Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

problems with redirects after removing strong malware defender [Closed

Started by khameleon , Mar 06 2012 12:46 PM

  • This topic is locked This topic is locked

#16
khameleon
Posted 19 March 2012 - 04:01 PM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 19/03/2012 21:54:35 - Run 6
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Jamie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 44.65% Memory free
11.98 Gb Paging File | 8.47 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 42.32 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 177.07 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 222.91 Gb Free Space | 74.80% Space Free | Partition Type: FAT32

Computer Name: JAMIE-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/02/20 08:41:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/16 21:05:30 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
PRC - [2011/01/31 08:44:46 | 000,353,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/04/03 14:31:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/23 22:08:54 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
PRC - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 08:41:02 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 09:13:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007/03/21 19:53:00 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\QuickTimeGlue.dll
MOD - [2007/03/21 19:52:52 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 17:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/10 21:46:54 | 002,044,688 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 03:31:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 15:58:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/09 09:44:52 | 000,048,128 | ---- | M] (FS) [Auto | Running] -- C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe -- (SpyroService)
SRV - [2010/08/31 13:41:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/08/31 13:38:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/31 13:33:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/29 15:48:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/03 14:31:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 03:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/05 22:16:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/15 10:14:02 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/09/08 18:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 16:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 21:46:04 | 000,107,280 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 09:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/28 13:23:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/28 13:23:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/09 10:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/14 06:48:33 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV:64bit: - [2008/04/04 13:47:40 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH8000.sys -- (SaiH8000)
DRV:64bit: - [2008/04/04 13:33:32 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH353E.sys -- (SaiH353E)
DRV:64bit: - [2007/01/19 21:52:58 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/01/19 21:51:06 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 11 85 D2 1A C5 CA 01 [binary data]
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\..\SearchScopes\{D9607377-A083-4FD0-8CA4-AC22E75F235D}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ukmandown....google.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/08/27 19:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 08:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 17:10:57 | 000,000,000 | ---D | M]

[2010/09/20 16:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2012/03/14 07:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions
[2012/03/14 07:58:38 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/06 21:38:12 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2011/11/13 16:00:16 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\extensions\[email protected]
[2012/03/04 07:49:56 | 000,001,210 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\searchplugins\search.xml
[2011/12/30 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GZ6X09T.DEFAULT\EXTENSIONS\[email protected]
[2012/02/20 08:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 11:43:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 09:04:15 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 09:04:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 09:04:15 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 09:04:15 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 09:04:15 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/04 07:48:23 | 000,435,366 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14980 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1794836138-3686742117-3972407047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...0/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975CD5B0-29A9-49C4-B66E-551EEB1BE85B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99811C9F-0B72-4670-85BC-D81F7B2B038A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9CD1F1-9097-4741-B44C-D648D676CB46}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BF402836-C549-43A9-903F-A0739D5A0BF5}
[2012/03/19 17:23:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{71253BDA-E97F-4436-AB30-2574A96AAC9C}
[2012/03/19 15:30:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jamie\Desktop\esetsmartinstaller_enu.exe
[2012/03/19 15:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/19 05:23:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A54C7FCF-6605-49A2-B211-D2041B47A29D}
[2012/03/19 05:23:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DA2E6B68-9AB2-4282-85B4-31110161B540}
[2012/03/19 05:22:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{13861CFA-4761-4EDB-A9B5-60288F65AF55}
[2012/03/19 05:22:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{308C08B6-54DD-4556-8B31-220A46350EDA}
[2012/03/18 17:22:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F72BCB3F-3978-41C4-AA05-6B076FB7A75C}
[2012/03/18 17:22:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1AD0481B-982C-46A4-8883-6A3F6E4C0B7A}
[2012/03/18 05:22:06 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BDDCF870-6E90-45CE-BC60-4D1EDBCC5E7F}
[2012/03/18 05:21:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{FE3B2C5D-429B-486B-B605-AD8B3451E307}
[2012/03/17 17:21:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{81B5B5CB-98D2-42D8-87E8-456924625669}
[2012/03/17 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9C5F8578-3DC2-4259-959C-B3A738EBD73F}
[2012/03/17 06:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/03/17 05:21:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{45EDEEF4-CD22-4A25-A521-DA5078AF6DD7}
[2012/03/17 05:21:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C9D7263F-E7A4-418B-AFDD-BA69E06B32BF}
[2012/03/16 17:20:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{EC5BF144-9FD7-4FAB-B75B-2E1731A1B4FA}
[2012/03/16 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DDE84809-0C20-47FB-BAB1-C3E981AAC479}
[2012/03/16 16:12:24 | 007,336,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Jamie\Desktop\Diablo-III-8370-enGB-Installer-downloader.exe
[2012/03/16 16:11:38 | 007,336,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Jamie\Desktop\Diablo-III-8370-enGB-Installer-downloader.exe.part
[2012/03/16 05:20:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1D31EFAF-148E-4F8C-A7AA-02B5F2915B11}
[2012/03/16 05:20:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B5E84717-821E-4E94-9B1D-78F0CA7761E9}
[2012/03/15 18:26:37 | 035,746,429 | ---- | C] (inkscape.org) -- C:\Users\Jamie\Desktop\Inkscape-0.48.2-1-win32.exe
[2012/03/15 17:20:06 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{27DEE4A0-9F42-401C-8628-3D22B417B6BA}
[2012/03/15 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{474126FC-E924-463B-981D-FA418429BA08}
[2012/03/15 17:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{35EA7A8D-92A0-4E71-995A-B4CE2DA9AEBF}
[2012/03/14 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C4467A5F-EA9A-456A-9498-A286EDC9E411}
[2012/03/14 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{913FB582-6AA9-4619-9E8C-E2FAB881752C}
[2012/03/14 07:58:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B664646D-4881-433B-A325-DE4285F6A311}
[2012/03/14 07:58:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4CD6CB09-FD5E-4089-865D-9E3B2EAD4230}
[2012/03/14 07:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E087111E-440E-45BA-B869-2D5324E9442E}
[2012/03/13 18:46:26 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47B10FE5-8C30-49E8-991B-3C7E33DD9FEF}
[2012/03/13 18:46:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2CDE109D-2E72-43C8-AA71-D5BA8E824683}
[2012/03/13 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AC911E7A-0EC9-4E6C-A945-BE3B79D3DA9A}
[2012/03/13 18:45:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{717EB3B6-A1CD-4AC2-8128-F03D3916BA8C}
[2012/03/13 06:45:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1D69AF32-FD19-42AF-AB50-904A57DB266B}
[2012/03/13 06:45:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BEF9B47C-1CC2-4E57-BA0B-BACF55098A1E}
[2012/03/12 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4EA3496A-767F-43AE-9C61-3683A416050F}
[2012/03/12 18:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{88B824E7-817E-4ED6-9DE0-9F471BA094D3}
[2012/03/12 06:44:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{02E32C02-7E0D-4E66-9A15-CDCF95EF6167}
[2012/03/12 06:44:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93603537-718E-4BBF-9D5C-7798517ED9BF}
[2012/03/11 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{03BB3D48-9852-4E39-A042-611AE280CC0F}
[2012/03/11 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E806F60F-C99C-4C77-920B-2BC083C461F6}
[2012/03/11 06:44:06 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{5114AD47-0B9A-410D-9523-A0293D189018}
[2012/03/11 06:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{FA1D9271-EB2C-4F44-A8BB-BBEFAC1B67BC}
[2012/03/10 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4819418D-64DB-4E44-9ECC-38AC5F9F6BC1}
[2012/03/10 18:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{520152D5-349F-481B-84C4-657E41E202D2}
[2012/03/10 06:43:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{523FAA66-FDE8-4A24-A33F-49306FE31424}
[2012/03/10 06:43:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{71DBA18A-573F-48CB-81E2-97F68C929BCB}
[2012/03/09 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93C97F93-04D0-4E2B-A297-5AC2FBFBECCD}
[2012/03/09 18:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{10264BA1-24F9-4155-8E5E-59AA05737D4C}
[2012/03/09 06:42:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DCB0C121-6B1B-4B85-AA1F-5CC180998FB1}
[2012/03/09 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{278B9F08-447C-4E9B-B181-9B7A320FDF61}
[2012/03/08 19:45:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/08 19:44:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/08 19:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/03/08 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8E8F1461-049A-444F-8032-E7CC5FC5CBC7}
[2012/03/08 18:41:53 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F504E88A-D92B-402C-A36F-AD7A0E64C97F}
[2012/03/08 06:41:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{252F4BA6-AEDF-49BC-8713-4233FCF213A7}
[2012/03/08 06:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{6301728D-9E93-4359-880C-F34A596DACD5}
[2012/03/07 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47EE98C5-2493-4112-AD78-1BD73E8DC6EC}
[2012/03/07 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56C238D6-43C4-4F32-AE95-ABC2009733FF}
[2012/03/07 06:40:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D376FA6A-F283-4020-B1C6-859311FFDD96}
[2012/03/07 06:40:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{32A15D09-98E2-4F41-9AC5-E5329F77AF8D}
[2012/03/07 06:40:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{75B6CD19-8FE4-45A2-B315-89D723316847}
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2012/03/07 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/03/06 21:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/03/06 21:23:27 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/03/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/03/06 18:24:57 | 004,427,148 | ---- | C] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 18:01:52 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/06 17:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/06 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/06 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9897FC06-128D-47B1-9834-401E52F9F1AA}
[2012/03/06 17:18:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96AC7C9A-2EEC-4B14-9FDE-E611CC52AA46}
[2012/03/05 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A0199840-84F4-4984-BF9B-5991F3C93D9B}
[2012/03/05 22:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7C28ADD2-760D-476D-9E02-7BA025C587BD}
[2012/03/05 22:37:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/05 22:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/03/05 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A18CE8A7-108E-4431-90A7-65DCE281DA56}
[2012/03/05 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{96531FAB-80FA-4738-94E0-02C9519C2B6B}
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2012/03/05 09:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/03/04 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3E17818C-14CA-4BC7-83C2-B5F4221C6205}
[2012/03/04 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3CFD0327-E254-4487-87C1-651D57628193}
[2012/03/04 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/04 19:46:15 | 008,116,368 | ---- | C] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/04 19:41:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 19:40:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:30:29 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{830AE76B-5977-4F7B-B2F0-51DDC6CAF839}
[2012/03/04 10:37:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{06CEBD63-5894-420F-A790-4841C12FF322}
[2012/03/03 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B0F8BA53-82FA-456B-8D5C-3D21D4BF0A4E}
[2012/03/03 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{56E415DC-1D12-425E-942D-ABB148EA20E0}
[2012/03/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9F8B3527-75FA-4EF5-9A5F-A89207F84E26}
[2012/03/03 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2870CF32-B19C-4561-A02A-6C9C21F7AA5A}
[2012/03/02 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8B00BB2-4B79-4509-BB4B-047197D2C914}
[2012/03/02 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{66438647-0D7E-47C5-B684-6E55C49FE336}
[2012/03/02 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F7FB3D62-129F-40D3-8C63-605C8F76742B}
[2012/03/02 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{55D393CE-56E7-4EFA-8843-5EF1AC0A2E8F}
[2012/03/01 22:35:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DB6B9847-87D6-41A6-8109-4A878766590A}
[2012/03/01 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{ADF18C42-0DC2-4F4F-A5FC-88E1959E7C88}
[2012/03/01 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{25B9AF66-8746-48D2-9E87-8A41A140C8C9}
[2012/03/01 10:35:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{59A5C562-F56B-4FC7-9536-FE1231B474C7}
[2012/02/29 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3D9EE779-BDC2-49B3-8775-B35EBE536D87}
[2012/02/29 22:34:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D00A7E14-41A5-462A-A291-08A9302E4C62}
[2012/02/29 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{DD44BEBE-374B-4DE5-8E12-9004AA2FF58F}
[2012/02/29 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AEEE5123-F9C2-4575-94E7-BC9760D55C09}
[2012/02/28 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F052E7B4-811D-4763-82FF-CB055C819000}
[2012/02/28 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{03FB6D89-68E4-4DC9-BD02-3C8BA6708585}
[2012/02/28 10:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8680DB8E-191A-4BC1-9A40-7197FD46C6E0}
[2012/02/28 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{870EC471-3B9E-46A4-B0AD-A3D89C4AC25B}
[2012/02/28 10:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C57D6908-30D4-488E-9855-D53221342FCA}
[2012/02/28 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4EEBAC6B-A8A2-4718-B24A-96C41B3B2861}
[2012/02/27 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{E1E5CBC5-7AE6-4A9E-8085-63DDDA188FF8}
[2012/02/27 22:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BB644CEA-6660-41B6-877C-82025064FCC4}
[2012/02/27 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{AF81D8A7-53B8-44F4-A3DC-E56DC7B1D720}
[2012/02/27 10:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1534E855-828E-415B-B1C4-7D01D84D93FB}
[2012/02/27 10:32:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A93F56C6-7AD9-4214-B4DD-23FE3AABAE60}
[2012/02/26 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{4284D3C3-B15F-49B5-A746-0B7FDA135F09}
[2012/02/26 22:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{598EDA65-AAE9-4255-A68A-D553CD1CFEE1}
[2012/02/26 10:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F2D5A8B2-11C1-4D35-A283-761C794C02C9}
[2012/02/26 10:31:22 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{53EDCE4F-1E2E-44D8-9C2D-82BD841B8BC5}
[2012/02/26 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{7B6970C9-7907-4C89-8CE5-B00C42D0D40F}
[2012/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{637525FC-A313-454E-AC46-B33C0FDD8E8D}
[2012/02/25 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47DBA8EF-915D-476D-8159-EB2041972CBB}
[2012/02/25 10:30:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{8AA1E3EA-7821-42E0-AC51-61C2F4FC08D2}
[2012/02/25 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{0FA9E63B-1970-46E6-B878-BAFCA24B1749}
[2012/02/24 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{69245EB5-92EA-466F-B51D-3B5E412825A2}
[2012/02/24 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{1B3D25F2-574B-49CC-AA7F-B0C2EA9BA18F}
[2012/02/24 22:29:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{47454996-FDD2-4F59-BCB5-D8ACF6118AC1}
[2012/02/24 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{A8739017-A74C-476D-9290-C2D0116677D8}
[2012/02/24 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{373B1F00-95DC-4569-B6CC-557364F1D769}
[2012/02/24 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D6934B6F-D8AA-48BC-814E-DF27C3E84851}
[2012/02/23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{624B2875-E203-4C91-AF01-AC2DB4034F3F}
[2012/02/23 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CCC2C4D5-66AF-4D81-81ED-A5682DDAF0FF}
[2012/02/23 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{483C105F-1237-46B6-B51D-8DE4A5510048}
[2012/02/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{060EF237-C6B0-4211-9947-AAEA35402837}
[2012/02/22 22:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{F026EE2E-ACFF-4CE0-8FE1-B3D9DCBAC422}
[2012/02/22 22:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{89987609-1ABA-4820-9DAC-1A98E822CF99}
[2012/02/22 22:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{3066D7D3-AD18-40B2-84C0-8DA623E9E0DE}
[2012/02/22 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{2F1DFA78-E0B4-4683-9409-B19A376F8839}
[2012/02/22 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{93E24A83-A69A-4CDA-B0EB-83BEE4470E71}
[2012/02/21 22:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BBE0B6F0-27C0-42C1-991F-124F525117A7}
[2012/02/21 22:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{CB429DC1-4AA3-4482-92FA-7F73B408BA2D}
[2012/02/21 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{43ABE4DC-B3EE-4FE2-BA41-64BD408366BD}
[2012/02/21 10:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B854EB1A-B09C-4EC6-ADF2-4DD0DFF09642}
[2012/02/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{9C0124C0-493D-486B-B916-5627D28DF910}
[2012/02/20 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B8E4C85D-0FCE-4F3A-907D-C977F4452852}
[2012/02/20 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{BDC4E659-288E-439A-97B6-A228C2B0BBC5}
[2012/02/20 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{23700DB1-F1F7-42C2-B4D8-28864C0997DE}
[2012/02/19 22:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{D490FDFF-7183-42F0-95D9-F195825BD4AD}
[2012/02/19 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{B146AF4A-BE50-4D0B-9AF0-1F695EA2F611}
[2012/02/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{796F77A0-1A87-44E2-9407-8359DD4C0B34}
[2012/02/19 10:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{85AF67EE-F7A1-4345-A531-AA4682B81EC8}
[2012/02/18 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{550DDE23-5670-4A7B-A4FF-ED3B2FF990F7}
[2012/02/18 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\{C2C3BEE6-E077-4A24-846F-F999FC50B058}

========== Files - Modified Within 30 Days ==========

[2012/03/19 19:53:38 | 000,051,057 | ---- | M] () -- C:\Users\Jamie\Desktop\Cormorant_Watch.jpg
[2012/03/19 19:51:46 | 000,454,487 | ---- | M] () -- C:\Users\Jamie\Desktop\AnglingTrustCormorant_Watch_A4ForPrinting.pdf
[2012/03/19 16:10:00 | 000,010,417 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\SmarThruOptions.xml
[2012/03/19 15:30:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jamie\Desktop\esetsmartinstaller_enu.exe
[2012/03/16 16:12:25 | 007,336,664 | ---- | M] (Blizzard Entertainment) -- C:\Users\Jamie\Desktop\Diablo-III-8370-enGB-Installer-downloader.exe
[2012/03/16 16:11:44 | 007,336,664 | ---- | M] (Blizzard Entertainment) -- C:\Users\Jamie\Desktop\Diablo-III-8370-enGB-Installer-downloader.exe.part
[2012/03/16 08:20:44 | 000,680,229 | ---- | M] () -- C:\Users\Jamie\Desktop\car.jpg
[2012/03/15 20:48:51 | 000,039,958 | ---- | M] () -- C:\Users\Jamie\Desktop\carp.jpg
[2012/03/15 20:28:03 | 000,027,992 | ---- | M] () -- C:\Users\Jamie\Desktop\fff.jpg
[2012/03/15 19:44:12 | 000,032,677 | ---- | M] () -- C:\Users\Jamie\Desktop\icontexto_inside_youtube.png
[2012/03/15 19:43:14 | 000,029,477 | ---- | M] () -- C:\Users\Jamie\Desktop\icontexto_inside_twitter.png
[2012/03/15 19:36:41 | 000,026,406 | ---- | M] () -- C:\Users\Jamie\Desktop\icontexto_inside_facebook.png
[2012/03/15 18:35:41 | 000,002,597 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
[2012/03/15 18:27:25 | 035,746,429 | ---- | M] (inkscape.org) -- C:\Users\Jamie\Desktop\Inkscape-0.48.2-1-win32.exe
[2012/03/15 18:19:42 | 000,733,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/15 18:19:42 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/15 18:19:42 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/15 17:25:31 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 17:25:31 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 17:18:34 | 002,373,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/15 17:18:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 17:17:44 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/13 16:29:04 | 001,881,847 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0383.JPG
[2012/03/11 19:20:15 | 000,004,071 | ---- | M] () -- C:\Users\Jamie\Desktop\ND000_
[2012/03/08 20:42:33 | 000,000,512 | ---- | M] () -- C:\Users\Jamie\Desktop\MBR.dat
[2012/03/08 19:44:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jamie\Desktop\aswMBR.exe
[2012/03/06 21:22:57 | 001,328,072 | ---- | M] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 18:25:08 | 004,427,148 | ---- | M] (Swearware) -- C:\Users\Jamie\Desktop\ComboFix.exe
[2012/03/06 18:22:05 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/06 17:52:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:59 | 000,739,350 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/06 17:17:52 | 000,001,441 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:24 | 000,000,833 | ---- | M] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplore2.exe
[2012/03/05 09:27:37 | 000,980,480 | ---- | M] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/05 09:19:11 | 000,000,632 | RHS- | M] () -- C:\Users\Jamie\ntuser.pol
[2012/03/05 00:00:06 | 000,000,130 | ---- | M] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:46:23 | 008,116,368 | ---- | M] (SurfRight B.V.) -- C:\Users\Jamie\Desktop\HitmanPro36_x64.exe
[2012/03/04 19:40:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jamie\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/04 19:34:22 | 001,008,141 | ---- | M] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/03/04 19:30:34 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\iexplorebbbb.exe
[2012/03/04 16:47:20 | 000,435,366 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\host_new.old
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-160442.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-152418.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-001543.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120305-000049.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-235805.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120304-180734.backup
[2012/03/04 07:48:23 | 000,435,366 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/26 16:54:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/26 15:56:41 | 002,565,641 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/20 20:02:41 | 003,418,866 | ---- | M] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG

========== Files Created - No Company Name ==========

[2012/03/19 19:53:38 | 000,051,057 | ---- | C] () -- C:\Users\Jamie\Desktop\Cormorant_Watch.jpg
[2012/03/19 19:51:46 | 000,454,487 | ---- | C] () -- C:\Users\Jamie\Desktop\AnglingTrustCormorant_Watch_A4ForPrinting.pdf
[2012/03/16 08:20:43 | 000,680,229 | ---- | C] () -- C:\Users\Jamie\Desktop\car.jpg
[2012/03/15 20:48:51 | 000,039,958 | ---- | C] () -- C:\Users\Jamie\Desktop\carp.jpg
[2012/03/15 20:28:03 | 000,027,992 | ---- | C] () -- C:\Users\Jamie\Desktop\fff.jpg
[2012/03/15 19:44:11 | 000,032,677 | ---- | C] () -- C:\Users\Jamie\Desktop\icontexto_inside_youtube.png
[2012/03/15 19:42:11 | 000,029,477 | ---- | C] () -- C:\Users\Jamie\Desktop\icontexto_inside_twitter.png
[2012/03/15 19:35:02 | 000,026,406 | ---- | C] () -- C:\Users\Jamie\Desktop\icontexto_inside_facebook.png
[2012/03/15 18:35:41 | 000,002,597 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2012/03/13 18:58:30 | 001,881,847 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0383.JPG
[2012/03/11 19:20:14 | 000,004,071 | ---- | C] () -- C:\Users\Jamie\Desktop\ND000_
[2012/03/08 20:12:46 | 000,000,512 | ---- | C] () -- C:\Users\Jamie\Desktop\MBR.dat
[2012/03/06 21:22:57 | 001,328,072 | ---- | C] () -- C:\Users\Jamie\Desktop\KeyScrambler_Setup.exe
[2012/03/06 17:30:07 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/06 17:29:49 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/05 22:48:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/05 22:16:56 | 000,027,424 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/03/05 22:14:40 | 000,000,340 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/03/05 13:23:18 | 000,000,833 | ---- | C] () -- C:\Users\Jamie\Desktop\hosts
[2012/03/05 09:11:18 | 000,000,632 | RHS- | C] () -- C:\Users\Jamie\ntuser.pol
[2012/03/04 19:52:08 | 000,980,480 | ---- | C] () -- C:\Users\Jamie\Desktop\MicrosoftFixit50267.msi
[2012/03/04 19:51:15 | 000,000,130 | ---- | C] () -- C:\Users\Jamie\Desktop\hostfix.bat
[2012/03/04 19:30:29 | 001,008,141 | ---- | C] () -- C:\Users\Jamie\Desktop\iExplore.exe
[2012/02/29 19:05:30 | 002,565,641 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0372.JPG
[2012/02/26 16:54:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/20 20:03:39 | 003,418,866 | ---- | C] () -- C:\Users\Jamie\Desktop\IMG_0367.JPG
[2011/10/13 20:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/10 09:47:47 | 000,739,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/13 21:47:09 | 000,010,417 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\SmarThruOptions.xml
[2011/01/13 21:46:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011/01/13 21:46:50 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011/01/13 21:14:45 | 000,110,592 | ---- | C] () -- C:\Windows\WiaInst.exe
[2010/11/17 10:31:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/24 18:36:17 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/29 13:45:31 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/31 13:34:49 | 000,000,504 | R--- | C] () -- C:\Windows\CtaMCcfg.ini
[2010/08/31 13:34:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/31 13:34:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/25 17:02:25 | 000,162,878 | ---- | C] () -- C:\Users\Jamie\AppData\Roaming\UserTile.png
[2010/05/13 19:47:56 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010/05/02 10:23:10 | 000,000,549 | ---- | C] () -- C:\Users\Jamie\AppData\Local\CastleLinkProps.dat
[2010/04/18 11:06:36 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 22:38:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/28 22:38:30 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/28 22:38:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== LOP Check ==========

[2010/09/15 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/03/24 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Command and Conquer 4
[2010/05/15 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\EVEMon
[2011/10/28 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\GetRightToGo
[2011/09/27 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\inkscape
[2011/08/04 16:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LolClient
[2010/09/19 10:21:38 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\LucasArts
[2010/12/10 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mumble
[2011/11/14 11:47:56 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\OpenOffice.org
[2011/09/29 13:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Origin
[2012/03/07 03:15:42 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\QFX Software
[2011/12/16 14:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Raptr
[2011/01/13 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\SmarThru4
[2011/01/05 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Stellarium
[2011/12/29 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Systweak
[2011/05/26 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TS3Client
[2010/06/28 13:23:58 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Ubisoft
[2011/05/16 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\wargaming.net
[2010/11/03 09:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Windows Live Writer
[2012/03/05 22:16:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   126.56KB   71 downloads

  • 0

Advertisements

#17
khameleon
Posted 21 March 2012 - 11:51 AM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
microsoft security essentials wont start, it states 'becasue it is disabled or has no enabled devices'.
  • 0

#18
Nedklaw
Posted 22 March 2012 - 02:59 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • 0

#19
khameleon
Posted 24 March 2012 - 01:21 PM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 12-03-22.01 - Jamie 24/03/2012 19:00:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6135.4376 [GMT 0:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\LvL86 - Play Like A Pro Software Package - cataclysm, wow, keybindings, world, of warcraft, guide, macros, addons, keybinds, interface, pvp, pve, tactics.url
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Public\invokesi.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:06 . 2012-03-24 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 08:38 . 2012-03-23 08:38 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 08:38 . 2012-03-23 08:38 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 15:26 . 2012-03-19 15:26 -------- d-----w- c:\program files (x86)\ESET
2012-03-17 06:59 . 2012-03-17 06:59 -------- d-----w- c:\programdata\Battle.net
2012-03-15 03:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:04 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:04 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:04 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:04 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:04 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:04 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 19:45 . 2012-03-08 19:45 -------- d-----w- C:\_OTL
2012-03-08 19:22 . 2012-03-08 19:22 -------- d-----w- c:\programdata\EA Logs
2012-03-07 03:15 . 2012-03-07 03:15 -------- d-----w- c:\users\Jamie\AppData\Roaming\QFX Software
2012-03-07 03:15 . 2012-03-07 03:15 -------- d-----w- c:\programdata\QFX Software
2012-03-06 21:23 . 2012-03-06 21:23 -------- d-----w- c:\program files (x86)\KeyScrambler
2012-03-06 21:23 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-03-06 17:29 . 2012-03-06 17:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-06 17:29 . 2012-03-06 17:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-05 22:37 . 2012-03-05 22:37 -------- d-----w- c:\windows\system32\SPReview
2012-03-05 22:36 . 2012-03-05 22:36 -------- d-----w- c:\windows\system32\EventProviders
2012-03-05 22:16 . 2012-03-05 22:16 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-03-05 16:06 . 2012-03-05 16:06 -------- d-----w- c:\users\Jake Adam & Kira
2012-03-05 09:33 . 2012-03-21 17:41 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2012-03-04 19:49 . 2012-03-05 22:14 -------- d-----w- c:\programdata\HitmanPro
2012-03-04 19:41 . 2012-03-04 19:41 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2012-03-04 19:41 . 2012-03-04 19:41 -------- d-----w- c:\programdata\Malwarebytes
2012-03-04 19:41 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 19:41 . 2012-03-04 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 08:25 . 2011-06-24 07:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-05 22:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-05 22:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-04 10:44 . 2012-02-14 23:34 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 23:34 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-14 23:34 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 23:34 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 23:34 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-11-16 953232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-31 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-08-31 79360]
R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\heroes in the sky\GameGuard\dump_wmimmc.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SaiH353E;SaiH353E;c:\windows\system32\DRIVERS\SaiH353E.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2011-06-10 2044688]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2011-09-09 48128]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sky.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\3gz6x09t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ukmandown.co.uk/news.php|http://www.facebook.com/|http://eve.battleclinic.com/browse_loadouts.php|http://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1794836138-3686742117-3972407047-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,a5,79,58,d1,ba,08,79,cb,09,ab,00,28,7e,4c,db,6d,3b,e2,d4,b4,
16,b4,f4,a1,6e,be,62,72,92,2b,47,f5,2a,d8,e2,9f,4f,05,1d,3e,35,ae,d6,dc,a2,\
"rkeysecu"=hex:f9,60,d8,55,5c,3f,62,84,af,e7,c6,84,6c,bb,6c,6f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-03-24 19:15:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 19:15
.
Pre-Run: 43,164,377,088 bytes free
Post-Run: 42,809,307,136 bytes free
.
- - End Of File - - 1ACC81013A670BC5FFC76D3F7CF27344

Attached Files


  • 0

#20
Nedklaw
Posted 25 March 2012 - 09:38 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Can you now re-enable MSE?
  • 0

#21
khameleon
Posted 26 March 2012 - 01:38 AM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
no, it's still telling me that its either disabled or has no enabled devices associated with it.

the error code is 0x80070422
  • 0

#22
Nedklaw
Posted 28 March 2012 - 01:20 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download Windows Repair (all in one) from this site.

Install the program then let it run.

Go to Step 2 and allow it to run Disc Check.

Posted Image


Once that is done then go to Step 3 and allow it to run System File Checker.

Posted Image


On the Start Repairs tab select Advanced Mode and click Start.

Posted Image


Select the items in the red surround (remove the ticks from the rest) and tick Restart System When Finished then click Start.

Posted Image


Does MSE now work properly?
  • 0

#23
khameleon
Posted 29 March 2012 - 01:55 PM

khameleon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok, managed to do all that but it didnt make any difference to MSE. I have uninstalled MSE and then downloaded it again and installed a fresh, it installed ok and updated itself and is now running a scan and my status is protected so everything seems to be fine.
  • 0

#24
Nedklaw
Posted 29 March 2012 - 03:46 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

It sounds like the malware corrupted your installation of MSE so a fresh install was needed to get it working again.
  • 0

#25
Nedklaw
Posted 29 March 2012 - 04:25 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratultions your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands
[emptytemp]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.1.102.63) and Adobe Shockwave Player (11.6.4.634) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:ˆ¨
  • 0

Advertisements

#26
NeonFx
Posted 01 April 2012 - 10:24 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP