Results 1 to 10 of 34

Thread: Delta.Toolbar and Win32.BitGuard

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default Delta.Toolbar and Win32.BitGuard

    Hi all,

    First time on here, so hello to all.

    Am having trouble with my daughters laptop and have tried removing a few problems using Spbot Search & Destroy, and SUPERAntiSpyware and also running Microsft Security Essentials.

    In Spybot two things cant be removed and they are a part of Delta.Toolbar and Win32.BitGuard - This is what I can see.

    [SBI $ACF354C8] Program Directory C:\ProgramData\BrowserProtect\

    [SBI $93F166B5] Program directory C:\ProgramData\BitGuard\

    Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

    Exploit:Java/CVE-2013-2423
    Exploit:Java/CVE-2013-0431

    Now Im not sure what else is on there, but we are having problems with the laptop and not sure what more to do.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
    Run by Aimee at 19:58:47 on 2013-11-28
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1011.96 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Aimee\AppData\Local\Torch\Update\TorchCrashHandler.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uProxyOverride = <-loopback>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Facebook Update] "c:\users\aimee\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
    StartupFolder: c:\users\aimee\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    TCP: NameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9} : DHCPNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244584F6D656845726D283738363 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\35B4950303638323 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C} : DHCPNameServer = 172.20.10.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
    SSODL: WebCheck - <orphaned>
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: browsemngr.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browsermngr.exe - tasklist.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-3-13 138400]
    R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-4 1153368]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
    R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
    R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2011-10-3 169472]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2011-10-3 49664]
    R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-6-18 1336320]
    R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-6-18 417280]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-6-18 278528]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-18 414824]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
    S3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2006-10-13 10288]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-28 108032]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTSUSTOR.SYS [2012-6-18 197224]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    .
    =============== Created Last 30 ================
    .
    2013-11-28 18:10:50 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9a882a7-13d5-406a-9bba-e96d8570099c}\mpengine.dll
    2013-11-28 16:56:00 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-11-24 23:28:57 -------- d-----w- c:\programdata\Datamngr
    2013-11-24 21:22:36 -------- d-----w- c:\users\aimee\appdata\roaming\SUPERAntiSpyware.com
    2013-11-24 21:21:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-11-24 21:21:57 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-11-15 21:27:01 -------- d-----w- c:\programdata\BrowserProtect
    2013-11-15 21:27:01 -------- d-----w- c:\programdata\BitGuard
    2013-11-15 20:56:31 -------- d-----w- c:\programdata\TorchCrashHandler
    2013-11-15 20:55:38 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2013-11-15 20:55:38 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2013-11-15 20:55:38 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2013-11-15 20:55:38 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2013-11-15 20:55:37 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2013-11-15 20:55:37 -------- d-----w- c:\users\aimee\appdata\roaming\TFP
    2013-11-15 20:52:51 -------- d-----w- c:\users\aimee\appdata\local\Torch
    2013-11-15 20:40:06 -------- d-----w- c:\programdata\Wincert
    2013-11-15 20:37:38 -------- d-----w- c:\program files\Movies Toolbar
    2013-11-14 08:47:24 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-11-14 08:47:23 369848 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-11-14 08:47:23 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-11-14 08:47:22 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-11-14 08:47:22 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-11-14 08:47:21 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-11-14 08:47:21 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-11-14 08:47:21 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-11-14 08:47:20 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-11-14 08:47:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-11-14 08:46:50 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-14 08:46:48 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-11-14 08:46:47 168960 ----a-w- c:\windows\system32\credui.dll
    2013-11-14 08:46:12 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-11-14 08:45:04 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-11-14 08:45:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2013-11-14 08:45:03 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-11-14 08:44:56 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2013-11-07 09:29:40 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03e81ad5-a2fc-49ec-9687-06372ff93a93}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
    2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    ============= FINISH: 20:01:29.46 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-28 20:17:34
    -----------------------------
    20:17:34.202 OS Version: Windows 6.1.7601 Service Pack 1
    20:17:34.202 Number of processors: 4 586 0x3601
    20:17:34.202 ComputerName: AIMEE-PC UserName: Aimee
    20:17:42.455 Initialize success
    20:28:41.552 AVAST engine defs: 13112801
    20:30:02.766 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:30:02.782 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 238475MB BusType: 3
    20:30:02.969 Disk 0 MBR read successfully
    20:30:02.985 Disk 0 MBR scan
    20:30:03.343 Disk 0 Windows 7 default MBR code
    20:30:03.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:30:03.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    20:30:03.702 Disk 0 scanning sectors +488394752
    20:30:04.045 Disk 0 scanning C:\Windows\system32\drivers
    20:30:43.747 Service scanning
    20:31:18.223 Service MpKsl4b59ac68 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys **LOCKED** 32
    20:31:59.362 Modules scanning
    20:32:19.158 Disk 0 trace - called modules:
    20:32:19.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    20:32:19.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bcca48]
    20:32:19.751 3 CLASSPNP.SYS[86dae59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8408f028]
    20:32:28.659 AVAST engine scan C:\Windows
    20:32:35.133 AVAST engine scan C:\Windows\system32
    20:40:30.980 AVAST engine scan C:\Windows\system32\drivers
    20:41:29.060 AVAST engine scan C:\Users\Aimee
    20:54:53.726 Disk 0 MBR has been saved successfull y to "C:\Users\Aimee\Desktop\MBR.dat"
    20:54:54.209 The log file has been saved successfully to "C:\Users\Aimee\Desktop\aswMBR.txt"


    --- Search result list ---
    Delta.Toolbar: [SBI $20319BF7] User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\DataMngr

    Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

    Delta.Toolbar: [SBI $ACF354C8] Program directory (Directory, nothing done)
    C:\ProgramData\BrowserProtect\

    Win32.BitGuard: [SBI $93F166B5] Program directory (Directory, nothing done)
    C:\ProgramData\BitGuard\


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-12-04 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-11-06 Includes\Adware.sbi (*)
    2013-11-26 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-10-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-11-19 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-11-26 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-10-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-09-17 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-11-05 Includes\TrojansC-02.sbi (*)
    2013-11-26 Includes\TrojansC-03.sbi (*)
    2013-10-22 Includes\TrojansC-04.sbi (*)
    2013-06-13 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 958576
    MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4

    Located: HK_LM:Run, APSDaemon
    command: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    file: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    size: 59720
    MD5: 61E4289E91E88C90478D7F4BEB10DCF7

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42

    Located: HK_LM:Run, MSC
    command: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    file: c:\Program Files\Microsoft Security Client\msseces.exe
    size: 948440
    MD5: 03396637E1E1B4E333D00AED86178918

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 253816
    MD5: D63797E8E7781EE1500A810CB6194FA6

    Located: HK_CU:Run, SearchProtect
    where: .DEFAULT...
    command: \SearchProtect\bin\cltmng.exe
    file: \SearchProtect\bin\cltmng.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-19...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 93696
    MD5: BBA1A5B86134F496B926DDAF247DB871

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-20...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 93696
    MD5: BBA1A5B86134F496B926DDAF247DB871

    Located: HK_CU:Run, Facebook Update
    where: S-1-5-21-3808433556-406660851-2857496050-1000...
    command: "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    file: C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, SUPERAntiSpyware
    where: S-1-5-21-3808433556-406660851-2857496050-1000...
    command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    size: 5717272
    MD5: BC121F6E4432CBB79129201C191674AD

    Located: HK_CU:Run, SearchProtect
    where: S-1-5-18...
    command: \SearchProtect\bin\cltmng.exe
    file: \SearchProtect\bin\cltmng.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://www.safer-networking.org/
    info source: Safer-Networking Ltd.
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 04/12/2012 18:23:46
    Date (last access): 04/12/2012 18:23:46
    Date (last write): 26/01/2009 15:31:02
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files\Java\jre7\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 14/07/2013 21:33:22
    Date (last access): 14/07/2013 21:33:22
    Date (last write): 14/07/2013 21:33:22
    Filesize: 463272
    Attributes: archive
    MD5: 155915C088F11EEB9B342F4134F11C7E
    CRC32: 1A627FD9
    Version: 10.25.2.17

    {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} (IESpeakDoc)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: IESpeakDoc
    CLSID name: CIESpeechBHO Class
    Path: C:\Program Files\Bluetooth Suite\
    Long name: IEPlugIn.dll
    Short name:
    Date (created): 13/03/2011 09:58:06
    Date (last access): 18/06/2012 18:02:14
    Date (last write): 13/03/2011 09:58:06
    Filesize: 60576
    Attributes: archive
    MD5: 9E33A81ABB2A058AC25C6907D260C932
    CRC32: 84C66DF1
    Version: 7.2.0.65

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: C:\Program Files\Google\Google Toolbar\
    Long name: GoogleToolbar_32.dll
    Short name: GOOGLE~1.DLL
    Date (created): 18/06/2012 19:29:52
    Date (last access): 18/06/2012 19:29:52
    Date (last write): 10/10/2013 07:32:52
    Filesize: 194640
    Attributes: archive
    MD5: 6028E7AAC8630C27564D6164A589AB91
    CRC32: 5841059E
    Version: 7.5.4601.54

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre7\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 14/07/2013 21:33:18
    Date (last access): 14/07/2013 21:33:18
    Date (last write): 14/07/2013 21:33:18
    Filesize: 171944
    Attributes: archive
    MD5: 5B1E711B7F870B355B1BCD8874037EEF
    CRC32: 5776D394
    Version: 10.25.2.17



    --- ActiveX list ---
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
    DPF name:
    CLSID name: Microsoft Office Template and Media Control
    Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
    Codebase: http://office.microsoft.com/_layouts.../ieawsdc32.cab
    description:
    classification: Legitimate
    known filename: IEAWSDC.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\PROGRA~1\MICROS~3\OFFICE11\
    Long name: IEAWSDC.DLL
    Short name:
    Date (created): 26/08/2012 15:16:26
    Date (last access): 26/08/2012 15:16:26
    Date (last write): 26/08/2012 15:16:26
    Filesize: 196208
    Attributes: archive
    MD5: 1D4F4F0321DFE3427C34545A572D77AA
    CRC32: 6A9C51D3
    Version: 15.0.4420.0



    --- Process list ---
    PID: 2020 ( 584) C:\Windows\system32\taskhost.exe
    size: 49152
    MD5: 72E953215CADE1A726C04AAFDF6B463D
    PID: 2036 (1136) C:\Windows\system32\Dwm.exe
    size: 92672
    MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
    PID: 476 (2004) C:\Windows\Explorer.EXE
    size: 2616320
    MD5: 8B88EBBB05A0E56B7DCC708498C02B3E
    PID: 2184 ( 476) C:\Program Files\Microsoft Security Client\msseces.exe
    size: 948440
    MD5: 03396637E1E1B4E333D00AED86178918
    PID: 2280 ( 476) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 253816
    MD5: D63797E8E7781EE1500A810CB6194FA6
    PID: 2344 ( 476) C:\Program Files\iTunes\iTunesHelper.exe
    size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42
    PID: 2464 ( 476) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    size: 5717272
    MD5: BC121F6E4432CBB79129201C191674AD
    PID: 3404 (1856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 320 ( 4) smss.exe
    size: 69632
    PID: 456 ( 392) csrss.exe
    size: 6144
    PID: 520 ( 392) wininit.exe
    size: 96256
    PID: 528 ( 512) csrss.exe
    size: 6144
    PID: 584 ( 520) services.exe
    size: 259072
    PID: 616 ( 512) winlogon.exe
    size: 286720
    PID: 624 ( 520) lsass.exe
    size: 22016
    PID: 636 ( 520) lsm.exe
    size: 267776
    PID: 816 ( 584) svchost.exe
    size: 20992
    PID: 904 ( 584) svchost.exe
    size: 20992
    PID: 984 ( 584) MsMpEng.exe
    PID: 1096 ( 584) svchost.exe
    size: 20992
    PID: 1136 ( 584) svchost.exe
    size: 20992
    PID: 1184 ( 584) svchost.exe
    size: 20992
    PID: 1232 ( 584) svchost.exe
    size: 20992
    PID: 1432 ( 584) svchost.exe
    size: 20992
    PID: 1608 ( 584) spoolsv.exe
    size: 317440
    PID: 1656 ( 584) svchost.exe
    size: 20992
    PID: 1800 ( 584) SASCore.exe
    PID: 1900 ( 584) armsvc.exe
    PID: 1992 ( 584) AppleMobileDeviceService.exe
    PID: 668 ( 584) Ath_CoexAgent.exe
    PID: 840 ( 584) AdminService.exe
    PID: 1148 ( 584) mDNSResponder.exe
    PID: 128 ( 584) svchost.exe
    size: 20992
    PID: 336 ( 584) TorchCrashHandler.exe
    PID: 2116 ( 584) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2752 ( 584) svchost.exe
    size: 20992
    PID: 3064 ( 584) NisSrv.exe
    PID: 3152 ( 584) iPodService.exe
    PID: 3352 ( 584) SearchIndexer.exe
    size: 427520


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 28/11/2013 22:18:50

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD RfComm [Bluetooth]
    GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD RfComm [Bluetooth]

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 13
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 13
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] SEQPACKET 11
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] DATAGRAM 11
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] SEQPACKET 15
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] DATAGRAM 15
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 14
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 14
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 6: Bluetooth Namespace
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

    Namespace Provider 7: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

    sorry here is the attachment
    Attached Files Attached Files

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Next:

    Regarding the below you mentioned:-

    Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

    Exploit:Java/CVE-2013-2423
    Exploit:Java/CVE-2013-0431
    Should be fine to leave as is and will be fully purged in due course and relate to a Java vulnerability which I will discuss further below.

    Java Advice:

    There has been a recent severe exploration of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that is installed Jave related:-

    Java 7 Update 25

    So you need to uninstall thisl(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall but I advise against it and for the present I do not even have anything Java related installed on my machines.

    Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

    Temp' Disable TeaTimer:

    This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

    How to do so can be read here, scroll down to:-

    When Spybot-S&D version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.
    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features can be viewed here.

    Scan with AdwCleaner:

    Please download adwcleaner from here and save to your desktop.

    Alternate downloads are here or here.

    • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report in your next reply.

    Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is the computer performing now, any further symptoms and or problems encountered ?
    • Your decision about a new Java installation.
    • AdwCleaner Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi Dakeyras,

    Nice to meet you and thank you for getting back to me, I will proceed with your every word and get back to you shortly.

    Cheers

  4. #4
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi I also chose to delete Java 7 Update 25, as I am going to go with what you recommend.

    I have done this and am working through the points now.

  5. #5
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi as you seen I deleted the Java 25 thing as you said, and checked for a problem we where encountering.

    This was although we had set http://www.google.com as the default home page it was going to ask.com with a huge string behind it, and then almost straight after the manage add on pop up would appear.

    I just launched IE and this didnt happen so I think that problem seems to be gone, although as for anything else that was going on I'm not too sure at the moment.

    Here is the log:

    # AdwCleaner v3.013 - Report created 29/11/2013 at 17:03:29
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Aimee - AIMEE-PC
    # Running from : C:\Users\Aimee\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : torchcrashhandler

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Searchprotect
    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\GameTap Web Player
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\GameTap Web Player
    Folder Deleted : C:\Program Files\Movies Toolbar
    Folder Deleted : C:\Program Files\WebConnect
    Folder Deleted : C:\Users\Aimee\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Aimee\AppData\Local\torch
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Advanced System Protector
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\xVidly
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    File Deleted : C:\Windows\System32\Tasks\Advanced System Protector

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKCU\Software\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\torch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v

    [ File : C:\Users\Aimee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8557 octets] - [29/11/2013 16:59:01]
    AdwCleaner[S0].txt - [8507 octets] - [29/11/2013 17:03:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8567 octets] ##########

  6. #6
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OK we still seem to be having one of the original problems, sorry I have put it in a second post as I am basically trying ot fix this for my daughter and so dont know all the problems.

    So another problem we are getting is that when we go to say yahoo.com using the IE browser, straight away we get a 'Internet Explorer has stopped working' prompt, and it tries to fix the problem, but it basically goes around in a circle.

    This seems to be the next immediate problem we have.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •