Results 1 to 10 of 34

Thread: Delta.Toolbar and Win32.BitGuard

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2013-11-29, 17:24 #1
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi Dakeyras,

    Nice to meet you and thank you for getting back to me, I will proceed with your every word and get back to you shortly.

    Cheers
  2. 2013-11-29, 17:36 #2
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi I also chose to delete Java 7 Update 25, as I am going to go with what you recommend.

    I have done this and am working through the points now.
  3. 2013-11-29, 18:13 #3
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi as you seen I deleted the Java 25 thing as you said, and checked for a problem we where encountering.

    This was although we had set http://www.google.com as the default home page it was going to ask.com with a huge string behind it, and then almost straight after the manage add on pop up would appear.

    I just launched IE and this didnt happen so I think that problem seems to be gone, although as for anything else that was going on I'm not too sure at the moment.

    Here is the log:

    # AdwCleaner v3.013 - Report created 29/11/2013 at 17:03:29
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Aimee - AIMEE-PC
    # Running from : C:\Users\Aimee\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : torchcrashhandler

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Searchprotect
    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\GameTap Web Player
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\GameTap Web Player
    Folder Deleted : C:\Program Files\Movies Toolbar
    Folder Deleted : C:\Program Files\WebConnect
    Folder Deleted : C:\Users\Aimee\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Aimee\AppData\Local\torch
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Advanced System Protector
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\xVidly
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    File Deleted : C:\Windows\System32\Tasks\Advanced System Protector

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKCU\Software\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\torch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v

    [ File : C:\Users\Aimee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8557 octets] - [29/11/2013 16:59:01]
    AdwCleaner[S0].txt - [8507 octets] - [29/11/2013 17:03:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8567 octets] ##########
  4. 2013-11-29, 18:18 #4
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OK we still seem to be having one of the original problems, sorry I have put it in a second post as I am basically trying ot fix this for my daughter and so dont know all the problems.

    So another problem we are getting is that when we go to say yahoo.com using the IE browser, straight away we get a 'Internet Explorer has stopped working' prompt, and it tries to fix the problem, but it basically goes around in a circle.

    This seems to be the next immediate problem we have.
  5. 2013-11-30, 00:53 #5
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    All prior posts acknowledged and you're welcome! Lets proceed as follows shall we...

    Scan with JRT:

    Please download Junkware Removal Tool to the desktop.

    Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

    • Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Note: Reboot the machine and ensure all disabled security software is now enabled etc.

    Scan with OTL:

    Please download OTL and save it to the desktop.

    Alternate downloads are here and here.

    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan/Fixes box cut & paste this in:-

    Netsvcs
    Baseservices
    %systemdrive%\*.exe
    C:\program files\Google\Desktop
    Dir "%systemdrive%\*" /S /A:L /C
    CreateRestorePoint

    • Now click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these two Notepad files in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
  6. 2013-11-30, 21:12 #6
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Professional x86
    Ran by Aimee on 30/11/2013 at 11:09:04.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3808433556-406660851-2857496050-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5941957F-34BB-4070-94B2-10ADA44EC673}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\datamngr"
    Successfully deleted: [Folder] "C:\Users\Aimee\appdata\local\solid savings"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 30/11/2013 at 11:13:59.50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. 2013-11-30, 21:13 #7
    multichild
    multichild is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OTL logfile created on: 30/11/2013 19:40:07 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aimee\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1010.86 Mb Total Physical Memory | 285.38 Mb Available Physical Memory | 28.23% Memory free
    1.99 Gb Paging File | 0.95 Gb Available in Paging File | 47.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 199.88 Gb Free Space | 85.86% Space Free | Partition Type: NTFS

    Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    PRC - [2013/11/05 17:56:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/06/15 08:06:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
    PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/19 18:25:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys -- (MpKsl4b59ac68)
    DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/03/26 13:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2011/12/13 07:11:46 | 001,336,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
    DRV - [2011/10/03 09:15:14 | 000,169,472 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV - [2011/10/03 09:15:14 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/08 23:37:56 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2011/03/13 09:57:54 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
    DRV - [2011/03/13 09:57:54 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV - [2011/03/13 09:57:54 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV - [2011/03/13 09:57:54 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV - [2011/03/13 09:57:54 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
    DRV - [2011/03/13 09:57:54 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV - [2011/03/13 09:57:52 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV - [2010/12/01 08:12:04 | 000,197,224 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSUSTOR.SYS -- (RSUSBSTOR)
    DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/07/08 01:02:14 | 001,801,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2006/10/13 19:33:00 | 000,010,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asushwio.sys -- (Asushwio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE B2 D3 DD 85 AC CE 01 [binary data]
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB489
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Aimee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found


    [2013/09/07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========


    O1 HOSTS File: ([2013/11/28 18:37:12 | 000,450,660 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}: DhcpNameServer = 172.20.10.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstallAll.exe
    O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell\AutoRun\command - "" = D:\CMADownloader.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/30 19:33:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    [2013/11/30 11:08:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/11/30 10:49:31 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
    [2013/11/29 16:58:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/29 16:49:58 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2013/11/29 16:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    [2013/11/29 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/11/28 20:15:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
    [2013/11/28 19:57:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
    [2013/11/28 19:54:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/11/28 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/11/28 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/11/28 00:04:54 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/11/28 00:04:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/11/28 00:04:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
    [2013/11/28 00:04:53 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/11/28 00:04:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/11/28 00:04:52 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/11/28 00:04:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/11/28 00:04:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
    [2013/11/28 00:04:51 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/11/28 00:04:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/11/28 00:04:51 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/11/28 00:04:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/11/28 00:04:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/11/28 00:04:51 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/11/28 00:04:51 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/11/28 00:04:51 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/11/28 00:04:51 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/11/28 00:04:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/11/28 00:04:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/11/28 00:04:50 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/11/28 00:04:50 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/11/28 00:04:50 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/11/28 00:04:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/11/28 00:04:50 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/11/28 00:04:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/11/28 00:04:49 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/11/28 00:04:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/11/28 00:04:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
    [2013/11/28 00:04:49 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/11/28 00:04:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
    [2013/11/28 00:04:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
    [2013/11/28 00:04:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/11/28 00:04:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
    [2013/11/28 00:04:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/11/28 00:04:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/11/28 00:04:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/11/28 00:04:47 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
    [2013/11/28 00:04:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/11/28 00:04:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/11/28 00:04:46 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/11/28 00:04:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/11/28 00:04:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/11/28 00:04:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/11/24 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
    [2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/15 20:55:38 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
    [2013/11/15 20:55:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
    [2013/11/15 20:55:38 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
    [2013/11/15 20:55:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
    [2013/11/15 20:55:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
    [2013/11/15 20:55:37 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\TFP
    [2013/11/14 08:47:21 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/11/14 08:47:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
    [2013/11/14 08:46:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2013/11/14 08:46:48 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
    [2013/11/14 08:45:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
    [2013/11/14 08:45:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2013/11/11 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Documents\iphone pics
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/30 19:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job
    [2013/11/30 19:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    [2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/30 19:23:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/30 19:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/30 19:23:41 | 794,972,160 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/30 19:22:08 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/11/30 19:22:08 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/11/30 16:41:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job
    [2013/11/30 10:50:32 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
    [2013/11/29 16:57:23 | 001,091,882 | ---- | M] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
    [2013/11/29 16:51:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    [2013/11/29 16:48:44 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/11/29 16:47:51 | 003,927,696 | ---- | M] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/11/28 20:54:54 | 000,000,512 | ---- | M] () -- C:\Users\Aimee\Desktop\MBR.dat
    [2013/11/28 20:17:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
    [2013/11/28 19:57:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
    [2013/11/28 19:52:33 | 000,001,074 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/11/28 19:52:21 | 000,000,875 | ---- | M] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
    [2013/11/28 18:37:12 | 000,450,660 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/11/28 00:04:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/11/28 00:04:54 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/11/28 00:04:53 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
    [2013/11/28 00:04:53 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/11/28 00:04:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/11/28 00:04:53 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/11/28 00:04:52 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/11/28 00:04:52 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
    [2013/11/28 00:04:51 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/11/28 00:04:51 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/11/28 00:04:51 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/11/28 00:04:51 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/11/28 00:04:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/11/28 00:04:51 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/11/28 00:04:51 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/11/28 00:04:51 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/11/28 00:04:51 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/11/28 00:04:51 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/11/28 00:04:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/11/28 00:04:51 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/11/28 00:04:51 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2013/11/28 00:04:50 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/11/28 00:04:50 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/11/28 00:04:50 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/11/28 00:04:50 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/11/28 00:04:50 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/11/28 00:04:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/11/28 00:04:49 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
    [2013/11/28 00:04:49 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/11/28 00:04:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
    [2013/11/28 00:04:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
    [2013/11/28 00:04:48 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/11/28 00:04:48 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
    [2013/11/28 00:04:48 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/11/28 00:04:48 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/11/28 00:04:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/11/28 00:04:47 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
    [2013/11/28 00:04:47 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/11/28 00:04:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/11/28 00:04:46 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/11/28 00:04:46 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/11/28 00:04:46 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/11/28 00:04:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/11/24 21:12:13 | 000,004,975 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/11/22 14:12:04 | 000,074,727 | ---- | M] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
    [2013/11/22 14:11:50 | 000,035,535 | ---- | M] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
    [2013/11/20 09:15:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/11/19 10:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/11/16 21:29:11 | 000,006,086 | ---- | M] () -- C:\Users\Aimee\Desktop\nail.png
    [2013/11/15 20:56:38 | 000,001,138 | ---- | M] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/11/11 21:06:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [2013/11/05 09:45:50 | 004,413,614 | ---- | M] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
    [2013/11/04 15:58:15 | 000,329,452 | ---- | M] () -- C:\Users\Aimee\Desktop\science.png
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/29 16:57:23 | 001,091,882 | ---- | C] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
    [2013/11/29 16:51:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    [2013/11/29 16:48:44 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/11/29 16:47:17 | 003,927,696 | ---- | C] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/11/28 20:54:53 | 000,000,512 | ---- | C] () -- C:\Users\Aimee\Desktop\MBR.dat
    [2013/11/28 19:52:33 | 000,001,074 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/11/28 19:52:21 | 000,000,875 | ---- | C] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
    [2013/11/28 00:04:51 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2013/11/22 14:13:41 | 000,035,535 | ---- | C] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
    [2013/11/22 14:12:48 | 000,074,727 | ---- | C] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
    [2013/11/16 21:29:10 | 000,006,086 | ---- | C] () -- C:\Users\Aimee\Desktop\nail.png
    [2013/11/15 20:56:37 | 000,001,359 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    [2013/11/15 20:55:14 | 000,001,138 | ---- | C] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/11/11 21:06:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [2013/11/05 09:45:05 | 004,413,614 | ---- | C] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
    [2013/11/04 15:58:13 | 000,329,452 | ---- | C] () -- C:\Users\Aimee\Desktop\science.png
    [2013/07/25 20:01:52 | 000,004,975 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/06/20 18:17:55 | 000,020,123 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png
    [2012/06/22 08:17:22 | 000,006,144 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/18 19:18:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/06/18 17:58:30 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
    [2012/06/18 17:55:05 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012/06/18 17:52:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2012/06/18 17:52:26 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

    ========== ZeroAccess Check ==========

    [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Base Services ==========
    SRV - [2009/07/14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2013/02/27 04:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010/11/20 21:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010/11/20 21:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2012/07/04 21:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010/11/20 21:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2011/03/03 05:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/07/14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009/07/14 01:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010/11/20 21:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2009/07/14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009/07/14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009/07/14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2012/10/03 16:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009/07/14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2011/05/24 10:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2012/02/11 05:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009/07/14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010/11/20 21:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009/07/14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009/07/14 01:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010/11/20 21:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010/11/20 21:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010/11/20 21:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010/11/20 21:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2012/05/01 04:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010/11/20 21:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010/11/20 21:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/20 21:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010/11/20 21:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010/11/20 21:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010/11/20 21:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009/07/14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012/06/02 22:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010/11/20 21:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009/07/14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010/11/20 21:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    < %systemdrive%\*.exe >

    < C:/program files\Google\Desktop >
    Invalid Switch: program files\Google\Desktop

    < Dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is 44F5-CABF
    Directory of C:\
    14/07/2009 04:53 <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    14/07/2009 04:53 <SYMLINKD> All Users [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee
    18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Roaming]
    18/06/2012 17:44 <JUNCTION> Cookies [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Cookies]
    18/06/2012 17:44 <JUNCTION> Local Settings [C:\Users\Aimee\AppData\Local]
    18/06/2012 17:44 <JUNCTION> My Documents [C:\Users\Aimee\Documents]
    18/06/2012 17:44 <JUNCTION> NetHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    18/06/2012 17:44 <JUNCTION> PrintHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    18/06/2012 17:44 <JUNCTION> Recent [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Recent]
    18/06/2012 17:44 <JUNCTION> SendTo [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\SendTo]
    18/06/2012 17:44 <JUNCTION> Start Menu [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu]
    18/06/2012 17:44 <JUNCTION> Templates [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee\AppData\Local
    18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Local]
    18/06/2012 17:44 <JUNCTION> History [C:\Users\Aimee\AppData\Local\Microsoft\Windows\History]
    18/06/2012 17:44 <JUNCTION> Temporary Internet Files [C:\Users\Aimee\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee\Documents
    18/06/2012 17:44 <JUNCTION> My Music [C:\Users\Aimee\Music]
    18/06/2012 17:44 <JUNCTION> My Pictures [C:\Users\Aimee\Pictures]
    18/06/2012 17:44 <JUNCTION> My Videos [C:\Users\Aimee\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    14/07/2009 04:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    14/07/2009 04:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    14/07/2009 04:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
    14/07/2009 04:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    14/07/2009 04:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    14/07/2009 04:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    14/07/2009 04:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    14/07/2009 04:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    14/07/2009 04:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Default\Music]
    14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Public\Music]
    14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    50 Dir(s) 214,330,187,776 bytes free

    < End of report >
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules