Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: In desperate need of help.

  1. #11
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    # AdwCleaner v3.024 - Report created 19/04/2014 at 01:41:59
    # Updated 18/04/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : SARAH BROUGH - SARAH-IETMS0KJ2
    # Running from : C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : CltMngSvc
    [#] Service Deleted : Updater Service for AMZN

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Amazon Browser Bar
    Folder Deleted : C:\Program Files\FunWebProducts
    Folder Deleted : C:\Program Files\SearchProtect
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Amazon Browser Bar
    Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Application Data\Viewpoint
    File Deleted : C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
    Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
    Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.AlxHelper
    Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.AlxHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
    Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
    Key Deleted : HKCU\Software\Alexa Internet
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\Nosibay
    Key Deleted : HKCU\Software\SearchProtectINT
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKLM\Software\Amazon Browser Bar
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Settings
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.116

    [ File : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8926 octets] - [19/04/2014 01:40:16]
    AdwCleaner[S0].txt - [9073 octets] - [19/04/2014 01:41:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9133 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Microsoft Windows XP x86
    Ran by SARAH BROUGH on 19/04/2014 at 1:49:43.82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\SARAH BROUGH\Application Data\mozilla\firefox\profiles\jv73zqex.default\extensions\staged





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 19/04/2014 at 1:56:20.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  2. #12
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good, where you able to uninstall Microsoft Security Essentials ?

    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please








    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Malwarebytes has been updated to a newer version. When you install it it will open to the Dashboard. Click on Update and let it update. Then click on the Scan link and run the Threat Scan and whatever it finds check the boxes and remove them

    Last edited by ken545; 2014-04-19 at 05:34.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    Malwarebytes Anti-Malware log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 19/04/2014
    Scan Time: 16:49:33
    Logfile: mam.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.04.19.07
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: SARAH BROUGH

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 273282
    Time Elapsed: 31 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 28
    PUP.Optional.PlurPush.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlurPush, Quarantined, [959e3cf0fa814cea50753a21ce33ab55],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\CLSID\{82249076-d5c8-431d-982b-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\CLSID\{82249076-D5C8-431D-982B-023779779587}\INPROCSERVER32, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    Adware.MyWaySearch, HKLM\SOFTWARE\MyWay, Quarantined, [35fe45e7116a092dbc201ff1877c7d83],
    PUP.Optional.PlurPush.A, HKLM\SOFTWARE\PlurPush, Quarantined, [6cc75fcd403bbf7761c65647ae5519e7],
    Adware.Comet, HKLM\SOFTWARE\Screensavers.com, Quarantined, [6cc72b0187f4ba7c2b456aa7e81bd12f],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeShutdown, Quarantined, [c96aca627dfe3303fc32c723fd0516ea],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeShutdown.1, Quarantined, [43f0aa82bebddc5aac8201e99f63ab55],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeStartup, Quarantined, [280bea42b5c6989ec46af2f8c73b16ea],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeStartup.1, Quarantined, [cf64ee3e1f5c023456d8579323df33cd],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.SettingsPlugin, Quarantined, [f43f2a025d1e75c1d955e307c63c1ae6],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.SettingsPlugin.1, Quarantined, [23107daf1863171fe24c43a7e0229769],
    Adware.MyWaySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\My Way Speedbar Uninstall, Quarantined, [8aa957d57ffcdf579864b05e2bd81de3],
    PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PlurPush, Quarantined, [d75cf03cb8c396a0a185524ba65d718f],
    Adware.MyWaySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\TYPELIB\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
    Adware.MyWaySearch, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 47
    PUP.Optional.PlurPush.A, C:\Program Files\PlurPush\updatePlurPush.exe, Quarantined, [959e3cf0fa814cea50753a21ce33ab55],
    PUP.Optional.PlurPush.A, C:\Program Files\PlurPush\PlurPushBHO.dll, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
    PUP.Optional.OutBrowse, C:\Documents and Settings\SARAH BROUGH\My Documents\Downloads\flvplayer4free_setup.exe, Quarantined, [9d965bd1e59630068c632df038c8b34d],
    PUP.Optional.Bandoo, C:\Documents and Settings\SARAH BROUGH\My Documents\Downloads\iLividSetup-r362-n-bc.exe, Quarantined, [46ed0e1e5b2063d34d4ef80c768b50b0],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\SPSetup.exe, Quarantined, [bd766fbdc9b2e15563d431e836cbfb05],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\SearchProtectINT.exe, Quarantined, [8ea58ca0d3a8ec4ade9532e5659c0bf5],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_ES.exe, Quarantined, [5dd6be6e6c0ffc3ad49f95a079888a76],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_FR.exe, Quarantined, [36fd5ad296e5a492f47fb38258a9768a],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_GB.exe, Quarantined, [d1620c20cfac5fd78ee5979eef12a957],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_IT.exe, Quarantined, [c46fa884b3c87abc4132ce67936ecc34],
    PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\1_Offer_4.exe, Quarantined, [f93a1715abd0e35377fb29f3d3314bb5],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\1_Offer_5.exe, Quarantined, [a0938e9e403b63d312a1121b58a8cc34],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsz11A.exe, Quarantined, [d45fbd6f8dee68cea98e22f7a45de917],
    PUP.Optional.OutBrowse, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\DownloadManager.exe, Quarantined, [023136f60a71fe38d41b1ffe946c39c7],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsb129.exe, Quarantined, [052e08240576e84e2d0ab96004fd659b],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl113.exe, Quarantined, [8da60d1f3447f046c7706cadf40d57a9],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl128.exe, Quarantined, [979c70bc750647ef95a235e43dc423dd],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\AU\SPSetup.exe, Quarantined, [3102bc70c8b31422ea4d53c6de23738d],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsv101\SpSetup.exe, Quarantined, [42f19795bdbef14573c490898d74f010],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsx13B.tmp\Bubble Dock BSetup.exe, Quarantined, [0330d05ca3d8d85e9dd6d0656899de22],
    PUP.FunMoods, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\is39941100\SearchYaLatest.exe, Quarantined, [c46fc4688fec4cea82c9644936ca9d63],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsg135.tmp\Bubble Dock BSetup.exe, Quarantined, [b2813bf19cdf70c61162f93c629f05fb],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsw2F.exe, Quarantined, [39fa9f8d5526fb3b5eea5cc87e83a25e],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsa36.exe, Quarantined, [b182a18bbcbf7eb88fb9ec38a160a858],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsc2B.exe, Quarantined, [a78c9993fc7fec4ab1971014c1400ff1],
    PUP.Optional.Conduit.A, C:\WINDOWS\Temp\nsd18.exe, Quarantined, [052e2b015b204ee8da5d31e8926fe41c],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsf26.exe, Quarantined, [ef4489a3f6853afc64e4a4807c859868],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsk1E.exe, Quarantined, [999aaf7d85f6d363cd7bd351cb360ff1],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsl2E.exe, Quarantined, [f63de6463348fb3beb5d2cf8c33e4fb1],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nslF.exe, Quarantined, [c07383a92556a29411371014768bcb35],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsm39.exe, Quarantined, [b87be646205bea4cb098e93b956c639d],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsn12.exe, Quarantined, [1f146ebe5724a690b098859fc73a817f],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsq31.exe, Quarantined, [013250dc9fdc1521291f8c987f820df3],
    PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nst1D.exe, Quarantined, [47ecc369bdbe0b2b0246ef350af7e51b],
    PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix-2[1], Quarantined, [67cc1319dd9e2610d3a6a86e15ecef11],
    PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix-4[1], Quarantined, [7cb7ff2d6318d5615029e0366f924bb5],
    PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix[1], Quarantined, [c0736dbf017ac5715f1a9a7c6c95ee12],
    PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RSK1UBF6\distro-search-protect-fix-3[1], Quarantined, [82b1e448f88382b417629c7a827fe020],
    PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\OKZDS1SY\Setup[1].exe, Quarantined, [1e1543e9daa17bbbe0e40a51ca37c739],
    PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\PlurPush_ob[1].exe, Quarantined, [8da6200c9cdf8caa4a288e8eaf558878],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\spstub[1].exe, Quarantined, [48ebd25a6516092d690aee2961a03dc3],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\BubbleDockInstaller[1].exe, Quarantined, [37fc7dafd2a9bb7b852e42eb2cd49070],
    PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\60251.Bubble_Dock.BBD023.no[1].exe, Quarantined, [e84b5ece6d0e330379fa51e47b863fc1],
    PUP.Optional.SearchProtect.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\SearchProtectGeneric2[1].exe, Quarantined, [8ba835f7c9b21e18f4d95ddec9374cb4],
    PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\SPSetup[1].exe, Quarantined, [90a3919bd6a556e05cdb8b8ec83951af],
    PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi, Quarantined, [b97a0a22bcbfa195eaa379fb3dc5ab55],
    PUP.Optional.Bubbledock.A, C:\Documents and Settings\SARAH BROUGH\Application Data\Bubble Dock.boostrap.log, Quarantined, [59da1517f388d066187fafcfdd256b95],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    OTL logfile created on: 19/04/2014 17:17:00 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SARAH BROUGH\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.48 Mb Total Physical Memory | 496.85 Mb Available Physical Memory | 48.54% Memory free
    2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.29% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 57.25 Gb Total Space | 4.16 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

    Computer Name: SARAH-IETMS0KJ2 | User Name: SARAH BROUGH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\WINDOWS\htpatch.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\htpatch.exe ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found
    DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (s217unic) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
    DRV - (s217mgmt) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
    DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
    DRV - (s217nd5) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
    DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
    DRV - (s217bus) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
    DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
    DRV - (se44unic) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
    DRV - (se44nd5) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
    DRV - (se44mgmt) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
    DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
    DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
    DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
    DRV - (se44bus) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
    DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
    DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
    DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
    DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
    DRV - (w800bus) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
    DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
    DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (alcan5wn) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
    DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
    DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (BsUDF) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
    DRV - (sisagp) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
    DRV - (BsStor) -- C:\WINDOWS\system32\drivers\bsstor.sys (B.H.A Co.,Ltd.)
    DRV - (Intels51) -- C:\WINDOWS\system32\drivers\Intels51.sys (Intel Corporation)
    DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation )
    DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.btopenworld.com/searchpane
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{D3C57319-A8D9-4546-88DB-9EA0A424FFB8}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: simpleadblock%40wips.com:1.0.8
    FF - prefs.js..extensions.enabledAddons: %7B552199fb-9890-4055-9aaf-b2f6d51d46e9%7D:1.0.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 14:49:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2013/02/08 01:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Extensions
    [2014/04/19 01:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions
    [2013/02/08 01:40:37 | 000,644,177 | ---- | M] () (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions\simpleadblock@wips.com.xpi
    [2013/05/17 01:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/05/17 01:49:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
    O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
    O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [Google Update] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [Google Update] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-527237240-1647877149-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" File not found
    O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/...toUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/...ploader4_5.cab (Facebook Photo Uploader 4)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5E95AD4-C025-4D79-8589-7E6E60E82AE2}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/11/01 11:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/19 16:55:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe
    [2014/04/19 16:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/19 16:15:07 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/04/19 16:15:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/04/19 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/04/19 01:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2014/04/19 01:48:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\SARAH BROUGH\Desktop\JRT.exe
    [2014/04/19 01:40:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/18 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2014/04/18 00:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2014/04/18 00:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2014/04/18 00:51:00 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\SARAH BROUGH\Desktop\spybotsd162.exe
    [2014/04/18 00:36:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\SARAH BROUGH\Desktop\aswMBR.exe
    [2014/04/18 00:16:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\SARAH BROUGH\Desktop\dds.scr
    [2014/04/17 01:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2014/04/07 03:46:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2014/04/07 03:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft Corporation
    [2014/04/07 03:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2014/03/29 01:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\WinZip
    [2014/03/29 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
    [2014/03/29 01:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2014/03/29 01:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2014/03/28 02:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\PlurPush
    [2014/03/26 23:44:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
    [2014/03/26 23:44:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp files -> C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/04/19 17:16:46 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1647877149-839522115-1004UA.job
    [2014/04/19 16:55:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe
    [2014/04/19 16:54:02 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2014/04/19 16:53:53 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/19 16:52:37 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/19 16:52:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/04/19 16:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/04/19 16:15:14 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/19 01:48:09 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\SARAH BROUGH\Desktop\JRT.exe
    [2014/04/19 01:47:56 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
    [2014/04/19 01:37:20 | 001,258,805 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
    [2014/04/19 01:32:36 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2014/04/19 01:03:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2014/04/18 00:53:21 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2014/04/18 00:53:21 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\Spybot - Search & Destroy.lnk
    [2014/04/18 00:51:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\SARAH BROUGH\Desktop\spybotsd162.exe
    [2014/04/18 00:46:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\MBR.dat
    [2014/04/18 00:36:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\SARAH BROUGH\Desktop\aswMBR.exe
    [2014/04/18 00:34:55 | 000,005,464 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\My Documents\attach.zip
    [2014/04/18 00:17:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\SARAH BROUGH\Desktop\dds.scr
    [2014/04/17 01:55:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2014/04/17 01:30:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/04/16 02:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/04/15 23:55:52 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/15 23:47:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
    [2014/04/15 18:16:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1647877149-839522115-1004Core.job
    [2014/04/12 00:17:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/04/09 03:03:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2014/04/08 17:16:31 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/03/31 00:36:03 | 000,441,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/03/31 00:36:03 | 000,071,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/03/29 01:13:30 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2014/03/28 02:46:45 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp files -> C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/04/19 16:15:14 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/19 01:37:16 | 001,258,805 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
    [2014/04/18 00:53:21 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2014/04/18 00:53:21 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\Spybot - Search & Destroy.lnk
    [2014/04/18 00:46:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\MBR.dat
    [2014/04/18 00:34:55 | 000,005,464 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\My Documents\attach.zip
    [2014/04/07 03:45:59 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2014/04/03 23:55:17 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2014/03/29 01:13:30 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2014/03/28 01:39:15 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/03/28 01:39:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2013/12/24 02:43:27 | 000,001,457 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\recently-used.xbel
    [2007/10/07 14:56:21 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\dm.ini
    [2007/05/02 18:39:45 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/11 20:04:43 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\fusioncache.dat
    [2004/11/28 21:06:45 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/04/13 11:26:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/06/26 09:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/03/11 03:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2009/07/19 17:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
    [2004/01/09 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2011/11/20 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2008/03/14 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2012/10/12 19:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2014/03/29 01:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/02/22 16:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2011/12/30 20:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/08 14:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/17 12:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/01/28 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2010/05/09 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\AnvSoft
    [2013/02/07 03:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Dropbox
    [2012/03/11 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\DVDVideoSoft
    [2006/09/02 19:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\EPSON
    [2006/04/30 15:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Leadertech
    [2009/07/19 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Sony
    [2007/04/11 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Teleca

    ========== Purity Check ==========



    < End of report >

  5. #15
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    OTL Extras logfile created on: 19/04/2014 17:17:00 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SARAH BROUGH\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.48 Mb Total Physical Memory | 496.85 Mb Available Physical Memory | 48.54% Memory free
    2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.29% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 57.25 Gb Total Space | 4.16 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

    Computer Name: SARAH-IETMS0KJ2 | User Name: SARAH BROUGH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
    "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
    "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971
    "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
    "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{27F650A9-6FAB-41C8-8621-92FF0118B0C4}" = EPSON Easy Photo Print
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
    "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
    "{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
    "{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}" = WinZip 17.5
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESPR240 User's Guide" = ESPR240 User's Guide
    "GIMP-2_is1" = GIMP 2.8.8
    "Google Chrome" = Google Chrome
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InCD!UninstallKey" = Ahead InCD
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MRW!UninstallKey" = Ahead InCD EasyWrite Reader
    "NeroVision!UninstallKey" = Ahead NeroVision Express
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NMPUninstallKey" = Ahead NeroMediaPlayer
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Picasa 3" = Picasa 3
    "RealPlayer 6.0" = RealPlayer Basic
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google+ Auto Backup" = Google+ Auto Backup

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 16/04/2014 21:35:06 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 16/04/2014 21:35:11 | Computer Name = SARAH-IETMS0KJ2 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 16/04/2014 21:36:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:14:26 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 18/04/2014 20:14:41 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:15:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 18/04/2014 20:15:24 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:26:14 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 18/04/2014 20:26:22 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1001
    Description = Fault bucket 734562961.

    Error - 18/04/2014 20:31:29 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
    Description = Hanging application Setup.exe, version 4.5.216.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ Application Events ]
    Error - 16/04/2014 21:35:06 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 16/04/2014 21:35:11 | Computer Name = SARAH-IETMS0KJ2 | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 16/04/2014 21:36:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:14:26 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 18/04/2014 20:14:41 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:15:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
    Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
    mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.

    Error - 18/04/2014 20:15:24 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
    Description = Fault bucket 192258987.

    Error - 18/04/2014 20:26:14 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 18/04/2014 20:26:22 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1001
    Description = Fault bucket 734562961.

    Error - 18/04/2014 20:31:29 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
    Description = Hanging application Setup.exe, version 4.5.216.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 18/04/2014 20:43:12 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/04/2014 11:08:33 | Computer Name = SARAH-IETMS0KJ2 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm

    Error - 19/04/2014 11:08:50 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/04/2014 11:50:13 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 19/04/2014 11:50:36 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 19/04/2014 11:50:49 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 19/04/2014 11:50:52 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 19/04/2014 11:51:09 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 19/04/2014 11:51:29 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/04/2014 11:53:35 | Computer Name = SARAH-IETMS0KJ2 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.


    < End of report >

  6. #16
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    Forgot to add, yes I did manage to remove MS Security Essentials.

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    It looks like Microsoft Security Essentials is now just designed for Vista, Win 7 and 8

    So try this free one from AVG. Not sure of your set up, sometimes your ISP will let you install antivirus for free, you may want to check, if none is available than try AVG
    http://free.avg.com/us-en/homepage

    Are you aware that Microsoft has dropped support for Windows XP, its was one of the better operating systems but has outlived is usefulness, it has now gone the way of Windows 95 and 98. It will still work but you wont get anymore windows updates that help keep the bad guys out. If you keep it I would refrain from doing any online banking or shopping using a credit card. When where done I can have you run a program to see if your system is upgradable to Windows 7

    Just a few leftovers

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
      O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\MyWay
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [EMPTYJAVA] 
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces


    Then run a new scan with OTL and post the new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    I'm aware of XP support having ended, I was getting MS popups daily telling me that. As for Windows 7, theoretically it can run it, however I'd need to transfer all my music onto a portable hard drive to make enough memory available for installation (ran microsoft's upgrade checker).

    I will get on and run this code and get back to you.

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats good, looks like your right on it. Windows 7 is wonderful, if you can upgrade to it that would be great. A clean install is better but an upgrade is cheaper, you may be able to find an OEM version of Win 7 Upgrade on ebay or Amazon. Make sure you install AVG, you dont want to be with out any protection
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    Apr 2014
    Posts
    15

    Default

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\MyWay\myBar\Settings folder moved successfully.
    C:\Program Files\MyWay\myBar\History folder moved successfully.
    C:\Program Files\MyWay\myBar\Cache folder moved successfully.
    C:\Program Files\MyWay\myBar\1.bin folder moved successfully.
    C:\Program Files\MyWay\myBar folder moved successfully.
    C:\Program Files\MyWay folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\SARAH BROUGH\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\SARAH BROUGH\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: SARAH BROUGH

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 6788761 bytes
    ->Flash cache emptied: 16307 bytes

    User: NetworkService
    ->Temp folder emptied: 4736856 bytes
    ->Temporary Internet Files folder emptied: 669189 bytes

    User: SARAH BROUGH
    ->Temp folder emptied: 1649845183 bytes
    ->Temporary Internet Files folder emptied: 2069279022 bytes
    ->FireFox cache emptied: 112600548 bytes
    ->Google Chrome cache emptied: 240785115 bytes
    ->Flash cache emptied: 2015374 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1138887 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 287774410 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1144490469 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 18072235 bytes
    RecycleBin emptied: 100422 bytes

    Total Files Cleaned = 5,282.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04192014_181927

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    Malwarebytes and Spybot are not letting me download AVG.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •