD}
[2012/02/11 22:19:37 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3648F4B8-8D08-4C63-BA81-DEA8BDECCDA8}
[2012/02/11 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85535C0E-354A-4B82-B9A0-4A2939BC1DD6}
[2012/02/11 10:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F62037E3-3967-4DF0-8AAD-000838F1A7EF}
[2012/02/11 10:19:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DCC683CA-E069-4001-A374-BEFE363830CE}
[2012/02/10 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F8D83652-F52C-41C2-A039-EC8BA9A5E1F7}
[2012/02/10 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8F5412F7-6E4D-463A-8900-360471E85345}
[2012/02/10 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CA65FC17-77A9-4D4D-A3D9-A2C4B3966EB4}
[2012/02/10 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C8708C66-9218-4339-A43C-ECD44B59DF8F}

========== Files - Modified Within 30 Days ==========

[2012/03/08 21:52:51 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 21:52:51 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 21:43:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 21:42:21 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 20:42:33 | 000,000,512 | ---- | M] () -- C:\Users\Jamie\Desktop\MBR.dat
[2012/03/08 19:44:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/06 21:22:57 | 001,328,072 | ---- | M] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 18:25:08 | 004,427,148 | ---- | M] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 17:52:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:59 | 000,739,350 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/06 17:29:59 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 17:29:59 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 17:17:52 | 000,001,441 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/06 04:28:18 | 002,373,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/06 04:17:36 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:24 | 000,000,833 | ---- | M] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/05 09:27:37 | 000,980,480 | ---- | M] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/05 09:19:11 | 000,000,632 | RHS- | M] () -- C:\Users\Jamie\ntuser.pol
[2012/03/05 00:00:06 | 000,000,130 | ---- | M] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:46:23 | 008,116,368 | ---- | M] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:40:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:34:22 | 001,008,141 | ---- | M] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/03/04 19:30:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 16:47:20 | 000,435,366 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\host_new.old
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-160442.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-152418.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-001543.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-000049.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-235805.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-180734.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/26 16:54:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/26 15:56:41 | 002,565,641 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/20 20:02:41 | 003,418,866 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2012/02/12 09:04:21 | 000,002,048 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/03/08 20:12:46 | 000,000,512 | ---- | C] () -- C:\Users\Jamie\Desktop\MBR.dat
[2012/03/06 21:22:57 | 001,328,072 | ---- | C] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 17:30:07 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:49 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:18 | 000,000,833 | ---- | C] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 09:11:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jamie\ntuser.pol
[2012/03/04 19:52:08 | 000,980,480 | ---- | C] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/04 19:51:15 | 000,000,130 | ---- | C] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:30:29 | 001,008,141 | ---- | C] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/02/29 19:05:30 | 002,565,641 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/26 16:54:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/20 20:03:39 | 003,418,866 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2011/10/13 20:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/10 09:47:47 | 000,739,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 21:47:09 | 000,010,417 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\SmarThruOptions.xml
[2011/01/13 21:46:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011/01/13 21:46:50 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011/01/13 21:14:45 | 000,110,592 | ---- | C] () -- C:\Windows\WiaInst.exe
[2010/11/17 10:31:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/24 18:36:17 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/29 13:45:31 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/31 13:34:49 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
[2010/08/31 13:34:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/31 13:34:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/25 17:02:25 | 000,162,878 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\UserTile.png
[2010/05/13 19:47:56 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010/05/02 10:23:10 | 000,000,549 | ---- | C] () -- C:\Users\Jamie\AppData\Local\CastleLinkProps.dat
[2010/04/18 11:06:36 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 22:38:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/28 22:38:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/28 22:38:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/16 15:05:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010/09/15 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/03/24 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Command and Conquer 4
[2010/05/15 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\EVEMon
[2011/10/28 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\GetRightToGo
[2011/09/27 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\inkscape
[2011/08/04 16:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LolClient
[2010/09/19 10:21:38 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LucasArts
[2010/12/10 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mumble
[2011/11/14 11:47:56 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\OpenOffice.org
[2011/09/29 13:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Origin
[2012/03/07 03:15:42 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2011/12/16 14:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Raptr
[2011/01/13 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\SmarThru4
[2011/01/05 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Stellarium
[2011/12/29 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Systweak
[2011/05/26 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TS3Client
[2010/06/28 13:23:58 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Ubisoft
[2011/05/16 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\wargaming.net
[2010/11/03 09:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Windows Live Writer
[2012/03/05 22:16:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/25 22:05:19 | 000,000,000 | ---D | M](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
[2011/06/25 22:05:19 | 000,000,000 | ---D | C](C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ
(C:\Users\Jamie\AppData\Local\???__?????) -- C:\Users\Jamie\AppData\Local\†††__††††ˆ

< End of report >
  • 0

#7
Nedklaw
Posted 11 March 2012 - 09:57 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Please can you attach the log instead of posting it because the forum's software doesn't fair well with Unicode characters.

You can attach the log by:
  • Click Browse (under the reply window under Attachments).
  • Find the OTL.txt file and then click Open.
  • Click Attach This File.
  • Finally, click on Add to Post.

  • 0

#8
khameleon
Posted 11 March 2012 - 11:25 AM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
there you go sorry about that

Attached Files

  • Attached File  OTL.Txt   118.09KB   87 downloads

  • 0

#9
Nedklaw
Posted 12 March 2012 - 01:20 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

  • Save this file to your desktop: Attached File  fix.txt   1.73KB   91 downloads
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

#10
khameleon
Posted 13 March 2012 - 11:59 AM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
there you go

Attached Files


  • 0

Advertisements

#11
Nedklaw
Posted 14 March 2012 - 09:53 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • MBAM Log
  • log.txt
  • 0

#12
NeonFx
Posted 18 March 2012 - 05:52 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#13
Nedklaw
Posted 19 March 2012 - 01:06 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Please follow the instructions in my previous post and we can continue from their.
  • 0

#14
khameleon
Posted 19 March 2012 - 01:36 PM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Nedklaw

Sorry for the delay. Everything has been fine as far as I can tell, there has been no redirects from google or anywhere else. My system and apps are all running fine too.

I may have spoken to soon... Malwarebytes ran fine and picked up nothing, however ESET scanner will not run as it claims 'Can not get update. Is proxy configured?' me being me I dont know how to fix this sorry :(




Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jamie :: JAMIE-PC [administrator]

Protection: Disabled

19/03/2012 15:20:15
mbam-log-2012-03-19 (15-20-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209569
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files


Edited by khameleon, 19 March 2012 - 01:38 PM.

  • 0

#15
Nedklaw
Posted 19 March 2012 - 02:03 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP