Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Delta.Toolbar and Win32.BitGuard

  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default Delta.Toolbar and Win32.BitGuard

    Hi all,

    First time on here, so hello to all.

    Am having trouble with my daughters laptop and have tried removing a few problems using Spbot Search & Destroy, and SUPERAntiSpyware and also running Microsft Security Essentials.

    In Spybot two things cant be removed and they are a part of Delta.Toolbar and Win32.BitGuard - This is what I can see.

    [SBI $ACF354C8] Program Directory C:\ProgramData\BrowserProtect\

    [SBI $93F166B5] Program directory C:\ProgramData\BitGuard\

    Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

    Exploit:Java/CVE-2013-2423
    Exploit:Java/CVE-2013-0431

    Now Im not sure what else is on there, but we are having problems with the laptop and not sure what more to do.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
    Run by Aimee at 19:58:47 on 2013-11-28
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1011.96 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Aimee\AppData\Local\Torch\Update\TorchCrashHandler.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uProxyOverride = <-loopback>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Facebook Update] "c:\users\aimee\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
    StartupFolder: c:\users\aimee\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    TCP: NameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9} : DHCPNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244584F6D656845726D283738363 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\35B4950303638323 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C} : DHCPNameServer = 172.20.10.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
    SSODL: WebCheck - <orphaned>
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: browsemngr.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browsermngr.exe - tasklist.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-3-13 138400]
    R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-4 1153368]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
    R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
    R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2011-10-3 169472]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2011-10-3 49664]
    R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-6-18 1336320]
    R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-6-18 417280]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-6-18 278528]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-18 414824]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
    S3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2006-10-13 10288]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-28 108032]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTSUSTOR.SYS [2012-6-18 197224]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    .
    =============== Created Last 30 ================
    .
    2013-11-28 18:10:50 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9a882a7-13d5-406a-9bba-e96d8570099c}\mpengine.dll
    2013-11-28 16:56:00 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-11-24 23:28:57 -------- d-----w- c:\programdata\Datamngr
    2013-11-24 21:22:36 -------- d-----w- c:\users\aimee\appdata\roaming\SUPERAntiSpyware.com
    2013-11-24 21:21:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-11-24 21:21:57 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-11-15 21:27:01 -------- d-----w- c:\programdata\BrowserProtect
    2013-11-15 21:27:01 -------- d-----w- c:\programdata\BitGuard
    2013-11-15 20:56:31 -------- d-----w- c:\programdata\TorchCrashHandler
    2013-11-15 20:55:38 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2013-11-15 20:55:38 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2013-11-15 20:55:38 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2013-11-15 20:55:38 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2013-11-15 20:55:37 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2013-11-15 20:55:37 -------- d-----w- c:\users\aimee\appdata\roaming\TFP
    2013-11-15 20:52:51 -------- d-----w- c:\users\aimee\appdata\local\Torch
    2013-11-15 20:40:06 -------- d-----w- c:\programdata\Wincert
    2013-11-15 20:37:38 -------- d-----w- c:\program files\Movies Toolbar
    2013-11-14 08:47:24 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-11-14 08:47:23 369848 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-11-14 08:47:23 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-11-14 08:47:22 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-11-14 08:47:22 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-11-14 08:47:21 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-11-14 08:47:21 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-11-14 08:47:21 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-11-14 08:47:20 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-11-14 08:47:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-11-14 08:46:50 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-14 08:46:48 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-11-14 08:46:47 168960 ----a-w- c:\windows\system32\credui.dll
    2013-11-14 08:46:12 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-11-14 08:45:04 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-11-14 08:45:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2013-11-14 08:45:03 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-11-14 08:44:56 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2013-11-07 09:29:40 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03e81ad5-a2fc-49ec-9687-06372ff93a93}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
    2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    ============= FINISH: 20:01:29.46 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-28 20:17:34
    -----------------------------
    20:17:34.202 OS Version: Windows 6.1.7601 Service Pack 1
    20:17:34.202 Number of processors: 4 586 0x3601
    20:17:34.202 ComputerName: AIMEE-PC UserName: Aimee
    20:17:42.455 Initialize success
    20:28:41.552 AVAST engine defs: 13112801
    20:30:02.766 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:30:02.782 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 238475MB BusType: 3
    20:30:02.969 Disk 0 MBR read successfully
    20:30:02.985 Disk 0 MBR scan
    20:30:03.343 Disk 0 Windows 7 default MBR code
    20:30:03.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:30:03.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    20:30:03.702 Disk 0 scanning sectors +488394752
    20:30:04.045 Disk 0 scanning C:\Windows\system32\drivers
    20:30:43.747 Service scanning
    20:31:18.223 Service MpKsl4b59ac68 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys **LOCKED** 32
    20:31:59.362 Modules scanning
    20:32:19.158 Disk 0 trace - called modules:
    20:32:19.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    20:32:19.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bcca48]
    20:32:19.751 3 CLASSPNP.SYS[86dae59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8408f028]
    20:32:28.659 AVAST engine scan C:\Windows
    20:32:35.133 AVAST engine scan C:\Windows\system32
    20:40:30.980 AVAST engine scan C:\Windows\system32\drivers
    20:41:29.060 AVAST engine scan C:\Users\Aimee
    20:54:53.726 Disk 0 MBR has been saved successfull y to "C:\Users\Aimee\Desktop\MBR.dat"
    20:54:54.209 The log file has been saved successfully to "C:\Users\Aimee\Desktop\aswMBR.txt"


    --- Search result list ---
    Delta.Toolbar: [SBI $20319BF7] User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\DataMngr

    Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

    Delta.Toolbar: [SBI $ACF354C8] Program directory (Directory, nothing done)
    C:\ProgramData\BrowserProtect\

    Win32.BitGuard: [SBI $93F166B5] Program directory (Directory, nothing done)
    C:\ProgramData\BitGuard\


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-12-04 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2013-11-06 Includes\Adware.sbi (*)
    2013-11-26 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-10-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-11-19 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-11-26 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-10-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2013-09-17 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-11-05 Includes\TrojansC-02.sbi (*)
    2013-11-26 Includes\TrojansC-03.sbi (*)
    2013-10-22 Includes\TrojansC-04.sbi (*)
    2013-06-13 Includes\TrojansC-05.sbi (*)
    2013-04-19 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 958576
    MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4

    Located: HK_LM:Run, APSDaemon
    command: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    file: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    size: 59720
    MD5: 61E4289E91E88C90478D7F4BEB10DCF7

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42

    Located: HK_LM:Run, MSC
    command: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    file: c:\Program Files\Microsoft Security Client\msseces.exe
    size: 948440
    MD5: 03396637E1E1B4E333D00AED86178918

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 253816
    MD5: D63797E8E7781EE1500A810CB6194FA6

    Located: HK_CU:Run, SearchProtect
    where: .DEFAULT...
    command: \SearchProtect\bin\cltmng.exe
    file: \SearchProtect\bin\cltmng.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-19...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 93696
    MD5: BBA1A5B86134F496B926DDAF247DB871

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-20...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 93696
    MD5: BBA1A5B86134F496B926DDAF247DB871

    Located: HK_CU:Run, Facebook Update
    where: S-1-5-21-3808433556-406660851-2857496050-1000...
    command: "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    file: C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, SUPERAntiSpyware
    where: S-1-5-21-3808433556-406660851-2857496050-1000...
    command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    size: 5717272
    MD5: BC121F6E4432CBB79129201C191674AD

    Located: HK_CU:Run, SearchProtect
    where: S-1-5-18...
    command: \SearchProtect\bin\cltmng.exe
    file: \SearchProtect\bin\cltmng.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\ERUNT\AUTOBACK.EXE
    file: C:\Program Files\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B

    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
    info link: http://www.safer-networking.org/
    info source: Safer-Networking Ltd.
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 04/12/2012 18:23:46
    Date (last access): 04/12/2012 18:23:46
    Date (last write): 26/01/2009 15:31:02
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files\Java\jre7\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 14/07/2013 21:33:22
    Date (last access): 14/07/2013 21:33:22
    Date (last write): 14/07/2013 21:33:22
    Filesize: 463272
    Attributes: archive
    MD5: 155915C088F11EEB9B342F4134F11C7E
    CRC32: 1A627FD9
    Version: 10.25.2.17

    {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} (IESpeakDoc)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: IESpeakDoc
    CLSID name: CIESpeechBHO Class
    Path: C:\Program Files\Bluetooth Suite\
    Long name: IEPlugIn.dll
    Short name:
    Date (created): 13/03/2011 09:58:06
    Date (last access): 18/06/2012 18:02:14
    Date (last write): 13/03/2011 09:58:06
    Filesize: 60576
    Attributes: archive
    MD5: 9E33A81ABB2A058AC25C6907D260C932
    CRC32: 84C66DF1
    Version: 7.2.0.65

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: C:\Program Files\Google\Google Toolbar\
    Long name: GoogleToolbar_32.dll
    Short name: GOOGLE~1.DLL
    Date (created): 18/06/2012 19:29:52
    Date (last access): 18/06/2012 19:29:52
    Date (last write): 10/10/2013 07:32:52
    Filesize: 194640
    Attributes: archive
    MD5: 6028E7AAC8630C27564D6164A589AB91
    CRC32: 5841059E
    Version: 7.5.4601.54

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre7\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 14/07/2013 21:33:18
    Date (last access): 14/07/2013 21:33:18
    Date (last write): 14/07/2013 21:33:18
    Filesize: 171944
    Attributes: archive
    MD5: 5B1E711B7F870B355B1BCD8874037EEF
    CRC32: 5776D394
    Version: 10.25.2.17



    --- ActiveX list ---
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
    DPF name:
    CLSID name: Microsoft Office Template and Media Control
    Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
    Codebase: http://office.microsoft.com/_layouts.../ieawsdc32.cab
    description:
    classification: Legitimate
    known filename: IEAWSDC.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\PROGRA~1\MICROS~3\OFFICE11\
    Long name: IEAWSDC.DLL
    Short name:
    Date (created): 26/08/2012 15:16:26
    Date (last access): 26/08/2012 15:16:26
    Date (last write): 26/08/2012 15:16:26
    Filesize: 196208
    Attributes: archive
    MD5: 1D4F4F0321DFE3427C34545A572D77AA
    CRC32: 6A9C51D3
    Version: 15.0.4420.0



    --- Process list ---
    PID: 2020 ( 584) C:\Windows\system32\taskhost.exe
    size: 49152
    MD5: 72E953215CADE1A726C04AAFDF6B463D
    PID: 2036 (1136) C:\Windows\system32\Dwm.exe
    size: 92672
    MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
    PID: 476 (2004) C:\Windows\Explorer.EXE
    size: 2616320
    MD5: 8B88EBBB05A0E56B7DCC708498C02B3E
    PID: 2184 ( 476) C:\Program Files\Microsoft Security Client\msseces.exe
    size: 948440
    MD5: 03396637E1E1B4E333D00AED86178918
    PID: 2280 ( 476) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 253816
    MD5: D63797E8E7781EE1500A810CB6194FA6
    PID: 2344 ( 476) C:\Program Files\iTunes\iTunesHelper.exe
    size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42
    PID: 2464 ( 476) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    size: 5717272
    MD5: BC121F6E4432CBB79129201C191674AD
    PID: 3404 (1856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 320 ( 4) smss.exe
    size: 69632
    PID: 456 ( 392) csrss.exe
    size: 6144
    PID: 520 ( 392) wininit.exe
    size: 96256
    PID: 528 ( 512) csrss.exe
    size: 6144
    PID: 584 ( 520) services.exe
    size: 259072
    PID: 616 ( 512) winlogon.exe
    size: 286720
    PID: 624 ( 520) lsass.exe
    size: 22016
    PID: 636 ( 520) lsm.exe
    size: 267776
    PID: 816 ( 584) svchost.exe
    size: 20992
    PID: 904 ( 584) svchost.exe
    size: 20992
    PID: 984 ( 584) MsMpEng.exe
    PID: 1096 ( 584) svchost.exe
    size: 20992
    PID: 1136 ( 584) svchost.exe
    size: 20992
    PID: 1184 ( 584) svchost.exe
    size: 20992
    PID: 1232 ( 584) svchost.exe
    size: 20992
    PID: 1432 ( 584) svchost.exe
    size: 20992
    PID: 1608 ( 584) spoolsv.exe
    size: 317440
    PID: 1656 ( 584) svchost.exe
    size: 20992
    PID: 1800 ( 584) SASCore.exe
    PID: 1900 ( 584) armsvc.exe
    PID: 1992 ( 584) AppleMobileDeviceService.exe
    PID: 668 ( 584) Ath_CoexAgent.exe
    PID: 840 ( 584) AdminService.exe
    PID: 1148 ( 584) mDNSResponder.exe
    PID: 128 ( 584) svchost.exe
    size: 20992
    PID: 336 ( 584) TorchCrashHandler.exe
    PID: 2116 ( 584) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2752 ( 584) svchost.exe
    size: 20992
    PID: 3064 ( 584) NisSrv.exe
    PID: 3152 ( 584) iPodService.exe
    PID: 3352 ( 584) SearchIndexer.exe
    size: 427520


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 28/11/2013 22:18:50

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD RfComm [Bluetooth]
    GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD RfComm [Bluetooth]

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 13
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 13
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] SEQPACKET 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] DATAGRAM 10
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] SEQPACKET 11
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] DATAGRAM 11
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] SEQPACKET 15
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] DATAGRAM 15
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 14
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 14
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 8
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] SEQPACKET 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] DATAGRAM 9
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 6: Bluetooth Namespace
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

    Namespace Provider 7: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

    sorry here is the attachment
    Attached Files Attached Files

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Next:

    Regarding the below you mentioned:-

    Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

    Exploit:Java/CVE-2013-2423
    Exploit:Java/CVE-2013-0431
    Should be fine to leave as is and will be fully purged in due course and relate to a Java vulnerability which I will discuss further below.

    Java Advice:

    There has been a recent severe exploration of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that is installed Jave related:-

    Java 7 Update 25

    So you need to uninstall thisl(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall but I advise against it and for the present I do not even have anything Java related installed on my machines.

    Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

    Temp' Disable TeaTimer:

    This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

    How to do so can be read here, scroll down to:-

    When Spybot-S&D version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.
    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features can be viewed here.

    Scan with AdwCleaner:

    Please download adwcleaner from here and save to your desktop.

    Alternate downloads are here or here.

    • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report in your next reply.

    Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is the computer performing now, any further symptoms and or problems encountered ?
    • Your decision about a new Java installation.
    • AdwCleaner Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi Dakeyras,

    Nice to meet you and thank you for getting back to me, I will proceed with your every word and get back to you shortly.

    Cheers

  4. #4
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi I also chose to delete Java 7 Update 25, as I am going to go with what you recommend.

    I have done this and am working through the points now.

  5. #5
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi as you seen I deleted the Java 25 thing as you said, and checked for a problem we where encountering.

    This was although we had set http://www.google.com as the default home page it was going to ask.com with a huge string behind it, and then almost straight after the manage add on pop up would appear.

    I just launched IE and this didnt happen so I think that problem seems to be gone, although as for anything else that was going on I'm not too sure at the moment.

    Here is the log:

    # AdwCleaner v3.013 - Report created 29/11/2013 at 17:03:29
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Aimee - AIMEE-PC
    # Running from : C:\Users\Aimee\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : torchcrashhandler

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Searchprotect
    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\GameTap Web Player
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\GameTap Web Player
    Folder Deleted : C:\Program Files\Movies Toolbar
    Folder Deleted : C:\Program Files\WebConnect
    Folder Deleted : C:\Users\Aimee\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Aimee\AppData\Local\torch
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Aimee\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Advanced System Protector
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\xVidly
    Folder Deleted : C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    File Deleted : C:\Windows\System32\Tasks\Advanced System Protector

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
    Key Deleted : HKCU\Software\Classes\iLivid.torrent
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKCU\Software\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\5f288dce76dbe17
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\torch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v

    [ File : C:\Users\Aimee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8557 octets] - [29/11/2013 16:59:01]
    AdwCleaner[S0].txt - [8507 octets] - [29/11/2013 17:03:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8567 octets] ##########

  6. #6
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OK we still seem to be having one of the original problems, sorry I have put it in a second post as I am basically trying ot fix this for my daughter and so dont know all the problems.

    So another problem we are getting is that when we go to say yahoo.com using the IE browser, straight away we get a 'Internet Explorer has stopped working' prompt, and it tries to fix the problem, but it basically goes around in a circle.

    This seems to be the next immediate problem we have.

  7. #7
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    All prior posts acknowledged and you're welcome! Lets proceed as follows shall we...

    Scan with JRT:

    Please download Junkware Removal Tool to the desktop.

    Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

    • Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Note: Reboot the machine and ensure all disabled security software is now enabled etc.

    Scan with OTL:

    Please download OTL and save it to the desktop.

    Alternate downloads are here and here.

    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan/Fixes box cut & paste this in:-

    Netsvcs
    Baseservices
    %systemdrive%\*.exe
    C:\program files\Google\Desktop
    Dir "%systemdrive%\*" /S /A:L /C
    CreateRestorePoint


    • Now click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these two Notepad files in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  8. #8
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Professional x86
    Ran by Aimee on 30/11/2013 at 11:09:04.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3808433556-406660851-2857496050-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5941957F-34BB-4070-94B2-10ADA44EC673}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\datamngr"
    Successfully deleted: [Folder] "C:\Users\Aimee\appdata\local\solid savings"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 30/11/2013 at 11:13:59.50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OTL logfile created on: 30/11/2013 19:40:07 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aimee\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1010.86 Mb Total Physical Memory | 285.38 Mb Available Physical Memory | 28.23% Memory free
    1.99 Gb Paging File | 0.95 Gb Available in Paging File | 47.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 199.88 Gb Free Space | 85.86% Space Free | Partition Type: NTFS

    Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    PRC - [2013/11/05 17:56:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/06/15 08:06:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
    PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/19 18:25:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys -- (MpKsl4b59ac68)
    DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/03/26 13:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2011/12/13 07:11:46 | 001,336,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
    DRV - [2011/10/03 09:15:14 | 000,169,472 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV - [2011/10/03 09:15:14 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/08 23:37:56 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2011/03/13 09:57:54 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
    DRV - [2011/03/13 09:57:54 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV - [2011/03/13 09:57:54 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV - [2011/03/13 09:57:54 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV - [2011/03/13 09:57:54 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
    DRV - [2011/03/13 09:57:54 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV - [2011/03/13 09:57:52 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV - [2010/12/01 08:12:04 | 000,197,224 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSUSTOR.SYS -- (RSUSBSTOR)
    DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/07/08 01:02:14 | 001,801,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2006/10/13 19:33:00 | 000,010,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asushwio.sys -- (Asushwio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE B2 D3 DD 85 AC CE 01 [binary data]
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB489
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Aimee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found


    [2013/09/07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========


    O1 HOSTS File: ([2013/11/28 18:37:12 | 000,450,660 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}: DhcpNameServer = 172.20.10.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstallAll.exe
    O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell\AutoRun\command - "" = D:\CMADownloader.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/30 19:33:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    [2013/11/30 11:08:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/11/30 10:49:31 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
    [2013/11/29 16:58:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/29 16:49:58 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2013/11/29 16:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    [2013/11/29 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/11/28 20:15:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
    [2013/11/28 19:57:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
    [2013/11/28 19:54:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/11/28 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/11/28 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/11/28 00:04:54 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/11/28 00:04:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/11/28 00:04:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
    [2013/11/28 00:04:53 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/11/28 00:04:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/11/28 00:04:52 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/11/28 00:04:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/11/28 00:04:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
    [2013/11/28 00:04:51 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/11/28 00:04:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/11/28 00:04:51 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/11/28 00:04:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/11/28 00:04:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/11/28 00:04:51 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/11/28 00:04:51 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/11/28 00:04:51 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/11/28 00:04:51 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/11/28 00:04:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/11/28 00:04:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/11/28 00:04:50 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/11/28 00:04:50 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/11/28 00:04:50 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/11/28 00:04:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/11/28 00:04:50 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/11/28 00:04:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/11/28 00:04:49 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/11/28 00:04:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/11/28 00:04:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
    [2013/11/28 00:04:49 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/11/28 00:04:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
    [2013/11/28 00:04:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
    [2013/11/28 00:04:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/11/28 00:04:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
    [2013/11/28 00:04:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/11/28 00:04:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/11/28 00:04:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/11/28 00:04:47 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
    [2013/11/28 00:04:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/11/28 00:04:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/11/28 00:04:46 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/11/28 00:04:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/11/28 00:04:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/11/28 00:04:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/11/24 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
    [2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/15 20:55:38 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
    [2013/11/15 20:55:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
    [2013/11/15 20:55:38 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
    [2013/11/15 20:55:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
    [2013/11/15 20:55:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
    [2013/11/15 20:55:37 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\TFP
    [2013/11/14 08:47:21 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/11/14 08:47:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
    [2013/11/14 08:46:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2013/11/14 08:46:48 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
    [2013/11/14 08:45:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
    [2013/11/14 08:45:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2013/11/11 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Documents\iphone pics
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/30 19:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job
    [2013/11/30 19:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
    [2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/30 19:23:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/30 19:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/30 19:23:41 | 794,972,160 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/30 19:22:08 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/11/30 19:22:08 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/11/30 16:41:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job
    [2013/11/30 10:50:32 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
    [2013/11/29 16:57:23 | 001,091,882 | ---- | M] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
    [2013/11/29 16:51:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    [2013/11/29 16:48:44 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/11/29 16:47:51 | 003,927,696 | ---- | M] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/11/28 20:54:54 | 000,000,512 | ---- | M] () -- C:\Users\Aimee\Desktop\MBR.dat
    [2013/11/28 20:17:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
    [2013/11/28 19:57:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
    [2013/11/28 19:52:33 | 000,001,074 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/11/28 19:52:21 | 000,000,875 | ---- | M] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
    [2013/11/28 18:37:12 | 000,450,660 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/11/28 00:04:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    [2013/11/28 00:04:54 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
    [2013/11/28 00:04:53 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
    [2013/11/28 00:04:53 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2013/11/28 00:04:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/11/28 00:04:53 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/11/28 00:04:52 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2013/11/28 00:04:52 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
    [2013/11/28 00:04:51 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/11/28 00:04:51 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
    [2013/11/28 00:04:51 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/11/28 00:04:51 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2013/11/28 00:04:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2013/11/28 00:04:51 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/11/28 00:04:51 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2013/11/28 00:04:51 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2013/11/28 00:04:51 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/11/28 00:04:51 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/11/28 00:04:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/11/28 00:04:51 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/11/28 00:04:51 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2013/11/28 00:04:50 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/11/28 00:04:50 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/11/28 00:04:50 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2013/11/28 00:04:50 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2013/11/28 00:04:50 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2013/11/28 00:04:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2013/11/28 00:04:49 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
    [2013/11/28 00:04:49 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2013/11/28 00:04:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
    [2013/11/28 00:04:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
    [2013/11/28 00:04:48 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/11/28 00:04:48 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
    [2013/11/28 00:04:48 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2013/11/28 00:04:48 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2013/11/28 00:04:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2013/11/28 00:04:47 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
    [2013/11/28 00:04:47 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2013/11/28 00:04:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2013/11/28 00:04:46 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/11/28 00:04:46 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/11/28 00:04:46 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/11/28 00:04:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2013/11/24 21:12:13 | 000,004,975 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/11/22 14:12:04 | 000,074,727 | ---- | M] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
    [2013/11/22 14:11:50 | 000,035,535 | ---- | M] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
    [2013/11/20 09:15:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/11/19 10:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/11/16 21:29:11 | 000,006,086 | ---- | M] () -- C:\Users\Aimee\Desktop\nail.png
    [2013/11/15 20:56:38 | 000,001,138 | ---- | M] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/11/11 21:06:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [2013/11/05 09:45:50 | 004,413,614 | ---- | M] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
    [2013/11/04 15:58:15 | 000,329,452 | ---- | M] () -- C:\Users\Aimee\Desktop\science.png
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/29 16:57:23 | 001,091,882 | ---- | C] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
    [2013/11/29 16:51:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    [2013/11/29 16:48:44 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/11/29 16:47:17 | 003,927,696 | ---- | C] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/11/28 20:54:53 | 000,000,512 | ---- | C] () -- C:\Users\Aimee\Desktop\MBR.dat
    [2013/11/28 19:52:33 | 000,001,074 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/11/28 19:52:21 | 000,000,875 | ---- | C] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
    [2013/11/28 00:04:51 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2013/11/22 14:13:41 | 000,035,535 | ---- | C] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
    [2013/11/22 14:12:48 | 000,074,727 | ---- | C] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
    [2013/11/16 21:29:10 | 000,006,086 | ---- | C] () -- C:\Users\Aimee\Desktop\nail.png
    [2013/11/15 20:56:37 | 000,001,359 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    [2013/11/15 20:55:14 | 000,001,138 | ---- | C] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/11/11 21:06:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [2013/11/05 09:45:05 | 004,413,614 | ---- | C] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
    [2013/11/04 15:58:13 | 000,329,452 | ---- | C] () -- C:\Users\Aimee\Desktop\science.png
    [2013/07/25 20:01:52 | 000,004,975 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/06/20 18:17:55 | 000,020,123 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png
    [2012/06/22 08:17:22 | 000,006,144 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/18 19:18:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/06/18 17:58:30 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
    [2012/06/18 17:55:05 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012/06/18 17:52:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2012/06/18 17:52:26 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

    ========== ZeroAccess Check ==========

    [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Base Services ==========
    SRV - [2009/07/14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2013/02/27 04:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010/11/20 21:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010/11/20 21:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2012/07/04 21:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010/11/20 21:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2011/03/03 05:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/07/14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009/07/14 01:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010/11/20 21:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2009/07/14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009/07/14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009/07/14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2012/10/03 16:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009/07/14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2011/05/24 10:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2012/02/11 05:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009/07/14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010/11/20 21:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009/07/14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009/07/14 01:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010/11/20 21:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010/11/20 21:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010/11/20 21:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010/11/20 21:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2012/05/01 04:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010/11/20 21:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010/11/20 21:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/20 21:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010/11/20 21:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010/11/20 21:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010/11/20 21:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009/07/14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012/06/02 22:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010/11/20 21:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009/07/14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010/11/20 21:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    < %systemdrive%\*.exe >

    < C:/program files\Google\Desktop >
    Invalid Switch: program files\Google\Desktop

    < Dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C has no label.
    Volume Serial Number is 44F5-CABF
    Directory of C:\
    14/07/2009 04:53 <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    14/07/2009 04:53 <SYMLINKD> All Users [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee
    18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Roaming]
    18/06/2012 17:44 <JUNCTION> Cookies [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Cookies]
    18/06/2012 17:44 <JUNCTION> Local Settings [C:\Users\Aimee\AppData\Local]
    18/06/2012 17:44 <JUNCTION> My Documents [C:\Users\Aimee\Documents]
    18/06/2012 17:44 <JUNCTION> NetHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    18/06/2012 17:44 <JUNCTION> PrintHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    18/06/2012 17:44 <JUNCTION> Recent [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Recent]
    18/06/2012 17:44 <JUNCTION> SendTo [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\SendTo]
    18/06/2012 17:44 <JUNCTION> Start Menu [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu]
    18/06/2012 17:44 <JUNCTION> Templates [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee\AppData\Local
    18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Local]
    18/06/2012 17:44 <JUNCTION> History [C:\Users\Aimee\AppData\Local\Microsoft\Windows\History]
    18/06/2012 17:44 <JUNCTION> Temporary Internet Files [C:\Users\Aimee\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Aimee\Documents
    18/06/2012 17:44 <JUNCTION> My Music [C:\Users\Aimee\Music]
    18/06/2012 17:44 <JUNCTION> My Pictures [C:\Users\Aimee\Pictures]
    18/06/2012 17:44 <JUNCTION> My Videos [C:\Users\Aimee\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    14/07/2009 04:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    14/07/2009 04:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    14/07/2009 04:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
    14/07/2009 04:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    14/07/2009 04:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    14/07/2009 04:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    14/07/2009 04:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    14/07/2009 04:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    14/07/2009 04:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    14/07/2009 04:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    14/07/2009 04:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Default\Music]
    14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Public\Music]
    14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    50 Dir(s) 214,330,187,776 bytes free

    < End of report >

  10. #10
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    OTL Extras logfile created on: 30/11/2013 19:40:07 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aimee\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1010.86 Mb Total Physical Memory | 285.38 Mb Available Physical Memory | 28.23% Memory free
    1.99 Gb Paging File | 0.95 Gb Available in Paging File | 47.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 199.88 Gb Free Space | 85.86% Space Free | Partition Type: NTFS

    Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3E8B63F6-5212-453A-ACB0-6DE784F4B6A3}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{563858B2-91A9-4C6D-A18C-D79BA412CFAF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{5CBA8580-8C3D-4429-8075-6628EAF88AF9}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{A2613ABC-C528-4242-BF2F-47FB594C9A68}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{DB081F9F-755E-4B11-BAE3-99F2D8194D34}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{F06ACF76-376C-4470-9762-C9C081D03B08}" = lport=5358 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{11BCA9C2-5447-4956-AEE4-6FFC8A4A1A87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{374AFF88-37FC-4BDA-BBC7-E8E21CFA1E14}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{397E375D-9C3D-4248-B39B-B31C1E494384}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\torrent\torchtorrent.exe |
    "{3B7B2EB8-32C7-4346-B73D-11F7C59BF41B}" = protocol=17 | dir=in | app=c:\users\aimee\appdata\local\ilivid\ilivid.exe |
    "{46C54DD5-9EEB-4BE7-AA9A-7CF912CD43DA}" = dir=in | app=c:\users\aimee\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{5B7E9714-99A8-48BE-8AEF-8CDACEE0C67B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{5F7ACAD2-FC7A-4BAB-BF94-559681346316}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\hola\hola_plugin.exe |
    "{8E4A317B-5A8D-4882-8534-9AE6651B63C5}" = protocol=6 | dir=in | app=c:\users\aimee\appdata\local\ilivid\ilivid.exe |
    "{A413625F-EB81-486D-98F6-ADCB9546B490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C3F2E844-A2F3-4C6C-B9CA-67E62D852FA5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{DEA150ED-2D0C-4253-AADB-00136BAAAABE}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{EF592343-A9E7-4261-B2C3-0306A9D68579}" = dir=in | app=c:\users\aimee\appdata\roaming\allmyapps\allmyapps.exe |
    "{F09FDB25-9FE2-4E60-99C6-BD3CAE7862C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F0A835DD-2BC4-453F-864B-F407959DF1DF}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
    "TCP Query User{69F0CECA-39A5-419F-99BF-7AF7EB7E7D5F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{E5314701-A63B-4163-A394-3D1223DE457B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{74DD8E77-3451-4577-93DB-183CF930E9A7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{F7F35DAC-5066-4E8A-AEB2-4ED8201ECDAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8FC83CE1-EA4F-48D2-9F51-51546C2D33E2}" = Fresco Logic USB3.0 Host Controller
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ERUNT_is1" = ERUNT 1.1j
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 30/11/2013 07:32:23 | Computer Name = Aimee-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 15678

    Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15678

    Error - 30/11/2013 15:24:19 | Computer Name = Aimee-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 30/11/2013 15:32:32 | Computer Name = Aimee-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
    time stamp: 0x525b664c Faulting module name: ntdll.dll, version: 6.1.7601.18247,
    time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting
    process id: 0xd84 Faulting application start time: 0x01ceee02bf446ca1 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 278f8e4f-59f6-11e3-8410-0008ca3c03e1

    Error - 30/11/2013 15:32:45 | Computer Name = Aimee-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
    time stamp: 0x525b664c Faulting module name: ntdll.dll, version: 6.1.7601.18247,
    time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting
    process id: 0x1c4 Faulting application start time: 0x01ceee02eef26535 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 2fb60ff4-59f6-11e3-8410-0008ca3c03e1

    [ System Events ]
    Error - 30/11/2013 13:18:54 | Computer Name = Aimee-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 30/11/2013 13:19:44 | Computer Name = Aimee-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/11/2013 15:24:19 | Computer Name = Aimee-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom


    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •