PDA

View Full Version : Delta.Toolbar and Win32.BitGuard


multichild
2013-11-29, 00:40
Hi all,

First time on here, so hello to all.

Am having trouble with my daughters laptop and have tried removing a few problems using Spbot Search & Destroy, and SUPERAntiSpyware and also running Microsft Security Essentials.

In Spybot two things cant be removed and they are a part of Delta.Toolbar and Win32.BitGuard - This is what I can see.

[SBI $ACF354C8] Program Directory C:\ProgramData\BrowserProtect\

[SBI $93F166B5] Program directory C:\ProgramData\BitGuard\

Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

Exploit:Java/CVE-2013-2423
Exploit:Java/CVE-2013-0431

Now Im not sure what else is on there, but we are having problems with the laptop and not sure what more to do.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
Run by Aimee at 19:58:47 on 2013-11-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1011.96 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Aimee\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = <-loopback>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Facebook Update] "c:\users\aimee\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: c:\users\aimee\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\244584F6D656845726D283738363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}\35B4950303638323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C} : DHCPNameServer = 172.20.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WebCheck - <orphaned>
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-4 1153368]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2011-10-3 169472]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2011-10-3 49664]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-6-18 1336320]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-6-18 417280]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-6-18 278528]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-18 414824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2006-10-13 10288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-28 108032]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTSUSTOR.SYS [2012-6-18 197224]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-11-28 18:10:50 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9a882a7-13d5-406a-9bba-e96d8570099c}\mpengine.dll
2013-11-28 16:56:00 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-24 23:28:57 -------- d-----w- c:\programdata\Datamngr
2013-11-24 21:22:36 -------- d-----w- c:\users\aimee\appdata\roaming\SUPERAntiSpyware.com
2013-11-24 21:21:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-24 21:21:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-15 21:27:01 -------- d-----w- c:\programdata\BrowserProtect
2013-11-15 21:27:01 -------- d-----w- c:\programdata\BitGuard
2013-11-15 20:56:31 -------- d-----w- c:\programdata\TorchCrashHandler
2013-11-15 20:55:38 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-11-15 20:55:38 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-11-15 20:55:38 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-11-15 20:55:38 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-11-15 20:55:37 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-11-15 20:55:37 -------- d-----w- c:\users\aimee\appdata\roaming\TFP
2013-11-15 20:52:51 -------- d-----w- c:\users\aimee\appdata\local\Torch
2013-11-15 20:40:06 -------- d-----w- c:\programdata\Wincert
2013-11-15 20:37:38 -------- d-----w- c:\program files\Movies Toolbar
2013-11-14 08:47:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-14 08:47:23 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-14 08:47:23 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 08:47:22 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-14 08:47:22 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-14 08:47:21 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-14 08:47:21 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-14 08:47:21 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-14 08:47:20 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-14 08:47:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-14 08:46:50 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-14 08:46:48 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:46:47 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-14 08:46:12 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 08:45:04 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 08:45:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 08:45:03 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 08:44:56 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-07 09:29:40 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03e81ad5-a2fc-49ec-9687-06372ff93a93}\gapaengine.dll
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 20:01:29.46 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-28 20:17:34
-----------------------------
20:17:34.202 OS Version: Windows 6.1.7601 Service Pack 1
20:17:34.202 Number of processors: 4 586 0x3601
20:17:34.202 ComputerName: AIMEE-PC UserName: Aimee
20:17:42.455 Initialize success
20:28:41.552 AVAST engine defs: 13112801
20:30:02.766 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:30:02.782 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 238475MB BusType: 3
20:30:02.969 Disk 0 MBR read successfully
20:30:02.985 Disk 0 MBR scan
20:30:03.343 Disk 0 Windows 7 default MBR code
20:30:03.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:30:03.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
20:30:03.702 Disk 0 scanning sectors +488394752
20:30:04.045 Disk 0 scanning C:\Windows\system32\drivers
20:30:43.747 Service scanning
20:31:18.223 Service MpKsl4b59ac68 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys **LOCKED** 32
20:31:59.362 Modules scanning
20:32:19.158 Disk 0 trace - called modules:
20:32:19.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:32:19.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bcca48]
20:32:19.751 3 CLASSPNP.SYS[86dae59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8408f028]
20:32:28.659 AVAST engine scan C:\Windows
20:32:35.133 AVAST engine scan C:\Windows\system32
20:40:30.980 AVAST engine scan C:\Windows\system32\drivers
20:41:29.060 AVAST engine scan C:\Users\Aimee
20:54:53.726 Disk 0 MBR has been saved successfull y to "C:\Users\Aimee\Desktop\MBR.dat"
20:54:54.209 The log file has been saved successfully to "C:\Users\Aimee\Desktop\aswMBR.txt"


--- Search result list ---
Delta.Toolbar: [SBI $20319BF7] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\DataMngr

Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

Delta.Toolbar: [SBI $ACF354C8] Program directory (Directory, nothing done)
C:\ProgramData\BrowserProtect\

Win32.BitGuard: [SBI $93F166B5] Program directory (Directory, nothing done)
C:\ProgramData\BitGuard\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-12-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-11-06 Includes\Adware.sbi (*)
2013-11-26 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-11-19 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-11-26 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-09-17 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-11-05 Includes\TrojansC-02.sbi (*)
2013-11-26 Includes\TrojansC-03.sbi (*)
2013-10-22 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 958576
MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59720
MD5: 61E4289E91E88C90478D7F4BEB10DCF7

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42

Located: HK_LM:Run, MSC
command: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
file: c:\Program Files\Microsoft Security Client\msseces.exe
size: 948440
MD5: 03396637E1E1B4E333D00AED86178918

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 253816
MD5: D63797E8E7781EE1500A810CB6194FA6

Located: HK_CU:Run, SearchProtect
where: .DEFAULT...
command: \SearchProtect\bin\cltmng.exe
file: \SearchProtect\bin\cltmng.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 93696
MD5: BBA1A5B86134F496B926DDAF247DB871

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 93696
MD5: BBA1A5B86134F496B926DDAF247DB871

Located: HK_CU:Run, Facebook Update
where: S-1-5-21-3808433556-406660851-2857496050-1000...
command: "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
file: C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-3808433556-406660851-2857496050-1000...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 5717272
MD5: BC121F6E4432CBB79129201C191674AD

Located: HK_CU:Run, SearchProtect
where: S-1-5-18...
command: \SearchProtect\bin\cltmng.exe
file: \SearchProtect\bin\cltmng.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 04/12/2012 18:23:46
Date (last access): 04/12/2012 18:23:46
Date (last write): 26/01/2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre7\bin\
Long name: ssv.dll
Short name:
Date (created): 14/07/2013 21:33:22
Date (last access): 14/07/2013 21:33:22
Date (last write): 14/07/2013 21:33:22
Filesize: 463272
Attributes: archive
MD5: 155915C088F11EEB9B342F4134F11C7E
CRC32: 1A627FD9
Version: 10.25.2.17

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} (IESpeakDoc)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: IESpeakDoc
CLSID name: CIESpeechBHO Class
Path: C:\Program Files\Bluetooth Suite\
Long name: IEPlugIn.dll
Short name:
Date (created): 13/03/2011 09:58:06
Date (last access): 18/06/2012 18:02:14
Date (last write): 13/03/2011 09:58:06
Filesize: 60576
Attributes: archive
MD5: 9E33A81ABB2A058AC25C6907D260C932
CRC32: 84C66DF1
Version: 7.2.0.65

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 18/06/2012 19:29:52
Date (last access): 18/06/2012 19:29:52
Date (last write): 10/10/2013 07:32:52
Filesize: 194640
Attributes: archive
MD5: 6028E7AAC8630C27564D6164A589AB91
CRC32: 5841059E
Version: 7.5.4601.54

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre7\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 14/07/2013 21:33:18
Date (last access): 14/07/2013 21:33:18
Date (last write): 14/07/2013 21:33:18
Filesize: 171944
Attributes: archive
MD5: 5B1E711B7F870B355B1BCD8874037EEF
CRC32: 5776D394
Version: 10.25.2.17



--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\MICROS~3\OFFICE11\
Long name: IEAWSDC.DLL
Short name:
Date (created): 26/08/2012 15:16:26
Date (last access): 26/08/2012 15:16:26
Date (last write): 26/08/2012 15:16:26
Filesize: 196208
Attributes: archive
MD5: 1D4F4F0321DFE3427C34545A572D77AA
CRC32: 6A9C51D3
Version: 15.0.4420.0



--- Process list ---
PID: 2020 ( 584) C:\Windows\system32\taskhost.exe
size: 49152
MD5: 72E953215CADE1A726C04AAFDF6B463D
PID: 2036 (1136) C:\Windows\system32\Dwm.exe
size: 92672
MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
PID: 476 (2004) C:\Windows\Explorer.EXE
size: 2616320
MD5: 8B88EBBB05A0E56B7DCC708498C02B3E
PID: 2184 ( 476) C:\Program Files\Microsoft Security Client\msseces.exe
size: 948440
MD5: 03396637E1E1B4E333D00AED86178918
PID: 2280 ( 476) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 253816
MD5: D63797E8E7781EE1500A810CB6194FA6
PID: 2344 ( 476) C:\Program Files\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42
PID: 2464 ( 476) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 5717272
MD5: BC121F6E4432CBB79129201C191674AD
PID: 3404 (1856) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 320 ( 4) smss.exe
size: 69632
PID: 456 ( 392) csrss.exe
size: 6144
PID: 520 ( 392) wininit.exe
size: 96256
PID: 528 ( 512) csrss.exe
size: 6144
PID: 584 ( 520) services.exe
size: 259072
PID: 616 ( 512) winlogon.exe
size: 286720
PID: 624 ( 520) lsass.exe
size: 22016
PID: 636 ( 520) lsm.exe
size: 267776
PID: 816 ( 584) svchost.exe
size: 20992
PID: 904 ( 584) svchost.exe
size: 20992
PID: 984 ( 584) MsMpEng.exe
PID: 1096 ( 584) svchost.exe
size: 20992
PID: 1136 ( 584) svchost.exe
size: 20992
PID: 1184 ( 584) svchost.exe
size: 20992
PID: 1232 ( 584) svchost.exe
size: 20992
PID: 1432 ( 584) svchost.exe
size: 20992
PID: 1608 ( 584) spoolsv.exe
size: 317440
PID: 1656 ( 584) svchost.exe
size: 20992
PID: 1800 ( 584) SASCore.exe
PID: 1900 ( 584) armsvc.exe
PID: 1992 ( 584) AppleMobileDeviceService.exe
PID: 668 ( 584) Ath_CoexAgent.exe
PID: 840 ( 584) AdminService.exe
PID: 1148 ( 584) mDNSResponder.exe
PID: 128 ( 584) svchost.exe
size: 20992
PID: 336 ( 584) TorchCrashHandler.exe
PID: 2116 ( 584) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2752 ( 584) svchost.exe
size: 20992
PID: 3064 ( 584) NisSrv.exe
PID: 3152 ( 584) iPodService.exe
PID: 3352 ( 584) SearchIndexer.exe
size: 427520


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 28/11/2013 22:18:50

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.msn.com/?ocid=OIE9MSE&PC=UP09
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DD09BE04-AE74-412D-ABEF-39FAC83BD85C}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0B3DDA5-6E3A-432F-9576-C1552045FC78}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EB06D334-7501-4540-A560-5471F5EA9013}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] SEQPACKET 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DB33FC2D-C102-45A0-A397-045D9229AD62}] DATAGRAM 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] SEQPACKET 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}] DATAGRAM 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F896A17F-8756-4BF9-A9C3-C11708DC725C}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{587A2D5B-6FE4-48F2-947A-F11095C15989}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C23C8B41-BCB4-4291-9B31-CD61930568E1}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{609B9C73-9EBB-447B-82B3-D06CC1404EA9}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AB6504AB-798C-4F3A-B7AB-A7C17A3592C3}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 7: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

sorry here is the attachment
Dakeyras
2013-11-29, 13:51
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Regarding the below you mentioned:-


Then inside Quarantine in Microsoft Security Essentials I have 2 which again I cant remove

Exploit:Java/CVE-2013-2423
Exploit:Java/CVE-2013-0431
Should be fine to leave as is and will be fully purged in due course and relate to a Java vulnerability which I will discuss further below.

Java Advice:

There has been a recent severe exploration of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that is installed Jave related:-

Java 7 Update 25

So you need to uninstall thisl(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall but I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Temp' Disable TeaTimer:

This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

How to do so can be read here (http://forums.spybot.info/showpost.php?p=1150&postcount=2), scroll down to:-


When Spybot-S&D version 1.6.2 is installed

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg


Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

Scan with AdwCleaner:

Please download adwcleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) and save to your desktop.

Alternate downloads are here (http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml) or here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner).


Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report in your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:


How is the computer performing now, any further symptoms and or problems encountered ?
Your decision about a new Java installation.
AdwCleaner Log.
multichild
2013-11-29, 18:24
Hi Dakeyras,

Nice to meet you and thank you for getting back to me, I will proceed with your every word and get back to you shortly.

Cheers
multichild
2013-11-29, 18:36
Hi I also chose to delete Java 7 Update 25, as I am going to go with what you recommend.

I have done this and am working through the points now.
multichild
2013-11-29, 19:13
Hi as you seen I deleted the Java 25 thing as you said, and checked for a problem we where encountering.

This was although we had set http://www.google.com as the default home page it was going to ask.com with a huge string behind it, and then almost straight after the manage add on pop up would appear.

I just launched IE and this didnt happen so I think that problem seems to be gone, although as for anything else that was going on I'm not too sure at the moment.

Here is the log:

# AdwCleaner v3.013 - Report created 29/11/2013 at 17:03:29
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Aimee - AIMEE-PC
# Running from : C:\Users\Aimee\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : torchcrashhandler

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\GameTap Web Player
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\WebConnect
Folder Deleted : C:\Users\Aimee\AppData\Local\PackageAware
Folder Deleted : C:\Users\Aimee\AppData\Local\torch
Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Aimee\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Aimee\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Aimee\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Aimee\AppData\Roaming\Advanced System Protector
Folder Deleted : C:\Users\Aimee\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Aimee\AppData\Roaming\xVidly
Folder Deleted : C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3DAB0E-6E30-4A52-9FBB-F6C1D830BABE}
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\5f288dce76dbe17
Key Deleted : HKLM\SOFTWARE\5f288dce76dbe17
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ File : C:\Users\Aimee\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8557 octets] - [29/11/2013 16:59:01]
AdwCleaner[S0].txt - [8507 octets] - [29/11/2013 17:03:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8567 octets] ##########
multichild
2013-11-29, 19:18
OK we still seem to be having one of the original problems, sorry I have put it in a second post as I am basically trying ot fix this for my daughter and so dont know all the problems.

So another problem we are getting is that when we go to say yahoo.com using the IE browser, straight away we get a 'Internet Explorer has stopped working' prompt, and it tries to fix the problem, but it basically goes around in a circle.

This seems to be the next immediate problem we have.
Dakeyras
2013-11-30, 01:53
Hi. :)

All prior posts acknowledged and you're welcome! Lets proceed as follows shall we...

Scan with JRT:

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to the desktop.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Note: Reboot the machine and ensure all disabled security software is now enabled etc.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to the desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).


Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Under the Custom Scan/Fixes box cut & paste this in:-

Netsvcs
Baseservices
%systemdrive%\*.exe
C:\program files\Google\Desktop
Dir "%systemdrive%\*" /S /A:L /C
CreateRestorePoint


Now click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.
multichild
2013-11-30, 22:12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by Aimee on 30/11/2013 at 11:09:04.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3808433556-406660851-2857496050-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5941957F-34BB-4070-94B2-10ADA44EC673}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\Users\Aimee\appdata\local\solid savings"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2013 at 11:13:59.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
multichild
2013-11-30, 22:13
OTL logfile created on: 30/11/2013 19:40:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aimee\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1010.86 Mb Total Physical Memory | 285.38 Mb Available Physical Memory | 28.23% Memory free
1.99 Gb Paging File | 0.95 Gb Available in Paging File | 47.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 199.88 Gb Free Space | 85.86% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
PRC - [2013/11/05 17:56:23 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/06/15 08:06:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/19 18:25:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/13 09:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys -- (MpKsl4b59ac68)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/26 13:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/12/13 07:11:46 | 001,336,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/10/03 09:15:14 | 000,169,472 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV - [2011/10/03 09:15:14 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/08 23:37:56 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/03/13 09:57:54 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/03/13 09:57:54 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/03/13 09:57:54 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/03/13 09:57:54 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/03/13 09:57:54 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/03/13 09:57:54 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/03/13 09:57:52 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010/12/01 08:12:04 | 000,197,224 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSUSTOR.SYS -- (RSUSBSTOR)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/08 01:02:14 | 001,801,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2006/10/13 19:33:00 | 000,010,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asushwio.sys -- (Asushwio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE B2 D3 DD 85 AC CE 01 [binary data]
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB489
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Aimee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found


[2013/09/07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========


O1 HOSTS File: ([2013/11/28 18:37:12 | 000,450,660 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609B9C73-9EBB-447B-82B3-D06CC1404EA9}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E964786B-4288-4F98-9A5E-0A7F3BE2CA5C}: DhcpNameServer = 172.20.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{54740523-b963-11e1-b271-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstallAll.exe
O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell - "" = AutoRun
O33 - MountPoints2\{5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1}\Shell\AutoRun\command - "" = D:\CMADownloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/30 19:33:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
[2013/11/30 11:08:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/30 10:49:31 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
[2013/11/29 16:58:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 16:49:58 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/11/29 16:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/11/29 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/11/28 20:15:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
[2013/11/28 19:57:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
[2013/11/28 19:54:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/28 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/28 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/28 00:04:54 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/28 00:04:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/28 00:04:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/28 00:04:53 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/28 00:04:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/28 00:04:52 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/28 00:04:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/28 00:04:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/28 00:04:51 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/28 00:04:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/28 00:04:51 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/28 00:04:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/28 00:04:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/28 00:04:51 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/28 00:04:51 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/28 00:04:51 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/28 00:04:51 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/28 00:04:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/28 00:04:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/28 00:04:50 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/28 00:04:50 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/28 00:04:50 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/28 00:04:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/28 00:04:50 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/28 00:04:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/28 00:04:49 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/28 00:04:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/28 00:04:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/28 00:04:49 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/28 00:04:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/28 00:04:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/28 00:04:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/28 00:04:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/28 00:04:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/28 00:04:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/28 00:04:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/28 00:04:47 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/28 00:04:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/28 00:04:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/28 00:04:46 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/28 00:04:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/28 00:04:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/28 00:04:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/24 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/24 21:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/15 20:55:38 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2013/11/15 20:55:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2013/11/15 20:55:38 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2013/11/15 20:55:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2013/11/15 20:55:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2013/11/15 20:55:37 | 000,000,000 | ---D | C] -- C:\Users\Aimee\AppData\Roaming\TFP
[2013/11/14 08:47:21 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/14 08:47:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/14 08:46:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/14 08:46:48 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 08:45:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/14 08:45:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/11 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Aimee\Documents\iphone pics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/30 19:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job
[2013/11/30 19:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/30 19:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aimee\Desktop\OTL.exe
[2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/30 19:31:42 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/30 19:23:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/30 19:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/30 19:23:41 | 794,972,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/30 19:22:08 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/30 19:22:08 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/30 16:41:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job
[2013/11/30 10:50:32 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Aimee\Desktop\JRT.exe
[2013/11/29 16:57:23 | 001,091,882 | ---- | M] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
[2013/11/29 16:51:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/11/29 16:48:44 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/11/29 16:47:51 | 003,927,696 | ---- | M] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
[2013/11/28 20:54:54 | 000,000,512 | ---- | M] () -- C:\Users\Aimee\Desktop\MBR.dat
[2013/11/28 20:17:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Aimee\Desktop\aswMBR.exe
[2013/11/28 19:57:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Aimee\Desktop\dds.scr
[2013/11/28 19:52:33 | 000,001,074 | ---- | M] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/28 19:52:21 | 000,000,875 | ---- | M] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
[2013/11/28 18:37:12 | 000,450,660 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/11/28 00:04:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/28 00:04:54 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/28 00:04:53 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/28 00:04:53 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/28 00:04:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/28 00:04:53 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/28 00:04:52 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/28 00:04:52 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/28 00:04:51 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/28 00:04:51 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/28 00:04:51 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/28 00:04:51 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/28 00:04:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/28 00:04:51 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/28 00:04:51 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/28 00:04:51 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/28 00:04:51 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/28 00:04:51 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/28 00:04:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/28 00:04:51 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/28 00:04:51 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/28 00:04:50 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/28 00:04:50 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/28 00:04:50 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/28 00:04:50 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/28 00:04:50 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/28 00:04:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/28 00:04:49 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/28 00:04:49 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/28 00:04:49 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/28 00:04:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/28 00:04:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/28 00:04:48 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/28 00:04:48 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/28 00:04:48 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/28 00:04:48 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/28 00:04:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/28 00:04:47 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/28 00:04:47 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/28 00:04:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/28 00:04:46 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/28 00:04:46 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/28 00:04:46 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/28 00:04:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/24 21:12:13 | 000,004,975 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/22 14:12:04 | 000,074,727 | ---- | M] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
[2013/11/22 14:11:50 | 000,035,535 | ---- | M] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
[2013/11/20 09:15:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/19 10:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/16 21:29:11 | 000,006,086 | ---- | M] () -- C:\Users\Aimee\Desktop\nail.png
[2013/11/15 20:56:38 | 000,001,138 | ---- | M] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/11/11 21:06:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/11/05 09:45:50 | 004,413,614 | ---- | M] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
[2013/11/04 15:58:15 | 000,329,452 | ---- | M] () -- C:\Users\Aimee\Desktop\science.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/29 16:57:23 | 001,091,882 | ---- | C] () -- C:\Users\Aimee\Desktop\AdwCleaner.exe
[2013/11/29 16:51:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/11/29 16:48:44 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/11/29 16:47:17 | 003,927,696 | ---- | C] () -- C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
[2013/11/28 20:54:53 | 000,000,512 | ---- | C] () -- C:\Users\Aimee\Desktop\MBR.dat
[2013/11/28 19:52:33 | 000,001,074 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/28 19:52:21 | 000,000,875 | ---- | C] () -- C:\Users\Aimee\Desktop\ERUNT.lnk
[2013/11/28 00:04:51 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/22 14:13:41 | 000,035,535 | ---- | C] () -- C:\Users\Aimee\Desktop\$_58[1].jpg
[2013/11/22 14:12:48 | 000,074,727 | ---- | C] () -- C:\Users\Aimee\Desktop\$_12[2].jpg
[2013/11/16 21:29:10 | 000,006,086 | ---- | C] () -- C:\Users\Aimee\Desktop\nail.png
[2013/11/15 20:56:37 | 000,001,359 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/11/15 20:55:14 | 000,001,138 | ---- | C] () -- C:\Users\Aimee\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/11/11 21:06:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/11/05 09:45:05 | 004,413,614 | ---- | C] () -- C:\Users\Aimee\Desktop\IMG_0280.JPG
[2013/11/04 15:58:13 | 000,329,452 | ---- | C] () -- C:\Users\Aimee\Desktop\science.png
[2013/07/25 20:01:52 | 000,004,975 | ---- | C] () -- C:\Windows\wininit.ini
[2013/06/20 18:17:55 | 000,020,123 | ---- | C] () -- C:\Users\Aimee\AppData\Roaming\UserTile.png
[2012/06/22 08:17:22 | 000,006,144 | ---- | C] () -- C:\Users\Aimee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 19:18:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/18 17:58:30 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012/06/18 17:55:05 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/06/18 17:52:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/06/18 17:52:26 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 04:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 21:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 21:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 21:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 21:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 05:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 21:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 16:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 10:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 05:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 21:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 21:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/25 00:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 01:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 21:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 21:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 21:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 21:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 04:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 21:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 21:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 21:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 21:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 21:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 21:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 21:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 22:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 21:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 21:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< C:/program files\Google\Desktop >
Invalid Switch: program files\Google\Desktop

< Dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 44F5-CABF
Directory of C:\
14/07/2009 04:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 04:53 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 04:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Aimee
18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Roaming]
18/06/2012 17:44 <JUNCTION> Cookies [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Cookies]
18/06/2012 17:44 <JUNCTION> Local Settings [C:\Users\Aimee\AppData\Local]
18/06/2012 17:44 <JUNCTION> My Documents [C:\Users\Aimee\Documents]
18/06/2012 17:44 <JUNCTION> NetHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/06/2012 17:44 <JUNCTION> PrintHood [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/06/2012 17:44 <JUNCTION> Recent [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Recent]
18/06/2012 17:44 <JUNCTION> SendTo [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\SendTo]
18/06/2012 17:44 <JUNCTION> Start Menu [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu]
18/06/2012 17:44 <JUNCTION> Templates [C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Aimee\AppData\Local
18/06/2012 17:44 <JUNCTION> Application Data [C:\Users\Aimee\AppData\Local]
18/06/2012 17:44 <JUNCTION> History [C:\Users\Aimee\AppData\Local\Microsoft\Windows\History]
18/06/2012 17:44 <JUNCTION> Temporary Internet Files [C:\Users\Aimee\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Aimee\Documents
18/06/2012 17:44 <JUNCTION> My Music [C:\Users\Aimee\Music]
18/06/2012 17:44 <JUNCTION> My Pictures [C:\Users\Aimee\Pictures]
18/06/2012 17:44 <JUNCTION> My Videos [C:\Users\Aimee\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 04:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 04:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 04:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 04:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 04:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 04:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 04:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 04:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 04:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 04:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 04:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 04:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 04:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 04:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 04:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 04:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 04:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 04:53 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 04:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 04:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 214,330,187,776 bytes free

< End of report >
multichild
2013-11-30, 22:14
OTL Extras logfile created on: 30/11/2013 19:40:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aimee\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1010.86 Mb Total Physical Memory | 285.38 Mb Available Physical Memory | 28.23% Memory free
1.99 Gb Paging File | 0.95 Gb Available in Paging File | 47.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 199.88 Gb Free Space | 85.86% Space Free | Partition Type: NTFS

Computer Name: AIMEE-PC | User Name: Aimee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E8B63F6-5212-453A-ACB0-6DE784F4B6A3}" = rport=5357 | protocol=6 | dir=out | app=system |
"{563858B2-91A9-4C6D-A18C-D79BA412CFAF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{5CBA8580-8C3D-4429-8075-6628EAF88AF9}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A2613ABC-C528-4242-BF2F-47FB594C9A68}" = rport=5358 | protocol=6 | dir=out | app=system |
"{DB081F9F-755E-4B11-BAE3-99F2D8194D34}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{F06ACF76-376C-4470-9762-C9C081D03B08}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BCA9C2-5447-4956-AEE4-6FFC8A4A1A87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{374AFF88-37FC-4BDA-BBC7-E8E21CFA1E14}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{397E375D-9C3D-4248-B39B-B31C1E494384}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{3B7B2EB8-32C7-4346-B73D-11F7C59BF41B}" = protocol=17 | dir=in | app=c:\users\aimee\appdata\local\ilivid\ilivid.exe |
"{46C54DD5-9EEB-4BE7-AA9A-7CF912CD43DA}" = dir=in | app=c:\users\aimee\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5B7E9714-99A8-48BE-8AEF-8CDACEE0C67B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5F7ACAD2-FC7A-4BAB-BF94-559681346316}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\hola\hola_plugin.exe |
"{8E4A317B-5A8D-4882-8534-9AE6651B63C5}" = protocol=6 | dir=in | app=c:\users\aimee\appdata\local\ilivid\ilivid.exe |
"{A413625F-EB81-486D-98F6-ADCB9546B490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3F2E844-A2F3-4C6C-B9CA-67E62D852FA5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DEA150ED-2D0C-4253-AADB-00136BAAAABE}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{EF592343-A9E7-4261-B2C3-0306A9D68579}" = dir=in | app=c:\users\aimee\appdata\roaming\allmyapps\allmyapps.exe |
"{F09FDB25-9FE2-4E60-99C6-BD3CAE7862C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0A835DD-2BC4-453F-864B-F407959DF1DF}" = dir=in | app=c:\users\aimee\appdata\local\torch\plugins\hola\hola_plugin_x64.exe |
"TCP Query User{69F0CECA-39A5-419F-99BF-7AF7EB7E7D5F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E5314701-A63B-4163-A394-3D1223DE457B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{74DD8E77-3451-4577-93DB-183CF930E9A7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F7F35DAC-5066-4E8A-AEB2-4ED8201ECDAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FC83CE1-EA4F-48D2-9F51-51546C2D33E2}" = Fresco Logic USB3.0 Host Controller
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2013 07:32:23 | Computer Name = Aimee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15678

Error - 30/11/2013 13:09:34 | Computer Name = Aimee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15678

Error - 30/11/2013 15:24:19 | Computer Name = Aimee-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/11/2013 15:32:32 | Computer Name = Aimee-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting
process id: 0xd84 Faulting application start time: 0x01ceee02bf446ca1 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 278f8e4f-59f6-11e3-8410-0008ca3c03e1

Error - 30/11/2013 15:32:45 | Computer Name = Aimee-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: ntdll.dll, version: 6.1.7601.18247,
time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting
process id: 0x1c4 Faulting application start time: 0x01ceee02eef26535 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 2fb60ff4-59f6-11e3-8410-0008ca3c03e1

[ System Events ]
Error - 30/11/2013 13:18:54 | Computer Name = Aimee-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 30/11/2013 13:19:44 | Computer Name = Aimee-PC | Source = DCOM | ID = 10010
Description =

Error - 30/11/2013 15:24:19 | Computer Name = Aimee-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
Dakeyras
2013-11-30, 23:11
Hi. :)

Still some way to go yet...

Might as well uninstall Erunt as it is not truly compatible with the version of windows in use and the other application I advised(Tweaking.com - Registry Backup) is more reliable overall. Also SUPERAntiSpyware is not a particularly effective application in my humble opinion nor is is something I recommend or use, your call though if you wish to keep it installed.

Check Proxy Settings:

Launch Internet Options...


Click on Start(Windows 7 Orb) >> Control Panel >> Network and Internet >> Internet Options
Or via Start(Windows 7 Orb) >> Control Panel >> >> Internet Options
Once the Internet Properties window appears >> click on Connections >> LAN settings
Ensure Automatically detect settings is selected and the following are not:

Use automatic configuration script

Use a proxy server for your LAN


Click on OK >> OK to close the Internet Properties window.

Custom OTL Script:


Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot the computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware (http://downloads.malwarebytes.org/mbam-download-standalone-random.php) to the desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe


Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer daughter's performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.
multichild
2013-11-30, 23:40
Hi,

I will go with what you say and delete what you recommend.

Before i start can you explain further what you mean by -

quote-box(do not copy the word quote)

Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]
Dakeyras
2013-12-01, 00:21
Hi. :)


I will go with what you say and delete what you recommend.
Acknowledged...


Before i start can you explain further what you mean by -

quote-box(do not copy the word quote)

Do you mean dont copy [CreateRestorePoint] and [EmptyTemp]

Ah I see your confusion, the quote box here in this forum is slightly different from others and my oversight, so my apologies about that. I advised that as the version of IE in use on your daughters machine can at times be problematic if I used a code box for the custom script and it may not be cut and pasted as is correctly.

Anyway merely copy all of the aforementioned custom OTL fix or the one below, either will suffice:-

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3808433556-406660851-2857496050-1000..\Run: [Facebook Update] "C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-19..\configuration: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]
multichild
2013-12-02, 12:49
Hi,

The computer does seem better, not so sluggish, but still not as quick as it was, and also we noticed that if we say go to bbc.co.uk the site works fine, and a few other sites such as online banking, webmail and all, but when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.

I was also suprised that the final scan didnt come up with any malware, but have posted the scn results below.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
C:\Windows\system32\npDeployJava1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry value HKEY_USERS\S-1-5-21-3808433556-406660851-2857496050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\mctadmin not found.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File move failed. C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk scheduled to be moved on reboot.
File C:\Program Files\ERUNT\AUTOBACK.EXE not found.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
Autoconfiguration IPv4 Address. . : 169.254.56.188
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::a4c5:83f2:79c8:38bc%12
IPv4 Address. . . . . . . . . . . : 192.168.1.65
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C23C8B41-BCB4-4291-9B31-CD61930568E1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Aimee\Desktop\cmd.bat deleted successfully.
C:\Users\Aimee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aimee
->Temp folder emptied: 415479594 bytes
->Temporary Internet Files folder emptied: 1490722912 bytes
->Java cache emptied: 311072 bytes
->Apple Safari cache emptied: 7497728 bytes
->Flash cache emptied: 880 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1341707 bytes
RecycleBin emptied: 6759111 bytes

Total Files Cleaned = 1,833.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302013_222716

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File\Folder C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Aimee :: AIMEE-PC [administrator]

Protection: Enabled

01/12/2013 22:08:40
mbam-log-2013-12-01 (22-08-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195545
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Dakeyras
2013-12-02, 13:39
Hi. :)


when we try and visit http://uk.yahoo.com it straight away causes an error, and the internet explorer has stopped working comes up and it tries to reload, but it fails too.
Acknowledged.


I was also suprised that the final scan didnt come up with any malware
A good sign that then, though we have not completed the malware removal process just yet.

OK before anything further proactive I would like a few further benign scans to ascertain the overall situation as follows...

Check Hard Disk For Errors:


Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:


@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

Go to File >> Save As
Save File name as Dakeyras.bat
Change Save as Type to All Files and save the file to the Desktop.
It should look similar to this: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/vista-rh.gif

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

A file icon named checkhd.txt should appear on the desktop. Please post the contents of this file in your next reply.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 32-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) to to the desktop.


Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on the desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
multichild
2013-12-02, 22:18
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
278 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
15621 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

244093951 KB total disk space.
32791304 KB in 71179 files.
47292 KB in 15622 indexes.
0 KB in bad sectors.
238855 KB in use by the system.
65536 KB occupied by the log file.
211016500 KB available on disk.

4096 bytes in each allocation unit.
61023487 total allocation units on disk.
52754125 allocation units available on disk.
multichild
2013-12-02, 22:19
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2013
Ran by Aimee at 2013-12-02 20:12:15
Running from C:\Users\Aimee\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 7.0)
Bluetooth Win7 Suite (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fresco Logic USB3.0 Host Controller (Version: 3.5.2.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.8.1064)
iTunes (Version: 11.0.4.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6373)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
Skype™ 6.7 (Version: 6.7.102)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.3.33.0)
Tweaking.com - Registry Backup (Version: 1.6.8)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

==================== Restore Points =========================

08-11-2013 12:03:33 Windows Update
12-11-2013 11:20:02 Windows Update
14-11-2013 23:24:52 Windows Update
18-11-2013 20:11:55 Windows Update
20-11-2013 09:05:41 Windows Update
23-11-2013 19:49:43 Windows Update
27-11-2013 09:56:14 Windows Update
28-11-2013 00:01:47 Windows Update
29-11-2013 16:28:58 Removed Java 7 Update 25
30-11-2013 19:42:44 OTL Restore Point - 30/11/2013 19:42:38
30-11-2013 22:27:31 OTL Restore Point - 30/11/2013 22:27:29
01-12-2013 13:02:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:04 - 2013-11-28 18:37 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {439CFAC0-3898-47C1-AB0B-B8900F695E57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B2F4D289-715D-4E77-9480-222E615FFBD2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D5BF4E30-B1C8-4C62-AC2C-BC072D55BD32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DFBD6FA4-D381-4BE8-A79F-DC2411422DED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {E31EEFB4-281E-47D0-BC33-C20161434B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job => C:\Users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: MpKsl4b59ac68
Description: MpKsl4b59ac68
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl4b59ac68
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2013 03:54:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x610
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xea0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xce8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xa28
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:53:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xf24
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:52:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xe10
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/02/2013 03:48:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0xd8c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (12/02/2013 03:30:17 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:29:43 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 03:27:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/02/2013 10:18:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (12/02/2013 03:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2013 03:54:13 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c387361001ceef76b884abcaC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllfd1e97d6-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ea001ceef76b01ccfd2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllf414de4c-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:38 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873ce801ceef76a5803177C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle7f73d47-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:27 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873a2801ceef769e35faa0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle1530a81-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:53:14 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873f2401ceef769575e4aeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld9ddd3d5-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:52:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873e1001ceef767a1e5e84C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld09173c3-5b69-11e3-a220-0008ca3c03e1

Error: (12/02/2013 03:48:10 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea91cc0000374000c3873d8c01ceef7566207788C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll24d68b96-5b69-11e3-a220-0008ca3c03e1


==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 1010.86 MB
Available physical RAM: 173.26 MB
Total Pagefile: 2034.86 MB
Available Pagefile: 944.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:201.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 7E260D65)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
multichild
2013-12-02, 22:20
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by Aimee (administrator) on AIMEE-PC on 02-12-2013 20:09:46
Running from C:\Users\Aimee\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
MountPoints2: {54740523-b963-11e1-b271-806e6f6e6963} - D:\InstallAll.exe
MountPoints2: {5d9f0898-a4dc-11e2-a4b4-0008ca3c03e1} - D:\CMADownloader.exe
AppInit_DLLs: [ ] ()
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEB2D3DD85ACCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 Asushwio; C:\Windows\system32\drivers\Asushwio.sys [10288 2006-10-13] ()
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-13] (Atheros)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-13] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-13] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-13] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-13] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-13] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-13] (Atheros)
R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [169472 2011-10-03] (Fresco Logic)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2011-10-03] (Fresco Logic)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl4b59ac68; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9A882A7-13D5-406A-9BBA-E96D8570099C}\MpKsl4b59ac68.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\Asushwio.sys C2A6683C9FF46AA70E2C2092B008EDC7
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys 882EDBAFCC227852C9DCA23EA48D2E78
C:\Windows\System32\DRIVERS\athr.sys 1A66698963A14F42C4B002CF0380A2B9
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys E5B321F18A1D8B6B8DD397D92BA5946A
C:\Windows\System32\DRIVERS\btath_bus.sys F60E0C722442EA91F0C253B7814D8192
C:\Windows\System32\DRIVERS\btath_hcrp.sys F31E369DB8258B28E3DCF66705AEA9E9
C:\Windows\System32\DRIVERS\btath_lwflt.sys 6651798266FDE23159D961463A63A77D
C:\Windows\System32\DRIVERS\btath_rcp.sys 08EF5298DF80BC136523BCD2ED8B9C37
C:\Windows\System32\DRIVERS\btfilter.sys EF6269EAB772989E338BA4C833093BAC
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 9C6AE2F9EB39689D8190B8906FBF4CFE
C:\Windows\System32\DRIVERS\FLxHCIh.sys AD6A23EC38897B44B28A471FF001434D
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys F4037A3FEDB92DD97C95F320766EA5C9
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igddim32.sys 72A75B01371384ECBCFC6AD2AF6B9389
C:\Windows\System32\DRIVERS\igdkmd32.sys 6B78789287D43615E7908CA31C0D5D6D
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys B273B671B2DF2A40CA8298D5FAA5C8BE
C:\Windows\System32\DRIVERS\IntcDAud.sys 8F4D251F1EA15FA97E8399128A72CC83
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys E77DC03DD3C8E5A388BF9EED2A28F3D1
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 32FF06EC6D946EF791D98D6C838A3090
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys C5ACB4D2CA623F678257B0844BD1AC8A
C:\Windows\System32\DRIVERS\Rt86win7.sys 3849D5D73BDD9B7BC4E3305DDC345B2C
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 828E985E1989BC137CF0AF5BA99AA4DF
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 20:09 - 2013-12-02 20:10 - 00023400 _____ C:\Users\Aimee\Desktop\FRST.txt
2013-12-02 20:09 - 2013-12-02 20:09 - 00000000 ____D C:\FRST
2013-12-02 20:08 - 2013-12-02 20:08 - 01092187 _____ (Farbar) C:\Users\Aimee\Desktop\FRST.exe
2013-12-02 20:03 - 2013-12-02 20:05 - 00001389 _____ C:\Users\Aimee\Desktop\checkhd.txt
2013-12-01 21:53 - 2013-12-01 21:53 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Malwarebytes
2013-12-01 21:52 - 2013-12-01 21:52 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-01 21:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 21:47 - 2013-12-01 21:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aimee\Desktop\xzhbz3vpl.exe
2013-12-01 00:23 - 2013-12-01 00:23 - 00014544 _____ C:\Users\Aimee\Desktop\11302013_222716.log
2013-11-30 22:27 - 2013-11-30 22:27 - 00000000 ____D C:\_OTL
2013-11-30 22:10 - 2013-11-30 22:09 - 00001325 _____ C:\Users\Aimee\Desktop\OTL-2.txt
2013-11-30 19:58 - 2013-11-30 20:02 - 00025388 _____ C:\Users\Aimee\Desktop\Extras.Txt
2013-11-30 19:57 - 2013-11-30 20:02 - 00106168 _____ C:\Users\Aimee\Desktop\OTL.Txt
2013-11-30 19:33 - 2013-11-30 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\Aimee\Desktop\OTL.exe
2013-11-30 11:14 - 2013-11-30 17:57 - 00003026 _____ C:\Users\Aimee\Desktop\JRT.txt
2013-11-30 11:08 - 2013-11-30 11:08 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 10:49 - 2013-11-30 10:50 - 01034531 _____ (Thisisu) C:\Users\Aimee\Desktop\JRT.exe
2013-11-29 16:58 - 2013-11-29 17:04 - 00000000 ____D C:\AdwCleaner
2013-11-29 16:57 - 2013-11-29 16:57 - 01091882 _____ C:\Users\Aimee\Desktop\AdwCleaner.exe
2013-11-29 16:51 - 2013-11-29 16:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2013-11-29 16:49 - 2013-11-29 16:49 - 00000000 ____D C:\RegBackup
2013-11-29 16:48 - 2013-11-29 16:48 - 00002181 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2013-11-29 16:48 - 2013-11-29 16:48 - 00000000 ____D C:\Program Files\Tweaking.com
2013-11-29 16:47 - 2013-11-29 16:47 - 03927696 _____ C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
2013-11-28 20:54 - 2013-11-28 20:54 - 00001917 _____ C:\Users\Aimee\Desktop\aswMBR.txt
2013-11-28 20:54 - 2013-11-28 20:54 - 00000512 _____ C:\Users\Aimee\Desktop\MBR.dat
2013-11-28 20:15 - 2013-11-28 20:17 - 04745728 _____ (AVAST Software) C:\Users\Aimee\Desktop\aswMBR.exe
2013-11-28 20:01 - 2013-11-28 20:01 - 00014425 _____ C:\Users\Aimee\Desktop\dds.txt
2013-11-28 20:01 - 2013-11-28 20:01 - 00007347 _____ C:\Users\Aimee\Desktop\attach.txt
2013-11-28 19:57 - 2013-11-28 19:57 - 00688992 ____R (Swearware) C:\Users\Aimee\Desktop\dds.scr
2013-11-28 19:54 - 2013-11-28 19:54 - 00000000 ____D C:\Windows\ERDNT
2013-11-28 17:16 - 2013-11-28 17:16 - 02606080 _____ C:\Users\Aimee\Documents\Creative10min_activities.ppt
2013-11-28 00:04 - 2013-11-28 00:04 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 00:04 - 2013-11-28 00:04 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 00:04 - 2013-11-28 00:04 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 00:04 - 2013-11-28 00:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 00:04 - 2013-11-28 00:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 10:01 - 2013-11-28 00:08 - 00012634 _____ C:\Windows\IE11_main.log
2013-11-24 21:22 - 2013-11-24 21:22 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
2013-11-21 20:40 - 2013-11-21 20:40 - 00335360 _____ C:\Users\Aimee\Documents\odd animal couples.ppt
2013-11-15 20:56 - 2013-11-16 09:52 - 00001359 _____ C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\TFP
2013-11-15 20:55 - 2012-05-11 15:47 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2013-11-15 20:55 - 2012-05-11 15:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCFR.DLL
2013-11-15 20:55 - 2012-05-11 15:47 - 00119568 _____ (Microsoft Corporation) C:\Windows\system32\VB6FR.DLL
2013-11-15 20:55 - 2012-05-11 15:47 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\VB6STKIT.DLL
2013-11-15 20:55 - 2012-05-11 15:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\CMDLGFR.DLL
2013-11-14 08:47 - 2013-09-25 02:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:47 - 2013-09-25 02:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:47 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:47 - 2013-09-25 01:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:47 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:47 - 2013-09-25 01:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:47 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:47 - 2013-09-25 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:47 - 2013-09-25 00:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:47 - 2013-07-04 12:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 08:46 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:46 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:46 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:46 - 2013-10-03 01:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:45 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:45 - 2013-10-12 02:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:45 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:44 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-11 21:06 - 2013-11-11 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2013-11-11 20:57 - 2013-11-11 21:38 - 00000000 ____D C:\Users\Aimee\Documents\iphone pics
2013-11-08 17:11 - 2013-11-11 18:49 - 04050944 _____ C:\Users\Aimee\Desktop\Le_corps1.ppt

==================== One Month Modified Files and Folders =======

2013-12-02 20:10 - 2013-12-02 20:09 - 00023400 _____ C:\Users\Aimee\Desktop\FRST.txt
2013-12-02 20:09 - 2013-12-02 20:09 - 00000000 ____D C:\FRST
2013-12-02 20:08 - 2013-12-02 20:08 - 01092187 _____ (Farbar) C:\Users\Aimee\Desktop\FRST.exe
2013-12-02 20:05 - 2013-12-02 20:03 - 00001389 _____ C:\Users\Aimee\Desktop\checkhd.txt
2013-12-02 19:57 - 2012-06-18 16:36 - 01417567 _____ C:\Windows\WindowsUpdate.log
2013-12-02 19:41 - 2012-08-31 10:40 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000UA.job
2013-12-02 19:41 - 2012-06-18 19:29 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 19:30 - 2012-06-18 19:29 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 19:29 - 2012-08-31 10:40 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3808433556-406660851-2857496050-1000Core.job
2013-12-02 15:54 - 2012-07-01 07:14 - 00000000 ____D C:\Users\Aimee\AppData\Local\CrashDumps
2013-12-02 15:35 - 2009-07-14 04:34 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 15:35 - 2009-07-14 04:34 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 15:27 - 2012-09-24 19:47 - 00082092 _____ C:\Windows\setupact.log
2013-12-02 15:27 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 21:53 - 2013-12-01 21:53 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Malwarebytes
2013-12-01 21:52 - 2013-12-01 21:52 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 21:52 - 2013-12-01 21:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-01 21:50 - 2013-12-01 21:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aimee\Desktop\xzhbz3vpl.exe
2013-12-01 08:53 - 2009-07-14 04:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 00:23 - 2013-12-01 00:23 - 00014544 _____ C:\Users\Aimee\Desktop\11302013_222716.log
2013-11-30 23:01 - 2012-10-11 11:52 - 00042140 _____ C:\Windows\PFRO.log
2013-11-30 22:27 - 2013-11-30 22:27 - 00000000 ____D C:\_OTL
2013-11-30 22:09 - 2013-11-30 22:10 - 00001325 _____ C:\Users\Aimee\Desktop\OTL-2.txt
2013-11-30 20:02 - 2013-11-30 19:58 - 00025388 _____ C:\Users\Aimee\Desktop\Extras.Txt
2013-11-30 20:02 - 2013-11-30 19:57 - 00106168 _____ C:\Users\Aimee\Desktop\OTL.Txt
2013-11-30 20:02 - 2010-11-20 21:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 19:33 - 2013-11-30 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\Aimee\Desktop\OTL.exe
2013-11-30 17:57 - 2013-11-30 11:14 - 00003026 _____ C:\Users\Aimee\Desktop\JRT.txt
2013-11-30 11:08 - 2013-11-30 11:08 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 10:50 - 2013-11-30 10:49 - 01034531 _____ (Thisisu) C:\Users\Aimee\Desktop\JRT.exe
2013-11-29 17:04 - 2013-11-29 16:58 - 00000000 ____D C:\AdwCleaner
2013-11-29 16:57 - 2013-11-29 16:57 - 01091882 _____ C:\Users\Aimee\Desktop\AdwCleaner.exe
2013-11-29 16:51 - 2013-11-29 16:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AIMEE-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2013-11-29 16:49 - 2013-11-29 16:49 - 00000000 ____D C:\RegBackup
2013-11-29 16:48 - 2013-11-29 16:48 - 00002181 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2013-11-29 16:48 - 2013-11-29 16:48 - 00000000 ____D C:\Program Files\Tweaking.com
2013-11-29 16:47 - 2013-11-29 16:47 - 03927696 _____ C:\Users\Aimee\Desktop\tweaking.com_registry_backup_setup.exe
2013-11-29 14:28 - 2013-05-03 15:56 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\.minecraft
2013-11-28 20:54 - 2013-11-28 20:54 - 00001917 _____ C:\Users\Aimee\Desktop\aswMBR.txt
2013-11-28 20:54 - 2013-11-28 20:54 - 00000512 _____ C:\Users\Aimee\Desktop\MBR.dat
2013-11-28 20:17 - 2013-11-28 20:15 - 04745728 _____ (AVAST Software) C:\Users\Aimee\Desktop\aswMBR.exe
2013-11-28 20:01 - 2013-11-28 20:01 - 00014425 _____ C:\Users\Aimee\Desktop\dds.txt
2013-11-28 20:01 - 2013-11-28 20:01 - 00007347 _____ C:\Users\Aimee\Desktop\attach.txt
2013-11-28 19:57 - 2013-11-28 19:57 - 00688992 ____R (Swearware) C:\Users\Aimee\Desktop\dds.scr
2013-11-28 19:55 - 2012-06-18 17:44 - 00000000 ____D C:\Users\Aimee\AppData\Local\VirtualStore
2013-11-28 19:54 - 2013-11-28 19:54 - 00000000 ____D C:\Windows\ERDNT
2013-11-28 17:20 - 2013-10-29 10:19 - 00024064 _____ C:\Users\Aimee\Documents\Weekly class attendance record 1.xls
2013-11-28 17:16 - 2013-11-28 17:16 - 02606080 _____ C:\Users\Aimee\Documents\Creative10min_activities.ppt
2013-11-28 16:13 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache
2013-11-28 00:08 - 2013-11-27 10:01 - 00012634 _____ C:\Windows\IE11_main.log
2013-11-28 00:04 - 2013-11-28 00:04 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 00:04 - 2013-11-28 00:04 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 00:04 - 2013-11-28 00:04 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 00:04 - 2013-11-28 00:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 00:04 - 2013-11-28 00:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 00:04 - 2013-11-28 00:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 00:04 - 2013-11-28 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-27 18:09 - 2012-06-18 19:29 - 00000000 ____D C:\Program Files\Google
2013-11-27 18:04 - 2012-06-21 15:04 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\Skype
2013-11-24 21:22 - 2013-11-24 21:22 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
2013-11-24 21:12 - 2013-07-25 20:01 - 00004975 _____ C:\Windows\wininit.ini
2013-11-21 20:40 - 2013-11-21 20:40 - 00335360 _____ C:\Users\Aimee\Documents\odd animal couples.ppt
2013-11-20 09:15 - 2012-06-18 18:16 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-20 09:12 - 2012-06-18 18:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 10:21 - 2012-06-18 18:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-16 09:52 - 2013-11-15 20:56 - 00001359 _____ C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2013-11-15 20:55 - 2013-11-15 20:55 - 00000000 ____D C:\Users\Aimee\AppData\Roaming\TFP
2013-11-14 23:37 - 2009-07-14 02:04 - 00000499 _____ C:\Windows\win.ini
2013-11-14 23:29 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:26 - 2012-07-09 08:48 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:38 - 2013-11-11 20:57 - 00000000 ____D C:\Users\Aimee\Documents\iphone pics
2013-11-11 21:06 - 2013-11-11 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2013-11-11 18:49 - 2013-11-08 17:11 - 04050944 _____ C:\Users\Aimee\Desktop\Le_corps1.ppt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 11:27

==================== End Of Log ============================
Dakeyras
2013-12-02, 23:52
Hi. :)

Can you confirm for myself please if the browser Google Chrome is actually installed or not; plus have you noticed any problems with the presently installed Microsoft Security Essentials ?

Windows 7 - System File Checker:


Click on Start(Windows 7 Orb).
Then click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue in the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
cd c:\
Then depress the Enter/Return key, then type in the following exactly:
sfc /scannow
Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Reset IE 11:


Please download this Microsoft FixIt (http://download.microsoft.com/download/3/1/7/317254BC-6C9D-4532-827A-827041404428/MicrosoftFixit50195.msi) and save it to the desktop.
Double click on MicrosoftFixit50195.exe select I Agree and click on Next>.
Follow the on-screen prompts.
You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE 11.
Next time IE 11 is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.

TFC(Temp File Cleaner):


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to the desktop,
Save any unsaved work. TFC will close all open application windows.
Right-click on TFC.exe and select Run as Administrator to run the program.
Click the Start button in the bottom left of the GUI(graphical user interface)'
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Next:

Let myself know when completed the above. If any problems encountered and how the machine is performing, thank you.
multichild
2013-12-03, 12:48
Hi,

Thank you for helping me out with this, I really appreciate it.

I followed the three next steps, and there is no Google Chrome on this laptop now, and on the scan it found no integrity violation.

The laptop is a lot quicker and more responssive, and was thinking the best, when I checked the 2 websites that we found the problem originally which are:

http://uk.yahoo.com
www.walesonline.co.uk

Its strange and Im sure there are other sites, its just this is the 2 where the problem was first discovered.

We get the IE cannot load error, and again it tries to reload the browser but that doesnt fix it.

On th eother hand I can go to other sites such as www.bbc.co.uk and its fine, so I'm wondering if its something on those sites thats triggering the problem on our computer.

Again thanks for the help sp far.

Cheers
Dakeyras
2013-12-03, 13:14
Hi. :)


Thank you for helping me out with this, I really appreciate it.
You're welcome!


there is no Google Chrome on this laptop now
OK and thank you for the clarification, there is a registry restriction in place I think would be prudent to recify in the event Chrome is ever installed again.


We get the IE cannot load error, and again it tries to reload the browser but that doesnt fix it.
A strange one that as was thinking it may be a IE 11 compatibility issue but can access the sites myself no problem using the same browser. So feasible the loop-back issue I identified is still a problem for example

Anyway lets proceed as follows shall we and after completing the below try those two sites again please....

Custom FRST Script:

Open notepad. Please copy the contents of the Code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the desktop as fixlist.txt


Start
CHR HKLM\SOFTWARE\Policies\rectify: Policy restriction <======= ATTENTION
End

Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
A log will now open named Fixlog and it will also be on the desktop >> close FRST.
Post the contents of the aforementioned in your next reply.

Note: If FRST advises there is a new update to be downloaded, do so/allow this.

Download/Run ComboFix:

Please visit this web-page for download links, and instructions for running the tool:

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html) <-- Click on this link.Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.

Next:

When completed the above, please post back the following in the order asked for:


How is your Daughter's computer performing now, any other symptoms and or problems encountered?
FRST Fix Log.
ComboFix Log.
multichild
2013-12-03, 16:19
Hi,

I'm sorry and embarrassed to say that on trying to access a webpage I got the 'IE has stopped working' and it couldnt find a solution.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2013
Ran by Aimee at 2013-12-03 12:25:06 Run:1
Running from C:\Users\Aimee\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\rectify: Policy restriction <======= ATTENTION
End
*****************


==== End of Fixlog ====

ComboFix 13-12-01.01 - Aimee 03/12/2013 12:43:40.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1011.208 [GMT 0:00]
Running from: c:\users\Aimee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 12:56 . 2013-12-03 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-03 09:31 . 2013-12-03 09:31 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\MpKsldd85de09.sys
2013-12-03 09:31 . 2013-12-03 09:31 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\offreg.dll
2013-12-03 09:28 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ABDA105-D4B3-407F-A6BD-64C10F3C410C}\mpengine.dll
2013-12-02 20:09 . 2013-12-02 20:09 -------- d-----w- C:\FRST
2013-12-02 15:46 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-01 21:53 . 2013-12-01 21:53 -------- d-----w- c:\users\Aimee\AppData\Roaming\Malwarebytes
2013-12-01 21:52 . 2013-12-01 21:52 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 21:52 . 2013-12-01 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-01 21:52 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-30 22:27 . 2013-11-30 22:27 -------- d-----w- C:\_OTL
2013-11-30 11:08 . 2013-11-30 11:08 -------- d-----w- c:\windows\ERUNT
2013-11-29 16:58 . 2013-11-29 17:04 -------- d-----w- C:\AdwCleaner
2013-11-29 16:49 . 2013-11-29 16:49 -------- d-----w- C:\RegBackup
2013-11-29 16:48 . 2013-11-29 16:48 -------- d-----w- c:\program files\Tweaking.com
2013-11-24 21:22 . 2013-11-24 21:22 -------- d-----w- c:\users\Aimee\AppData\Roaming\SUPERAntiSpyware.com
2013-11-15 20:55 . 2012-05-11 15:47 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-11-15 20:55 . 2012-05-11 15:47 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-11-15 20:55 . 2012-05-11 15:47 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-11-15 20:55 . 2012-05-11 15:47 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-11-15 20:55 . 2013-11-15 20:55 -------- d-----w- c:\users\Aimee\AppData\Roaming\TFP
2013-11-15 20:55 . 2012-05-11 15:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-11-14 08:47 . 2013-09-25 01:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-14 08:47 . 2013-09-25 02:01 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 08:47 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-14 08:47 . 2013-09-25 02:01 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-14 08:47 . 2013-09-25 01:56 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-14 08:47 . 2013-09-25 01:57 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-14 08:47 . 2013-09-25 01:56 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-14 08:47 . 2013-09-25 00:49 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-14 08:47 . 2013-09-25 01:57 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-14 08:47 . 2013-09-25 00:49 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-14 08:46 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-14 08:46 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:46 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-14 08:46 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 08:45 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 08:45 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 08:45 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 08:44 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-07 09:29 . 2013-10-18 08:29 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E81AD5-A2FC-49EC-9687-06372FF93A93}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2012-06-18 18:21 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 08:29 . 2012-07-04 12:55 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-27 09:53 . 2013-09-27 09:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53 . 2012-03-20 19:44 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-14 00:48 . 2013-10-09 19:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-09 19:49 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-09 19:49 231424 ----a-w- c:\windows\system32\mswsock.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2011-03-13 09:57 302240 ----a-w- c:\program files\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2011-03-13 09:57 490656 ----a-w- c:\program files\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
2011-10-03 09:15 43008 ----a-w- c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
2011-12-13 06:57 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-12-13 07:13 168960 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-12-13 07:14 135168 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-10-23 14:55 948440 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-12-13 07:13 161280 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-05-17 06:17 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-18 19:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-11-10 12:39 2307368 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [2006-10-13 10288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-28 108032]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-03 169472]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-03 49664]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2011-12-13 1336320]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2011-12-13 417280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDD85DE09
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 19:29]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 19:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Facebook Update - c:\users\Aimee\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Retrogamer Search Scope Monitor - c:\progra~1\RETROG~2\bar\1.bin\4wsrchmn.exe
MSConfigStartUp-Retrogamer_4w Browser Plugin Loader - c:\progra~1\RETROG~2\bar\1.bin\4wbrmon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-03 13:02:22
ComboFix-quarantined-files.txt 2013-12-03 13:02
.
Pre-Run: 215,984,275,456 bytes free
Post-Run: 216,211,697,664 bytes free
.
- - End Of File - - 61F040E45EF7925CC93C95A129CC7172
A36C5E4F47E84449FF07ED3517B43A31
Dakeyras
2013-12-03, 17:01
Hi. :)


I'm sorry and embarrassed to say that on trying to access a webpage I got the 'IE has stopped working' and it couldnt find a solution.
Not a problem and no need to feel embarrassed I assure you.

Fix IE Utility:

Please download Fix IE Utility from here (http://www.thewindowsclub.com/repair-internet-explorer-with-fix-ie-utility), scroll down the page and click on the Download File tab then unzip the file to the desktop.


Close all open windows, especially Internet Explorer.
Right-click on Fix IE Utility and select Run as Administrator to start the application.
Now click on the Run Utility button as shown in the image:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/fie1.gif

Wait until the following message appears:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/fie2.gif
Then click on OK.
Restart the machine to see if Internet Explorer is now working correctly again.
multichild
2013-12-03, 18:27
Wow, this is a difficult one isnt it...

It didnt clear it sorry.
Dakeyras
2013-12-03, 21:16
Hi. :)


Wow, this is a difficult one isnt it...
Aye indeed it is...might be feasible the core files of IE 11 itself are compromised/damaged beyond repair, this can occur at times as a consequence of malware.

OK lets try a roll-back to IE 10 for now, once done so try the sites you have encountered problems accessing and let myself know the outcome in your next reply.

Roll-back IE:

The below process will remove IE 11 and IE 10 will be restored...


Click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features.
Then on the left hand side click on View Installed Updates >> scroll down until you locate Windows Internet Explorer 11 listed as an update.
Click once on Windows Internet Explorer 11 to highlight >> Uninstall >> follow the prompts.

Note: The above may take some time, so ensure you do not interrupt the roll-back/uninstallation process until it is complete. Reboot the machine afterwards if not advised to.
multichild
2013-12-03, 22:42
Ah there you go, I visited the sites that previously caused the problems, and the error did not appear.

The laptop seems to be working very well, thank you.

When we are done, could you advise me if I am allowed to delete the programs I downloaded, and if so do I uninstal them from within control panel, or simply delete them off the desktop.

I will however keep the one you said to keep, and will run it once a week as you said.

Thank you Dakeyras
multichild
2013-12-03, 22:52
I also forgot to ask if its OK for me to download the Jave version 7 update 45, as that is the java update that is needed for my daughter to access some videos on youtube.

Thanks again
Dakeyras
2013-12-04, 10:02
Hi. :)


Ah there you go, I visited the sites that previously caused the problems, and the error did not appear.

The laptop seems to be working very well, thank you.
Good and you're welcome. When I give the all clear feel free to download/reinstall IE 11 again from here (http://windows.microsoft.com/en-gb/internet-explorer/ie-11-worldwide-languages), then check for updates afterwards etc.


When we are done, could you advise me if I am allowed to delete the programs I downloaded, and if so do I uninstal them from within control panel, or simply delete them off the desktop.
By all means I will do so, actually I do have a specific methodology fro removing the tools used during the malware removal process.


I also forgot to ask if its OK for me to download the Jave version 7 update 45, as that is the java update that is needed for my daughter to access some videos on youtube.
Sure we can address this next time round and as mentioned prior I will also provide instructions on how to secure the software.

Next:

Just one other step now as a final sweep to ensure your daughters' machine is indeed malware free as follows...

ESET Online Scanner:

Note: You will need to disable the currently installed Anti-Virus for the duration of the scan, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Windows 7 users: You will need to to right-click on the either the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


Please go here (http://www.eset.com/online-scanner-popup/) to run the scan...
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:


Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the log-file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.
multichild
2013-12-05, 02:00
Hi,

Sorry for the delay in getting back to you.

I got the ESET software and ran it, and it didnt seem to go to plan.

I think I got a copy of the ESET log, but that was before I closed it and I'm not sure if the malware it found was deleted.

So I checked the folder on the C drive, and the app wasnt there and neither was the log.txt file.

So Im wondering if I should download it again and run it again.

Here is what I got before it closed.

C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll.vir Win32/Toolbar.SearchSuite.F application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Datamngr.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir a variant of Win32/Toolbar.SearchSuite.D application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\mgrldr.dll.vir a variant of Win32/Toolbar.SearchSuite.C application
C:\AdwCleaner\Quarantine\C\Program Files\Movies Toolbar\Datamngr\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.G application
C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\updateWebConnect.exe.vir a variant of MSIL/BrowseFox.A application
C:\AdwCleaner\Quarantine\C\Users\Aimee\AppData\Roaming\Advanced System Protector\aspsetup.exe.vir a variant of MSIL/AdvancedSystemProtector.B application
C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
Dakeyras
2013-12-05, 11:18
Hi. :)


Sorry for the delay in getting back to you.
Not a problem.


I got the ESET software and ran it, and it didnt seem to go to plan.

I think I got a copy of the ESET log, but that was before I closed it and I'm not sure if the malware it found was deleted.

So I checked the folder on the C drive, and the app wasnt there and neither was the log.txt file.

So Im wondering if I should download it again and run it again.

Also not a problem, the scan was not meant to delete anything but rather merely be deployed as a final check and if anything malicious flagged I would in turn have advised the appropriate course of action as necessary etc.

Anyway the results are a positive outcome and all that has been detected are items quarantined by AdwCleaner, which will be fully purged when we remove the aforementioned application. Plus some malware removed by Spybot - Search & Destroy, which is fine to leave in the various associated Recovery folders and or purge at your discretion.

If you opt to do so:-

Launch Spybot - Search & Destroy >> Recovery >> select the items the items to be purged >> Purge selected items

Next:

Now lets update some software and check for third party updates as follows...

Re-Install Java:

Go to this web-page --> Java Downloads for All Operating Systems (https://www.java.com/en/download/manual.jsp)

Scroll down to:-

Which should I choose?

Follow the advice per We have detected you may be viewing this page etc etc >> download the appropriate installation file to the desktop.

In your case it should be Windows Offline (32-bit), once downloaded >> right-click on the installation file and select Run as Administrator >> follow the prompts.

Then follow the advice below:-

How to Disable Java in your Web Browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/)

FileHippo Update Checker:

Download and install FileHippo Update Checker from here (http://www.filehippo.com/updatechecker/) to the desktop.


During the installation process deselect the option:- Run at Startup >> then once installed...
Click on Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
Download any updates detected to the desktop >> uninstall anything that requires updating via Uninstall a program or Add/Remove Programs in the Control Panel.
Re-install the updated software...then delete the installers and empty the Recycle Bin.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

Next:

When completed the above let myself know and if any further issues remaining. If not we will remove all tools used during the course of the malware removal process and I will also provide some advise about online safety.
multichild
2013-12-06, 23:10
Hi Dakeyras,

OK all the above done and completed thank you.

There where 3 updates and I purged spybot too.

The laptop seems to be running very well again, so thank you again.

Thank you also for offering the extra support once we are done.
multichild
2013-12-06, 23:26
its obviously a different computer and not on issue, but we have a home computer and it runs on xo and also uses MSE and spybot, so would the advise you give to keep the laptop clean would be ok to download, run and make sure the computer is kept clean and safe.

We not experiencing any problmes with it, this is just forward thinking I suppose.

Thanks
Dakeyras
2013-12-07, 12:19
Hi. :)


OK all the above done and completed thank you.

There where 3 updates and I purged spybot too.

The laptop seems to be running very well again, so thank you again.

Thank you also for offering the extra support once we are done.
Acknowledged and you're welcome!


its obviously a different computer and not on issue, but we have a home computer and it runs on xo and also uses MSE and spybot, so would the advise you give to keep the laptop clean would be ok to download, run and make sure the computer is kept clean and safe.

We not experiencing any problmes with it, this is just forward thinking I suppose.

Some of the online safety advice is quite generic so indeed could be applied for the XP based machine. However if not aware support for XP as a whole will be withdrawn in April of next year. More information to be read here (http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx). My advice would be to update the machine if it is capable of such to at least Windows Vista.

Next:

Congratulations your Daughter's computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping the Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Uninstall AdwCleaner:


Right-click on AdwCleaner.exe and select Run as Administrator to start the program
Click on Uninstall >> Yes, this will remove the application and its log(s) etc.

Uninstall ComboFix:


Click on Start >> Run...(or the Windows key and R together) to bring up the Run box:
Now type in ComboFix /Uninstall into the and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png

Clean up with OTL:


Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-


Right click on Computer and select Properties >> System protection >> Create....
Give this restore point a descriptive name and click Create.
When the new restore point is created click on OK >> close the System Properties window.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-


Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
Select the system drive, C >> OK.
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Click on Clean up system files >> Select the system drive, C >> OK.
Now click on the More Options tab.
Under:-
System Restore and Shadow Copies
Click on Clean up... >> Delete >> OK >> Delete Files.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Re-enable Spybot-S&D TeaTimer:

Basically the opposite of the disable instructions I provided prior, here (http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)&p=1150#post1150).

I also advise check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/en-gb/security/default.aspx)

As is this: Computer Security - a short guide to staying safer online (http://malwareremoval.com/forum/viewtopic.php?f=4&t=54766)

And these are worth reading also: Understanding Windows Firewall settings (http://windows.microsoft.com/en-gb/windows7/understanding-windows-firewall-settings) & Securing Your Router (http://www.staysafeonline.org/stay-safe-online/keep-a-clean-machine/securing-your-home-network)

Keep the System Updated:

Microsoft releases patches for Windows and other products regularly:


Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.

Plus check Automatic Updates (http://windows.microsoft.com/en-US/windows/help/windows-update) is enabled.

Update to Internet Explorer v11:

IE10 has been superseded by IE11 for Windows 7 and above. I strongly advise you download and install the new browser from here (http://windows.microsoft.com/en-gb/internet-explorer/ie-11-worldwide-languages). This will increase overall security whist browsing online.

Even if you do not use IE often having the latest version installed will still increase the machines overall security. This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser (http://www.cert.org/tech_tips/securing_browser/)

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo (http://filehippo.com/) or MajorGeeks (http://www.majorgeeks.com/)

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for the machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)

Only use one of the above!

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

Any questions? Feel free to ask, if not stay safe!
Dakeyras
2013-12-09, 15:41
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)