Delta.Toolbar and Win32.BitGuard

**Dakeyras** · 2013-11-30, 22:11

Hi.

Still some way to go yet...

Might as well uninstall Erunt as it is not truly compatible with the version of windows in use and the other application I advised(Tweaking.com - Registry Backup) is more reliable overall. Also SUPERAntiSpyware is not a particularly effective application in my humble opinion nor is is something I recommend or use, your call though if you wish to keep it installed.

Check Proxy Settings:

Launch Internet Options...

Click on Start(Windows 7 Orb) >> Control Panel >> Network and Internet >> Internet Options
Or via Start(Windows 7 Orb) >> Control Panel >> >> Internet Options
Once the Internet Properties window appears >> click on Connections >> LAN settings
Ensure Automatically detect settings is selected and the following are not:

Use automatic configuration script

Use a proxy server for your LAN

Click on OK >> OK to close the Internet Properties window.

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot the computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to the desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer daughter's performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

**multichild** · 2013-11-30, 22:40

Hi,

I will go with what you say and delete what you recommend.

Before i start can you explain further what you mean by -

quote-box(do not copy the word quote)

Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]

**Dakeyras** · 2013-11-30, 23:21

Hi.

I will go with what you say and delete what you recommend.

Acknowledged...

Before i start can you explain further what you mean by -

quote-box(do not copy the word quote)

Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]

Ah I see your confusion, the quote box here in this forum is slightly different from others and my oversight, so my apologies about that. I advised that as the version of IE in use on your daughters machine can at times be problematic if I used a code box for the custom script and it may not be cut and pasted as is correctly.

Anyway merely copy all of the aforementioned custom OTL fix or the one below, either will suffice:-

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

**multichild** · 2013-12-02, 11:49

Hi,

The computer does seem better, not so sluggish, but still not as quick as it was, and also we noticed that if we say go to bbc.co.uk the site works fine, and a few other sites such as online banking, webmail and all, but when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.

I was also suprised that the final scan didnt come up with any malware, but have posted the scn results below.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
C:\Windows\system32\npDeployJava1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry value HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\mctadmin not found.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File move failed. C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk scheduled to be moved on reboot.
File C:\Program Files\ERUNT\AUTOBACK.EXE not found.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
Autoconfiguration IPv4 Address. . : 169.254.56.188
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
IPv4 Address. . . . . . . . . . . : 192.168.1.65
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aimee
->Temp folder emptied: 415479594 bytes
->Temporary Internet Files folder emptied: 1490722912 bytes
->Java cache emptied: 311072 bytes
->Apple Safari cache emptied: 7497728 bytes
->Flash cache emptied: 880 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1341707 bytes
RecycleBin emptied: 6759111 bytes

Total Files Cleaned = 1,833.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11302013_222716

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File\Folder C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Aimee :: AIMEE-PC [administrator]

Protection: Enabled

01/12/2013 22:08:40
mbam-log-2013-12-01 (22-08-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195545
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**Dakeyras** · 2013-12-02, 12:39

Hi.

when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.

Acknowledged.

I was also suprised that the final scan didnt come up with any malware

A good sign that then, though we have not completed the malware removal process just yet.

OK before anything further proactive I would like a few further benign scans to ascertain the overall situation as follows...

Check Hard Disk For Errors:

Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:

Code:

@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

Go to File >> Save As
Save File name as Dakeyras.bat
Change Save as Type to All Files and save the file to the Desktop.
It should look similar to this:

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on the desktop. Please post the contents of this file in your next reply.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 32-Bit to to the desktop.

Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on the desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

**multichild** · 2013-12-02, 21:18

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
278 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
15621 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

244093951 KB total disk space.
32791304 KB in 71179 files.
47292 KB in 15622 indexes.
0 KB in bad sectors.
238855 KB in use by the system.
65536 KB occupied by the log file.
211016500 KB available on disk.

4096 bytes in each allocation unit.
61023487 total allocation units on disk.
52754125 allocation units available on disk.

**multichild** · 2013-12-02, 21:19

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2013
Ran by Aimee at 2013-12-02 20:12:15
Running from C:\Users\Aimee\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 7.0)
Bluetooth Win7 Suite (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fresco Logic USB3.0 Host Controller (Version: 3.5.2.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.8.1064)
iTunes (Version: 11.0.4.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6373)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
Skype™ 6.7 (Version: 6.7.102)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.3.33.0)
Tweaking.com - Registry Backup (Version: 1.6.8)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

==================== Restore Points =========================

08-11-2013 12:03:33 Windows Update
12-11-2013 11:20:02 Windows Update
14-11-2013 23:24:52 Windows Update
18-11-2013 20:11:55 Windows Update
20-11-2013 09:05:41 Windows Update
23-11-2013 19:49:43 Windows Update
27-11-2013 09:56:14 Windows Update
28-11-2013 00:01:47 Windows Update
29-11-2013 16:28:58 Removed Java 7 Update 25
30-11-2013 19:42:44 OTL Restore Point - 30/11/2013 19:42:38
30-11-2013 22:27:31 OTL Restore Point - 30/11/2013 22:27:29
01-12-2013 13:02:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:04 - 2013-11-28 18:37 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {439CFAC0-3898-47C1-AB0B-B8900F695E57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B2F4D289-715D-4E77-9480-222E615FFBD2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D5BF4E30-B1C8-4C62-AC2C-BC072D55BD32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DFBD6FA4-D381-4BE8-A79F-DC2411422DED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {E31EEFB4-281E-47D0-BC33-C20161434B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: MpKsl4b59ac68
Description: MpKsl4b59ac68
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl4b59ac68
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2013 03:54:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x610
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xea0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xce8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xa28
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xf24
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:52:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xe10
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:48:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xd8c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (12/02/2013 03:30:17 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:27:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2013 03:54:13 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c387361001ceef76b884abcaC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllfd1e97d6-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ea001ceef76b01ccfd2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllf414de4c-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:38 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ce801ceef76a5803177C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle7f73d47-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:27 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873a2801ceef769e35faa0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle1530a81-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:14 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873f2401ceef769575e4aeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld9ddd3d5-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:52:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873e1001ceef767a1e5e84C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld09173c3-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:48:10 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873d8c01ceef7566207788C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll24d68b96-5b69-11e3-a220-0008ca3c03e1

==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 1010.86 MB
Available physical RAM: 173.26 MB
Total Pagefile: 2034.86 MB
Available Pagefile: 944.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:201.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 7E260D65)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thread: Delta.Toolbar and Win32.BitGuard

Thread Tools

Display

Hybrid View

Posting Permissions