Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Delta.Toolbar and Win32.BitGuard

  1. #11
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Still some way to go yet...

    Might as well uninstall Erunt as it is not truly compatible with the version of windows in use and the other application I advised(Tweaking.com - Registry Backup) is more reliable overall. Also SUPERAntiSpyware is not a particularly effective application in my humble opinion nor is is something I recommend or use, your call though if you wish to keep it installed.

    Check Proxy Settings:

    Launch Internet Options...

    • Click on Start(Windows 7 Orb) >> Control Panel >> Network and Internet >> Internet Options
    • Or via Start(Windows 7 Orb) >> Control Panel >> >> Internet Options
    • Once the Internet Properties window appears >> click on Connections >> LAN settings
    • Ensure Automatically detect settings is selected and the following are not:

    Use automatic configuration script

    Use a proxy server for your LAN

    • Click on OK >> OK to close the Internet Properties window.

    Custom OTL Script:

    • Right-click OTL.exe and select Run as Administrator to start the program.
    • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [CreateRestorePoint]

    :OTL
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

    :Files
    ipconfig /release /c
    ipconfig /renew /c
    ipconfig /flushdns /c
    netsh winsock reset all /c
    netsh int ip reset all /c
    netsh advfirewall reset /c
    netsh advfirewall set allprofiles state on /c

    :Commands
    [EmptyTemp]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot the computer, allow it to do so. The report should appear in Notepad after the reboot.

    Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Malwarebytes Anti-Malware:

    Please download the installer for Malwarebytes' Anti-Malware to the desktop.

    Note: The installer will be randomly named, say for example something like 549od2jqai.exe

    • Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post that log in your next reply.

    The log can also be found here:

    • Launch Malwarebytes' Anti-Malware
    • Click on the Logs radio tab.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is your computer daughter's performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  2. #12
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi,

    I will go with what you say and delete what you recommend.

    Before i start can you explain further what you mean by -

    quote-box(do not copy the word quote)

    Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]

  3. #13
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    I will go with what you say and delete what you recommend.
    Acknowledged...

    Before i start can you explain further what you mean by -

    quote-box(do not copy the word quote)

    Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]
    Ah I see your confusion, the quote box here in this forum is slightly different from others and my oversight, so my apologies about that. I advised that as the version of IE in use on your daughters machine can at times be problematic if I used a code box for the custom script and it may not be cut and pasted as is correctly.

    Anyway merely copy all of the aforementioned custom OTL fix or the one below, either will suffice:-

    :Commands
    [CreateRestorePoint]

    :OTL
    IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
    O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

    :Files
    ipconfig /release /c
    ipconfig /renew /c
    ipconfig /flushdns /c
    netsh winsock reset all /c
    netsh int ip reset all /c
    netsh advfirewall reset /c
    netsh advfirewall set allprofiles state on /c

    :Commands
    [EmptyTemp]
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  4. #14
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi,

    The computer does seem better, not so sluggish, but still not as quick as it was, and also we noticed that if we say go to bbc.co.uk the site works fine, and a few other sites such as online banking, webmail and all, but when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.

    I was also suprised that the final scan didnt come up with any malware, but have posted the scn results below.

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
    C:\Windows\system32\npDeployJava1.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
    Registry value HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\mctadmin not found.
    File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
    File move failed. C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk scheduled to be moved on reboot.
    File C:\Program Files\ERUNT\AUTOBACK.EXE not found.
    ========== FILES ==========
    < ipconfig /release /c >
    Windows IP Configuration
    No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
    No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
    No operation can be performed on Local Area Connection while it has its media disconnected.
    Wireless LAN adapter Wireless Network Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Ethernet adapter Bluetooth Network Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
    Autoconfiguration IPv4 Address. . : 169.254.56.188
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    Ethernet adapter Local Area Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Tunnel adapter isatap.home:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < ipconfig /renew /c >
    Windows IP Configuration
    No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
    No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
    No operation can be performed on Local Area Connection while it has its media disconnected.
    Wireless LAN adapter Wireless Network Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Ethernet adapter Bluetooth Network Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . : home
    Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
    IPv4 Address. . . . . . . . . . . : 192.168.1.65
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.254
    Ethernet adapter Local Area Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Tunnel adapter isatap.home:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : home
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < netsh winsock reset all /c >
    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < netsh int ip reset all /c >
    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < netsh advfirewall reset /c >
    Ok.
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    < netsh advfirewall set allprofiles state on /c >
    Ok.
    C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
    C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Aimee
    ->Temp folder emptied: 415479594 bytes
    ->Temporary Internet Files folder emptied: 1490722912 bytes
    ->Java cache emptied: 311072 bytes
    ->Apple Safari cache emptied: 7497728 bytes
    ->Flash cache emptied: 880 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1341707 bytes
    RecycleBin emptied: 6759111 bytes

    Total Files Cleaned = 1,833.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11302013_222716

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
    File\Folder C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.01.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16428
    Aimee :: AIMEE-PC [administrator]

    Protection: Enabled

    01/12/2013 22:08:40
    mbam-log-2013-12-01 (22-08-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195545
    Time elapsed: 10 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  5. #15
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.
    Acknowledged.

    I was also suprised that the final scan didnt come up with any malware
    A good sign that then, though we have not completed the malware removal process just yet.

    OK before anything further proactive I would like a few further benign scans to ascertain the overall situation as follows...

    Check Hard Disk For Errors:

    • Open Notepad.
    • Copy and Paste everything from the Code Box below into Notepad:

    Code:
    @Echo off
    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    del %0
    • Go to File >> Save As
    • Save File name as Dakeyras.bat
    • Change Save as Type to All Files and save the file to the Desktop.
    • It should look similar to this:

    Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

    A file icon named checkhd.txt should appear on the desktop. Please post the contents of this file in your next reply.

    Scan with Farbar Recovery Scan Tool:

    Please download and save Farbar Recovery Scan Tool 32-Bit to to the desktop.

    • Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
    • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
    • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
    • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
    • There will now be two logs on the desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  6. #16
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    The type of the file system is NTFS.

    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.

    CHKDSK is verifying files (stage 1 of 3)...
    File verification completed.
    278 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    44 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 3)...
    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 3)...
    Security descriptor verification completed.
    15621 data files processed.

    CHKDSK is verifying Usn Journal...
    Usn Journal verification completed.
    Windows has checked the file system and found no problems.

    244093951 KB total disk space.
    32791304 KB in 71179 files.
    47292 KB in 15622 indexes.
    0 KB in bad sectors.
    238855 KB in use by the system.
    65536 KB occupied by the log file.
    211016500 KB available on disk.

    4096 bytes in each allocation unit.
    61023487 total allocation units on disk.
    52754125 allocation units available on disk.

  7. #17
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2013
    Ran by Aimee at 2013-12-02 20:12:15
    Running from C:\Users\Aimee\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
    Adobe Reader XI (11.0.05) (Version: 11.0.05)
    Apple Application Support (Version: 2.3.4)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    Atheros Client Installation Program (Version: 7.0)
    Bluetooth Win7 Suite (Version: 7.2.0.65)
    Bonjour (Version: 3.0.0.10)
    Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
    Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
    Fresco Logic USB3.0 Host Controller (Version: 3.5.2.0)
    Google Toolbar for Internet Explorer (Version: 1.0.0)
    Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
    Google Update Helper (Version: 1.3.21.165)
    Intel(R) Control Center (Version: 1.2.1.1007)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.14.8.1064)
    iTunes (Version: 11.0.4.4)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
    Microsoft Security Client (Version: 4.4.0304.0)
    Microsoft Security Essentials (Version: 4.4.304.0)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
    Realtek High Definition Audio Driver (Version: 6.0.1.6373)
    Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
    Skype™ 6.7 (Version: 6.7.102)
    Spybot - Search & Destroy (Version: 1.6.2)
    Synaptics Pointing Device Driver (Version: 15.3.33.0)
    Tweaking.com - Registry Backup (Version: 1.6.8)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

    ==================== Restore Points =========================

    08-11-2013 12:03:33 Windows Update
    12-11-2013 11:20:02 Windows Update
    14-11-2013 23:24:52 Windows Update
    18-11-2013 20:11:55 Windows Update
    20-11-2013 09:05:41 Windows Update
    23-11-2013 19:49:43 Windows Update
    27-11-2013 09:56:14 Windows Update
    28-11-2013 00:01:47 Windows Update
    29-11-2013 16:28:58 Removed Java 7 Update 25
    30-11-2013 19:42:44 OTL Restore Point - 30/11/2013 19:42:38
    30-11-2013 22:27:31 OTL Restore Point - 30/11/2013 22:27:29
    01-12-2013 13:02:34 Windows Update

    ==================== Hosts content: ==========================

    2009-07-14 02:04 - 2013-11-28 18:37 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {439CFAC0-3898-47C1-AB0B-B8900F695E57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {B2F4D289-715D-4E77-9480-222E615FFBD2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {D5BF4E30-B1C8-4C62-AC2C-BC072D55BD32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DFBD6FA4-D381-4BE8-A79F-DC2411422DED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: {E31EEFB4-281E-47D0-BC33-C20161434B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============

    Name: MpKsl4b59ac68
    Description: MpKsl4b59ac68
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKsl4b59ac68
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15647

    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/02/2013 03:54:13 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0x610
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:53:58 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xea0
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:53:38 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xce8
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:53:27 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xa28
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:53:14 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xf24
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:52:59 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xe10
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (12/02/2013 03:48:10 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
    Exception code: 0xc0000374
    Fault offset: 0x000c3873
    Faulting process id: 0xd8c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3


    System errors:
    =============
    Error: (12/02/2013 03:30:17 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 03:27:49 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.

    Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.


    Microsoft Office Sessions:
    =========================
    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15647

    Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/02/2013 03:54:13 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c387361001ceef76b884abcaC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllfd1e97d6-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:53:58 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ea001ceef76b01ccfd2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllf414de4c-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:53:38 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ce801ceef76a5803177C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle7f73d47-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:53:27 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873a2801ceef769e35faa0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle1530a81-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:53:14 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873f2401ceef769575e4aeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld9ddd3d5-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:52:59 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873e1001ceef767a1e5e84C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld09173c3-5b69-11e3-a220-0008ca3c03e1

    Error: (12/02/2013 03:48:10 PM) (Source: Application Error)(User: )
    Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873d8c01ceef7566207788C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll24d68b96-5b69-11e3-a220-0008ca3c03e1


    ==================== Memory info ===========================

    Percentage of memory in use: 82%
    Total physical RAM: 1010.86 MB
    Available physical RAM: 173.26 MB
    Total Pagefile: 2034.86 MB
    Available Pagefile: 944.94 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1891.93 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.79 GB) (Free:201.44 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 7E260D65)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  8. #18
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
    Ran by Aimee (administrator) on AIMEE-PC on 02-12-2013 20:09:46
    Running from C:\Users\Aimee\Desktop
    Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
    MountPoints2: {54740523-b963-11e1-b271-806e6f6e6963} - D:\InstallAll.exe
    MountPoints2: {5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1} - D:\CMADownloader.exe
    AppInit_DLLs: [ ] ()
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEB2D3DD85ACCE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
    R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    S3 Asushwio; C:\Windows\system32\drivers\Asushwio.sys [10288 2006-10-13] ()
    R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-13] (Atheros)
    R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-13] (Atheros)
    R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-13] (Atheros)
    R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-13] (Atheros)
    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-13] (Atheros)
    R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-13] (Atheros)
    R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-13] (Atheros)
    R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [169472 2011-10-03] (Fresco Logic)
    R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2011-10-03] (Fresco Logic)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    S1 MpKsl4b59ac68; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys [x]

    ========================== Drivers MD5 =======================

    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\Asushwio.sys C2A6683C9FF46AA70E2C2092B008EDC7
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\btath_flt.sys 882EDBAFCC227852C9DCA23EA48D2E78
    C:\Windows\System32\DRIVERS\athr.sys 1A66698963A14F42C4B002CF0380A2B9
    C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\System32\drivers\btath_a2dp.sys E5B321F18A1D8B6B8DD397D92BA5946A
    C:\Windows\System32\DRIVERS\btath_bus.sys F60E0C722442EA91F0C253B7814D8192
    C:\Windows\System32\DRIVERS\btath_hcrp.sys F31E369DB8258B28E3DCF66705AEA9E9
    C:\Windows\System32\DRIVERS\btath_lwflt.sys 6651798266FDE23159D961463A63A77D
    C:\Windows\System32\DRIVERS\btath_rcp.sys 08EF5298DF80BC136523BCD2ED8B9C37
    C:\Windows\System32\DRIVERS\btfilter.sys EF6269EAB772989E338BA4C833093BAC
    C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
    C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
    C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\FLxHCIc.sys 9C6AE2F9EB39689D8190B8906FBF4CFE
    C:\Windows\System32\DRIVERS\FLxHCIh.sys AD6A23EC38897B44B28A471FF001434D
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
    C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\iaStor.sys F4037A3FEDB92DD97C95F320766EA5C9
    C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
    C:\Windows\System32\DRIVERS\igddim32.sys 72A75B01371384ECBCFC6AD2AF6B9389
    C:\Windows\System32\DRIVERS\igdkmd32.sys 6B78789287D43615E7908CA31C0D5D6D
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHDA.sys B273B671B2DF2A40CA8298D5FAA5C8BE
    C:\Windows\System32\DRIVERS\IntcDAud.sys 8F4D251F1EA15FA97E8399128A72CC83
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
    C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\MpFilter.sys E77DC03DD3C8E5A388BF9EED2A28F3D1
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
    C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
    C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
    C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys 32FF06EC6D946EF791D98D6C838A3090
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
    C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
    C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RtsUStor.sys C5ACB4D2CA623F678257B0844BD1AC8A
    C:\Windows\System32\DRIVERS\Rt86win7.sys 3849D5D73BDD9B7BC4E3305DDC345B2C
    C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
    C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
    C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
    C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SynTP.sys 828E985E1989BC137CF0AF5BA99AA4DF
    C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
    C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
    C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
    C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
    C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
    C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
    C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
    C:\Windows\system32\drivers\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
    C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
    C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
    C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
    C:\Windows\system32\drivers\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
    C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
    C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
    C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
    C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-12-02 20:09 - 2013-12-02 20:10 - 00023400 _____ C:\Users\Aimee\Desktop\FRST.txt
    2013-12-02 20:09 - 2013-12-02 20:09 - 00000000 ____D C:\FRST
    2013-12-02 20:08 - 2013-12-02 20:08 - 01092187 _____ (Farbar) C:\Users\Aimee\Desktop\FRST.exe
    2013-12-02 20:03 - 2013-12-02 20:05 - 00001389 _____ C:\Users\Aimee\Desktop\checkhd.txt
    2013-12-01 21:53 - 2013-12-01 21:53 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Malwarebytes
    2013-12-01 21:52 - 2013-12-01 21:52 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-01 21:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-12-01 21:47 - 2013-12-01 21:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aimee\Desktop\xzhbz3vpl.exe
    2013-12-01 00:23 - 2013-12-01 00:23 - 00014544 _____ C:\Users\Aimee\Desktop\11302013_222716.log
    2013-11-30 22:27 - 2013-11-30 22:27 - 00000000 ____D C:\_OTL
    2013-11-30 22:10 - 2013-11-30 22:09 - 00001325 _____ C:\Users\Aimee\Desktop\OTL-2.txt
    2013-11-30 19:58 - 2013-11-30 20:02 - 00025388 _____ C:\Users\Aimee\Desktop\Extras.Txt
    2013-11-30 19:57 - 2013-11-30 20:02 - 00106168 _____ C:\Users\Aimee\Desktop\OTL.Txt
    2013-11-30 19:33 - 2013-11-30 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\Aimee\Desktop\OTL.exe
    2013-11-30 11:14 - 2013-11-30 17:57 - 00003026 _____ C:\Users\Aimee\Desktop\JRT.txt
    2013-11-30 11:08 - 2013-11-30 11:08 - 00000000 ____D C:\Windows\ERUNT
    2013-11-30 10:49 - 2013-11-30 10:50 - 01034531 _____ (Thisisu) C:\Users\Aimee\Desktop\JRT.exe
    2013-11-29 16:58 - 2013-11-29 17:04 - 00000000 ____D C:\AdwCleaner
    2013-11-29 16:57 - 2013-11-29 16:57 - 01091882 _____ C:\Users\Aimee\Desktop\AdwCleaner.exe
    2013-11-29 16:51 - 2013-11-29 16:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    2013-11-29 16:49 - 2013-11-29 16:49 - 00000000 ____D C:\RegBackup
    2013-11-29 16:48 - 2013-11-29 16:48 - 00002181 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2013-11-29 16:48 - 2013-11-29 16:48 - 00000000 ____D C:\Program Files\Tweaking.com
    2013-11-29 16:47 - 2013-11-29 16:47 - 03927696 _____ C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    2013-11-28 20:54 - 2013-11-28 20:54 - 00001917 _____ C:\Users\Aimee\Desktop\aswMBR.txt
    2013-11-28 20:54 - 2013-11-28 20:54 - 00000512 _____ C:\Users\Aimee\Desktop\MBR.dat
    2013-11-28 20:15 - 2013-11-28 20:17 - 04745728 _____ (AVAST Software) C:\Users\Aimee\Desktop\aswMBR.exe
    2013-11-28 20:01 - 2013-11-28 20:01 - 00014425 _____ C:\Users\Aimee\Desktop\dds.txt
    2013-11-28 20:01 - 2013-11-28 20:01 - 00007347 _____ C:\Users\Aimee\Desktop\attach.txt
    2013-11-28 19:57 - 2013-11-28 19:57 - 00688992 ____R (Swearware) C:\Users\Aimee\Desktop\dds.scr
    2013-11-28 19:54 - 2013-11-28 19:54 - 00000000 ____D C:\Windows\ERDNT
    2013-11-28 17:16 - 2013-11-28 17:16 - 02606080 _____ C:\Users\Aimee\Documents\Creative10min_activities.ppt
    2013-11-28 00:04 - 2013-11-28 00:04 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-28 00:04 - 2013-11-28 00:04 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-28 00:04 - 2013-11-28 00:04 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2013-11-28 00:04 - 2013-11-28 00:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2013-11-28 00:04 - 2013-11-28 00:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-27 10:01 - 2013-11-28 00:08 - 00012634 _____ C:\Windows\IE11_main.log
    2013-11-24 21:22 - 2013-11-24 21:22 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-21 20:40 - 2013-11-21 20:40 - 00335360 _____ C:\Users\Aimee\Documents\odd animal couples.ppt
    2013-11-15 20:56 - 2013-11-16 09:52 - 00001359 _____ C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\TFP
    2013-11-15 20:55 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
    2013-11-15 20:55 - 2012-05-11 15:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCFR.DLL
    2013-11-15 20:55 - 2012-05-11 15:47 - 00119568 _____ (Microsoft Corporation) C:\Windows\system32\VB6FR.DLL
    2013-11-15 20:55 - 2012-05-11 15:47 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\VB6STKIT.DLL
    2013-11-15 20:55 - 2012-05-11 15:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\CMDLGFR.DLL
    2013-11-14 08:47 - 2013-09-25 02:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2013-11-14 08:47 - 2013-09-25 02:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2013-11-14 08:47 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2013-11-14 08:47 - 2013-09-25 01:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2013-11-14 08:47 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2013-11-14 08:47 - 2013-09-25 01:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2013-11-14 08:47 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2013-11-14 08:47 - 2013-09-25 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2013-11-14 08:47 - 2013-09-25 00:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2013-11-14 08:47 - 2013-07-04 12:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2013-11-14 08:46 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2013-11-14 08:46 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2013-11-14 08:46 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2013-11-14 08:46 - 2013-10-03 01:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2013-11-14 08:45 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2013-11-14 08:45 - 2013-10-12 02:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2013-11-14 08:45 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2013-11-14 08:44 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2013-11-11 21:06 - 2013-11-11 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
    2013-11-11 20:57 - 2013-11-11 21:38 - 00000000 ____D C:\Users\Aimee\Documents\iphone pics
    2013-11-08 17:11 - 2013-11-11 18:49 - 04050944 _____ C:\Users\Aimee\Desktop\Le_corps1.ppt

    ==================== One Month Modified Files and Folders =======

    2013-12-02 20:10 - 2013-12-02 20:09 - 00023400 _____ C:\Users\Aimee\Desktop\FRST.txt
    2013-12-02 20:09 - 2013-12-02 20:09 - 00000000 ____D C:\FRST
    2013-12-02 20:08 - 2013-12-02 20:08 - 01092187 _____ (Farbar) C:\Users\Aimee\Desktop\FRST.exe
    2013-12-02 20:05 - 2013-12-02 20:03 - 00001389 _____ C:\Users\Aimee\Desktop\checkhd.txt
    2013-12-02 19:57 - 2012-06-18 16:36 - 01417567 _____ C:\Windows\WindowsUpdate.log
    2013-12-02 19:41 - 2012-08-31 10:40 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job
    2013-12-02 19:41 - 2012-06-18 19:29 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-02 19:30 - 2012-06-18 19:29 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-02 19:29 - 2012-08-31 10:40 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job
    2013-12-02 15:54 - 2012-07-01 07:14 - 00000000 ____D C:\Users\Aimee\AppData\Local\CrashDumps
    2013-12-02 15:35 - 2009-07-14 04:34 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-02 15:35 - 2009-07-14 04:34 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-02 15:27 - 2012-09-24 19:47 - 00082092 _____ C:\Windows\setupact.log
    2013-12-02 15:27 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-01 21:53 - 2013-12-01 21:53 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Malwarebytes
    2013-12-01 21:52 - 2013-12-01 21:52 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-01 21:50 - 2013-12-01 21:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aimee\Desktop\xzhbz3vpl.exe
    2013-12-01 08:53 - 2009-07-14 04:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-01 00:23 - 2013-12-01 00:23 - 00014544 _____ C:\Users\Aimee\Desktop\11302013_222716.log
    2013-11-30 23:01 - 2012-10-11 11:52 - 00042140 _____ C:\Windows\PFRO.log
    2013-11-30 22:27 - 2013-11-30 22:27 - 00000000 ____D C:\_OTL
    2013-11-30 22:09 - 2013-11-30 22:10 - 00001325 _____ C:\Users\Aimee\Desktop\OTL-2.txt
    2013-11-30 20:02 - 2013-11-30 19:58 - 00025388 _____ C:\Users\Aimee\Desktop\Extras.Txt
    2013-11-30 20:02 - 2013-11-30 19:57 - 00106168 _____ C:\Users\Aimee\Desktop\OTL.Txt
    2013-11-30 20:02 - 2010-11-20 21:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-30 19:33 - 2013-11-30 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\Aimee\Desktop\OTL.exe
    2013-11-30 17:57 - 2013-11-30 11:14 - 00003026 _____ C:\Users\Aimee\Desktop\JRT.txt
    2013-11-30 11:08 - 2013-11-30 11:08 - 00000000 ____D C:\Windows\ERUNT
    2013-11-30 10:50 - 2013-11-30 10:49 - 01034531 _____ (Thisisu) C:\Users\Aimee\Desktop\JRT.exe
    2013-11-29 17:04 - 2013-11-29 16:58 - 00000000 ____D C:\AdwCleaner
    2013-11-29 16:57 - 2013-11-29 16:57 - 01091882 _____ C:\Users\Aimee\Desktop\AdwCleaner.exe
    2013-11-29 16:51 - 2013-11-29 16:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
    2013-11-29 16:49 - 2013-11-29 16:49 - 00000000 ____D C:\RegBackup
    2013-11-29 16:48 - 2013-11-29 16:48 - 00002181 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2013-11-29 16:48 - 2013-11-29 16:48 - 00000000 ____D C:\Program Files\Tweaking.com
    2013-11-29 16:47 - 2013-11-29 16:47 - 03927696 _____ C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
    2013-11-29 14:28 - 2013-05-03 15:56 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\.minecraft
    2013-11-28 20:54 - 2013-11-28 20:54 - 00001917 _____ C:\Users\Aimee\Desktop\aswMBR.txt
    2013-11-28 20:54 - 2013-11-28 20:54 - 00000512 _____ C:\Users\Aimee\Desktop\MBR.dat
    2013-11-28 20:17 - 2013-11-28 20:15 - 04745728 _____ (AVAST Software) C:\Users\Aimee\Desktop\aswMBR.exe
    2013-11-28 20:01 - 2013-11-28 20:01 - 00014425 _____ C:\Users\Aimee\Desktop\dds.txt
    2013-11-28 20:01 - 2013-11-28 20:01 - 00007347 _____ C:\Users\Aimee\Desktop\attach.txt
    2013-11-28 19:57 - 2013-11-28 19:57 - 00688992 ____R (Swearware) C:\Users\Aimee\Desktop\dds.scr
    2013-11-28 19:55 - 2012-06-18 17:44 - 00000000 ____D C:\Users\Aimee\AppData\Local\VirtualStore
    2013-11-28 19:54 - 2013-11-28 19:54 - 00000000 ____D C:\Windows\ERDNT
    2013-11-28 17:20 - 2013-10-29 10:19 - 00024064 _____ C:\Users\Aimee\Documents\Weekly class attendance record 1.xls
    2013-11-28 17:16 - 2013-11-28 17:16 - 02606080 _____ C:\Users\Aimee\Documents\Creative10min_activities.ppt
    2013-11-28 16:13 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache
    2013-11-28 00:08 - 2013-11-27 10:01 - 00012634 _____ C:\Windows\IE11_main.log
    2013-11-28 00:04 - 2013-11-28 00:04 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-28 00:04 - 2013-11-28 00:04 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-28 00:04 - 2013-11-28 00:04 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2013-11-28 00:04 - 2013-11-28 00:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2013-11-28 00:04 - 2013-11-28 00:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2013-11-28 00:04 - 2013-11-28 00:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2013-11-28 00:04 - 2013-11-28 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-27 18:09 - 2012-06-18 19:29 - 00000000 ____D C:\Program Files\Google
    2013-11-27 18:04 - 2012-06-21 15:04 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Skype
    2013-11-24 21:22 - 2013-11-24 21:22 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-24 21:12 - 2013-07-25 20:01 - 00004975 _____ C:\Windows\wininit.ini
    2013-11-21 20:40 - 2013-11-21 20:40 - 00335360 _____ C:\Users\Aimee\Documents\odd animal couples.ppt
    2013-11-20 09:15 - 2012-06-18 18:16 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-20 09:12 - 2012-06-18 18:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-11-19 10:21 - 2012-06-18 18:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2013-11-16 09:52 - 2013-11-15 20:56 - 00001359 _____ C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\TFP
    2013-11-14 23:37 - 2009-07-14 02:04 - 00000499 _____ C:\Windows\win.ini
    2013-11-14 23:29 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
    2013-11-14 23:26 - 2012-07-09 08:48 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-11-11 21:38 - 2013-11-11 20:57 - 00000000 ____D C:\Users\Aimee\Documents\iphone pics
    2013-11-11 21:06 - 2013-11-11 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
    2013-11-11 18:49 - 2013-11-08 17:11 - 04050944 _____ C:\Users\Aimee\Desktop\Le_corps1.ppt

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-11-30 11:27

    ==================== End Of Log ============================

  9. #19
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Can you confirm for myself please if the browser Google Chrome is actually installed or not; plus have you noticed any problems with the presently installed Microsoft Security Essentials ?

    Windows 7 - System File Checker:

    • Click on Start(Windows 7 Orb).
    • Then click on All Programs >> Accessories
    • Right click on Command Prompt and select Run as Administrator.
    • Click on Continue in the UAC prompt.
    • At the Command Prompt C:\Windows\System32> type in the following exactly:
    • cd c:\
    • Then depress the Enter/Return key, then type in the following exactly:
    • sfc /scannow
    • Then depress the Enter/Return key.

    Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

    Reset IE 11:

    • Please download this Microsoft FixIt and save it to the desktop.
    • Double click on MicrosoftFixit50195.exe select I Agree and click on Next>.
    • Follow the on-screen prompts.
    • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE 11.
    • Next time IE 11 is launched you will be prompted to reapply settings again, this is normal.

    Note: Any add-ons will require to be reapplied after the above reset.

    TFC(Temp File Cleaner):

    • Please download TFC to the desktop,
    • Save any unsaved work. TFC will close all open application windows.
    • Right-click on TFC.exe and select Run as Administrator to run the program.
    • Click the Start button in the bottom left of the GUI(graphical user interface)'
    • If prompted, click "Yes" to reboot.

    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

    I advise you keep TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

    Next:

    Let myself know when completed the above. If any problems encountered and how the machine is performing, thank you.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  10. #20
    Junior Member
    Join Date
    Nov 2013
    Posts
    21

    Default

    Hi,

    Thank you for helping me out with this, I really appreciate it.

    I followed the three next steps, and there is no Google Chrome on this laptop now, and on the scan it found no integrity violation.

    The laptop is a lot quicker and more responssive, and was thinking the best, when I checked the 2 websites that we found the problem originally which are:

    http://uk.yahoo.com
    www.walesonline.co.uk

    Its strange and Im sure there are other sites, its just this is the 2 where the problem was first discovered.

    We get the IE cannot load error, and again it tries to reload the browser but that doesnt fix it.

    On th eother hand I can go to other sites such as www.bbc.co.uk and its fine, so I'm wondering if its something on those sites thats triggering the problem on our computer.

    Again thanks for the help sp far.

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •