View Full Version : In desperate need of help.
EdHunter
2014-04-18, 04:02
I have no clue what I'm doing here, all I know is that between shutting the computer down early morning Thursday to firing it back up Thursday night something has happened to make it stop working properly. It's XP, when I opened up, the desktop froze on me it unfroze after 5 minutes but then the taskbar froze. I have attempted two restore points, the day of the last update for XP and from the day after, both failed.
I'm unable to locate the links for ERUNT on either of the three site you've linked to.
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by SARAH BROUGH at 0:18:32 on 2014-04-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.594 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uWindow Title = Microsoft Internet Explorer
uSearch Bar = hxxp://www.btopenworld.com/searchpane
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
BHO: myBar BHO: {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -
BHO: PlurPush: {82249076-d5c8-431d-982b-023779779587} - c:\program files\plurpush\PlurPushbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: &SearchBar: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &SearchBar: {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Amazon Browser Bar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [EPSON Stylus Photo R240 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\windows\system32\config\systemprofile\application data\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{A5E95AD4-C025-4D79-8589-7E6E60E82AE2} : DHCPNameServer = 192.168.1.1 0.0.0.0
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sarah brough\application data\mozilla\firefox\profiles\jv73zqex.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - plugin: c:\documents and settings\sarah brough\local settings\application data\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\documents and settings\sarah brough\local settings\application data\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-28 00:00; {552199fb-9890-4055-9aaf-b2f6d51d46e9}; c:\documents and settings\sarah brough\application data\mozilla\firefox\profiles\jv73zqex.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2003-11-1 9344]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 231960]
S2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2003-11-1 468480]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-4-8 2470688]
S2 Update PlurPush;Update PlurPush;c:\program files\plurpush\updatePlurPush.exe [2014-3-28 348440]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2012-5-22 222368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-21 40776]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2011-12-10 602912]
.
=============== Created Last 30 ================
.
2014-04-17 00:54:41 -------- d-----w- c:\windows\pss
2014-04-16 00:28:40 8049928 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f572755a-b83f-4f26-bdb3-d37465633cfb}\mpengine.dll
2014-04-14 23:15:23 7969936 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-07 02:46:47 -------- d-----w- c:\windows\Performance
2014-04-07 02:46:35 -------- d-----w- c:\documents and settings\sarah brough\local settings\application data\Microsoft Corporation
2014-04-07 02:45:52 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2014-03-29 00:14:32 -------- d-----w- c:\documents and settings\sarah brough\local settings\application data\WinZip
2014-03-28 02:01:19 -------- d-----w- c:\documents and settings\sarah brough\local settings\application data\SearchProtect
2014-03-28 01:51:45 -------- d-----w- c:\program files\PlurPush
2014-03-28 01:51:05 -------- d-----w- c:\program files\SearchProtect
2014-03-26 22:44:53 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-26 22:44:53 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-03-12 02:40:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:40:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-02-21 23:29:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-25 00:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-07-07 01:40:18 0 ----a-w- c:\program files\GUM6F.tmp
.
============= FINISH: 0:20:26.84 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-18 00:37:37
-----------------------------
00:37:37.625 OS Version: Windows 5.1.2600 Service Pack 3
00:37:37.625 Number of processors: 1 586 0x209
00:37:37.625 ComputerName: SARAH-IETMS0KJ2 UserName: SARAH BROUGH
00:37:38.250 Initialize success
00:39:00.859 AVAST engine defs: 14041703
00:39:09.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
00:39:09.671 Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 58643MB BusType: 3
00:39:09.843 Disk 0 MBR read successfully
00:39:09.859 Disk 0 MBR scan
00:39:09.953 Disk 0 Windows XP default MBR code
00:39:09.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58627 MB offset 63
00:39:09.984 Disk 0 scanning sectors +120069810
00:39:10.125 Disk 0 scanning C:\WINDOWS\system32\drivers
00:39:29.671 Service scanning
00:40:00.500 Modules scanning
00:40:09.843 Disk 0 trace - called modules:
00:40:09.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:40:09.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873caab8]
00:40:12.343 3 CLASSPNP.SYS[f782efd7] -> nt!IofCallDriver -> \Device\00000058[0x873c99e8]
00:40:12.468 5 ACPI.sys[f77a5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x873c9d98]
00:40:14.328 AVAST engine scan C:\WINDOWS
00:40:47.609 AVAST engine scan C:\WINDOWS\system32
00:44:21.796 AVAST engine scan C:\WINDOWS\system32\drivers
00:44:48.375 AVAST engine scan C:\Documents and Settings\SARAH BROUGH
00:46:41.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SARAH BROUGH\Desktop\MBR.dat"
00:46:41.343 The log file has been saved successfully to "C:\Documents and Settings\SARAH BROUGH\Desktop\aswMBR.txt"
-----------------------------------------------------------
:snwelcome:
Not sure if this is the problem but on Windows XP, the latest Microsoft Security Essentials update caused problems
One of the latest updates for Microsoft Security Essentials is reportedly slowing down Windows XP computers so much that they’re becoming unusable, a number of users complained, and without an official patch to fix this, turning to various workarounds is the only option.
According to Fudzilla, it all comes down to the MsMpEng.exe process that needs to be killed in order to make your Windows XP computer usable once again. This means that Microsoft Security Essentials must be disabled completely, which isn’t quite a recommended thing now that Windows XP no longer receives support and fixes for found vulnerabilities.
To do this, you can either go to Task Manager and kill the aforementioned process, or simply type “services.msc” and disable the Microsoft Security Essentials service to make sure that it doesn’t run on startup. Reboot your computer and you should be ready to go.
Let me know if this worked and if it did I can link you to free AVs that still work on XP
Sorry, my post was short
You can go to task manager by clicking on Ctrl. Alt...Del and under Processors click on MsMpEng.exe and End Process, do the same for Microsoft Security Essentials if its listed
Then go to Start > Run and type in services.msc and hit enter on your keyboard
Look for Microsoft Security Essentials , click on it and you will see an option to disable it
EdHunter
2014-04-19, 02:08
Unfortunately the continuation of my first post was deleted, I had to split it into two parts as there was a lot of text to post.
Spybot results
Smitfraud-C.gp: [SBI $EE2EF3B5] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Alexa Internet
Win32.2UrFace.bho: [SBI $51263573] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
Win32.2UrFace.bho: [SBI $62251A5D] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Win32.2UrFace.bho: [SBI $D31FCF30] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Systweak.RegCleanPro: [SBI $EA6CE3BF] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Distromatic
Win32.Downloader.gen: [SBI $C188B636] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsz11A.exe
Properties.size=110936
Properties.md5=CBB0857B4E4C5D947A0933733F19AFFC
Properties.filedate=1379849614
Properties.filedatetext=2013-09-22 12:33:34
Win32.Downloader.gen: [SBI $C188B636] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl128.exe
Properties.size=110936
Properties.md5=CBB0857B4E4C5D947A0933733F19AFFC
Properties.filedate=1379849614
Properties.filedatetext=2013-09-22 12:33:34
Win32.Downloader.gen: [SBI $C188B636] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl113.exe
Properties.size=110936
Properties.md5=CBB0857B4E4C5D947A0933733F19AFFC
Properties.filedate=1379849614
Properties.filedatetext=2013-09-22 12:33:34
Win32.Downloader.gen: [SBI $C188B636] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsb129.exe
Properties.size=110936
Properties.md5=CBB0857B4E4C5D947A0933733F19AFFC
Properties.filedate=1379849614
Properties.filedatetext=2013-09-22 12:33:34
FunWebProducts: [SBI $54A99A1C] Configuration file (File, nothing done)
C:\Program Files\FunWebProducts\Installr\Cache\files.ini
Properties.size=136
Properties.md5=489DC670DB04DFE1BF8648FCCB89B562
Properties.filedate=1071693167
Properties.filedatetext=2003-12-17 21:32:46
FunWebProducts: [SBI $16E7DEC4] Data (File, nothing done)
C:\Program Files\FunWebProducts\Installr\Cache\00057F3A
Properties.size=12288
Properties.md5=816A69882D292A2721B4FA15097C41C3
Properties.filedate=1071693155
Properties.filedatetext=2003-12-17 21:32:35
FunWebProducts: [SBI $16E7DEC4] Data (File, nothing done)
C:\Program Files\FunWebProducts\Installr\Cache\000588A0
Properties.size=12288
Properties.md5=9FA862459ECCC78ABAF7949D1B390BA7
Properties.filedate=1071693157
Properties.filedatetext=2003-12-17 21:32:37
FunWebProducts: [SBI $16E7DEC4] Data (File, nothing done)
C:\Program Files\FunWebProducts\Installr\Cache\0005915A
Properties.size=12288
Properties.md5=AE1209019B64B76F4637E61BC16AC57E
Properties.filedate=1071693159
Properties.filedatetext=2003-12-17 21:32:39
FunWebProducts: [SBI $16E7DEC4] Data (File, nothing done)
C:\Program Files\FunWebProducts\Installr\Cache\00059A05
Properties.size=12288
Properties.md5=042801080C9C7A900B0663BF93023FA5
Properties.filedate=1071693166
Properties.filedatetext=2003-12-17 21:32:45
FunWebProducts: [SBI $7DA4BA2D] Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\Installr
FunWebProducts: [SBI $B71E4FFD] Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\
MyWay.MyBar: [SBI $23C288C0] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay
MyWay.MyBar: [SBI $77C9295E] Library (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
Properties.size=32768
Properties.md5=E798F7C6602F5577ACDB97D7143083FA
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $4C728484] Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWay\myBar
MyWay.MyBar: [SBI $68C1B745] Netscape hook (Registry value, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Netscape\Netscape Navigator\Automation Shutdown\MyWayToolBar.NetscapeShutdown.1
MyWay.MyBar: [SBI $9F513381] Netscape hook (Registry value, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Netscape\Netscape Navigator\Automation Startup\MyWayToolBar.NetscapeStartup.1
MyWay.MyBar: [SBI $7AAC92DD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown
MyWay.MyBar: [SBI $7AAC92DD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown.1
MyWay.MyBar: [SBI $7AAC92DD] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $7AAC92DD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown.1
MyWay.MyBar: [SBI $7AAC92DD] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $7AAC92DD] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown
MyWay.MyBar: [SBI $0F58AC5D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeStartup
MyWay.MyBar: [SBI $0F58AC5D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeStartup.1
MyWay.MyBar: [SBI $0F58AC5D] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $0F58AC5D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeStartup.1
MyWay.MyBar: [SBI $0F58AC5D] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $0F58AC5D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.NetscapeStartup
MyWay.MyBar: [SBI $EE7DCE79] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin
MyWay.MyBar: [SBI $EE7DCE79] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin.1
MyWay.MyBar: [SBI $EE7DCE79] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $EE7DCE79] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin.1
MyWay.MyBar: [SBI $EE7DCE79] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $EE7DCE79] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin
MyWay.MyBar: [SBI $242B9AFE] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $3703A38D] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $39E44B5C] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $1FB439BA] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $027BE818] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $5314DC76] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $D1E90A3E] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $F95E9009] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0494D0DE-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $BA8F5307] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $A74082A5] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $691DB121] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $74D26083] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $A37A11CC] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $2E46BBC3] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $35CF119C] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
MyWay.MyBar: [SBI $35CF119C] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
MyWay.MyBar: [SBI $CDA59C59] IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $0E585F0A] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
MyWay.MyBar: [SBI $24D22F00] Program directory (Directory, nothing done)
C:\Program Files\MyWay\myBar\
MyWay.MyBar: [SBI $0E5FD087] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
Properties.size=321
Properties.md5=7B993903E6F08D6C35371D891DA8BC50
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $46DB162E] Picture (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
Properties.size=668
Properties.md5=1619AF5D0D1120FF1A7F536B2F97CEF9
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $7010056B] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
Properties.size=440
Properties.md5=1A66C0BB63A6ED73C39A00EB53D59AE8
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $EFEF68CB] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
Properties.size=440
Properties.md5=D954FA9F2E5714E72EE4CBBE77F6B81B
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $36ECC858] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT
Properties.size=937
Properties.md5=17791D4AC55E4CBA8FE212D278B4141A
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $3F7031D8] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT
Properties.size=909
Properties.md5=FE730A7A6EB8B7F86FC48F2BE81FB2A2
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $51D7D610] Data (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT
Properties.size=919
Properties.md5=AAECE10FEFBD3D2A34E1F0CF5CAABB18
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
MyWay.MyBar: [SBI $8D16E788] Installer (File, nothing done)
C:\Program Files\MyWay\myBar\1.bin\UNINSTALL.INF
Properties.size=2445
Properties.md5=AA02769E36B1A1D787DEFEB3BBC6D2F2
Properties.filedate=1070114924
Properties.filedatetext=2003-11-29 15:08:44
BubbleDock: [SBI $9C8ABD50] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Nosibay\Bubble Dock
Conduit.SearchProtect: [SBI $C559C1BC] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect\Environment
Conduit.SearchProtect: [SBI $746A4EE2] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect
Conduit.SearchProtect: [SBI $0356CF55] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Conduit.SearchProtect: [SBI $0356CF55] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Conduit.SearchProtect: [SBI $4A92DDE0] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\SearchProtect\Logs\
Conduit.SearchProtect: [SBI $F4050CA9] Data (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserRepository.dat
Properties.size=54110
Properties.md5=5FDDDBFC5DB7FBC22DB20FDBCA2CE78A
Properties.filedate=1397699159
Properties.filedatetext=2014-04-17 02:45:59
Conduit.SearchProtect: [SBI $453597EC] Data (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserSettings.dat
Properties.size=1954
Properties.md5=9DD1500FA5ACEE9783673690597A5F8F
Properties.filedate=1397699175
Properties.filedatetext=2014-04-17 02:46:14
Conduit.SearchProtect: [SBI $469E3ED0] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\SearchProtect\rep\
Conduit.SearchProtect: [SBI $192A837B] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\SearchProtect\
Conduit.SearchProtect: [SBI $0235E586] Data (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\UI\rep\UIRepository.dat
Properties.size=13790
Properties.md5=84B0B77ED96B3E488CC7B00561F0E530
Properties.filedate=1397613548
Properties.filedatetext=2014-04-16 02:59:07
Conduit.SearchProtect: [SBI $55B42006] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\UI\rep\
Conduit.SearchProtect: [SBI $6699FFBE] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\UI\
Conduit.SearchProtect: [SBI $59173936] Application data folder (Directory, nothing done)
C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\Logs\
Conduit.SearchProtect: [SBI $59173936] Application data folder (Directory, nothing done)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\Logs\
Conduit.SearchProtect: [SBI $59173936] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\Logs\
Conduit.SearchProtect: [SBI $CA1A24DA] Application data folder (Directory, nothing done)
C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\
Conduit.SearchProtect: [SBI $CA1A24DA] Application data folder (Directory, nothing done)
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\
Conduit.SearchProtect: [SBI $CA1A24DA] Application data folder (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect\
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png
Properties.size=2240
Properties.md5=C823284831366AA9C82971F73F434786
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
Properties.size=2328
Properties.md5=AC8DD5EDC8AE4732C973ADEAF5960644
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
Properties.size=2348
Properties.md5=9AD3CA0D9B9F398BF00205E248F28803
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
Properties.size=11390
Properties.md5=A8216737C79E710DD25848314772E411
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
Properties.size=32733
Properties.md5=012533D7330C1381A965504473766DF1
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png
Properties.size=31085
Properties.md5=47CD216C5F869CB8FC9F33C200598D28
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png
Properties.size=12080
Properties.md5=93B456AE92E34E72757A3EB1FD365E59
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png
Properties.size=13426
Properties.md5=83947801C8C71067E70D2310AB5ADD48
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
Properties.size=10710
Properties.md5=AA026DE7E5A074804467B60175AAF86B
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png
Properties.size=17758
Properties.md5=FE560610C4BF512F4680FABCFF5ACBEE
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png
Properties.size=1256
Properties.md5=610708A0FDF2E03669771524E5A6F11A
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png
Properties.size=933
Properties.md5=127A8ACFAAE51661CE155A1371816E1F
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png
Properties.size=1065
Properties.md5=215653C3BAF2F6890AE676A0A0B03677
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png
Properties.size=1364
Properties.md5=2DD758697096D542B449DDB3A4050831
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png
Properties.size=378
Properties.md5=1B8A6B986EFD5BA8E80D480B8E4A98ED
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
Properties.size=360
Properties.md5=77A1019ED61C81C13AE27AEBC4C4D325
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png
Properties.size=274
Properties.md5=77C3E90B2A59B6B12F3807958C1A3169
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png
Properties.size=1264
Properties.md5=58F653D35176784E2D3C47C654DC2F60
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
Properties.size=1405
Properties.md5=E8749086079E532A3D12D083E4718F7E
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png
Properties.size=2993
Properties.md5=18392D827455EE4A547E2DFC687C4D2F
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png
Properties.size=1038
Properties.md5=0C8C517B9B2FED409F630F5FEE55CD9A
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png
Properties.size=1049
Properties.md5=710C8790BF108AF58251A8E414DDF7CA
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png
Properties.size=256
Properties.md5=5B809317B81900CA4FF352B39161D873
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png
Properties.size=1339
Properties.md5=57119B0CE24F56043CB53394D3290EAC
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png
Properties.size=424
Properties.md5=26742402965AA8F6EBCE440BBD118092
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png
Properties.size=1014
Properties.md5=C5884E1F373AB89BFD88DA93DD577CDA
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png
Properties.size=3264
Properties.md5=48F60B7BBB12D535976714CA2F374982
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png
Properties.size=1553
Properties.md5=D5E082CFDA8E92321F066CE6C5379C97
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
Properties.size=1715
Properties.md5=25959ED83887BA9C19564D9D010C8BA9
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png
Properties.size=859
Properties.md5=27C663405BB327722461F06C1BA22C64
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png
Properties.size=886
Properties.md5=D2FE1CACCAF82BE2E35CD19600A4CF2B
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png
Properties.size=1257
Properties.md5=F2D744A1FE7886B67370B957F0CEBE87
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png
Properties.size=1198
Properties.md5=395D79FF1D175BEDD626F0F89C51E648
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\v.png
Properties.size=1214
Properties.md5=52B857BDAA5E394BFA9BED9057230E34
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $622B3442] Picture (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\x.png
Properties.size=1332
Properties.md5=82447070E0073012E0AE56D1672ACA50
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $262BC338] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\Images\
Conduit.SearchProtect: [SBI $6E58973D] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js
Properties.size=983
Properties.md5=DFACEA71B332DF9FB7E29EADB83DAA3A
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $E38C360B] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js
Properties.size=1909
Properties.md5=07CA109D1DF3233F39024A8DBFFE5288
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $AF06A4D6] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
Properties.size=93868
Properties.md5=DDB84C1587287B2DF08966081EF063BF
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $B173AB3C] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js
Properties.size=2780
Properties.md5=18C47581E22A53E0985F6704BB9EB607
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $BADBFC66] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\main.js
Properties.size=10183
Properties.md5=785C8B4A891E023382846CF5D161309C
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $009E10BD] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
Properties.size=3304
Properties.md5=1BF2125A090D6918959848FCB71770D5
Properties.filedate=1396961972
Properties.filedatetext=2014-04-08 13:59:32
Conduit.SearchProtect: [SBI $B664B453] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\libs\
Conduit.SearchProtect: [SBI $FD2E0A4B] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js
Properties.size=862
Properties.md5=2A014A629C812AB6BEE1C922394BBC04
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $D47DA58B] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css
Properties.size=4223
Properties.md5=3D3ED3CB1651FFF21669C184199E4A14
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $EF996C3D] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html
Properties.size=3079
Properties.md5=B399457BBD1859FEE5A6C734491C3FE8
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $DA42438A] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js
Properties.size=4762
Properties.md5=17DF4FC66E577C4E2663E205DA23D000
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $030516D0] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protection\
Conduit.SearchProtect: [SBI $1DECA8D6] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js
Properties.size=287
Properties.md5=C49AC0FB4C3B4F3EDC5BB8DD3B4FE410
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $3A99343D] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
Properties.size=3622
Properties.md5=5A3850378CCD7D5EBBA91F6587EA698D
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $CD759E15] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
Properties.size=1254
Properties.md5=738BC1107E589225E2226981DB08E079
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $30B2D988] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
Properties.size=3645
Properties.md5=82AA92182CD333A54E443299B776181D
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $3C999955] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\
Conduit.SearchProtect: [SBI $61C396D3] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js
Properties.size=1064
Properties.md5=5DB5FDFC65C076C89B272A96847863A2
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $66FF6A61] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css
Properties.size=8098
Properties.md5=F746C1780347AF1D9788993220EF26B4
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $AFF4E594] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html
Properties.size=12488
Properties.md5=47A17A0D62B82212FE2BA2BFDA528DF9
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $E5868133] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js
Properties.size=11919
Properties.md5=4610E3F24E6A5F56341D8E5A8AF160A6
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $4CD5CF39] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings\
Conduit.SearchProtect: [SBI $FF5DF880] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js
Properties.size=1191
Properties.md5=AD1A161C09A3C9D9BCC67113A119A42B
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $881968A8] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css
Properties.size=5128
Properties.md5=6702EBDFA04856F454F5C3852715E116
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $4DA27982] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html
Properties.size=5144
Properties.md5=A5EEA6DBE2A0F689ED9C448AD5B9D446
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $0DE56431] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js
Properties.size=5359
Properties.md5=150A624BB04B094D7BE3CB2F0ECDAD7E
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $27868D8A] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\uninstall\
Conduit.SearchProtect: [SBI $DAF8F363] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.css
Properties.size=1810
Properties.md5=F76A88D35751A21CE0A375F3015750FF
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $41468321] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.html
Properties.size=1250
Properties.md5=426A63B6FBEA10DE6A91F1F7B7D0E63A
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $849C9982] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.js
Properties.size=2353
Properties.md5=FD4E780F458B2CE7D452393066DA2DF3
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $10076BB9] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\bubble\defaults.js
Properties.size=266
Properties.md5=F27FAE519DA7F94F5F11CB6016B1CFB6
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $67232A12] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\bubble\
Conduit.SearchProtect: [SBI $61720960] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\settings.html
Properties.size=8030
Properties.md5=E8FAC50A5DC00FE4C43FE261A70F67EA
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $AB043D30] Data (File, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\style.css
Properties.size=7233
Properties.md5=088C8DDE12AE5FE84D9CF82BE075B070
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $25FEE4AE] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\dialogs\
Conduit.SearchProtect: [SBI $36A947DC] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\rep\
Conduit.SearchProtect: [SBI $C12F11B8] Executable (File, nothing done)
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
Properties.size=3037472
Properties.md5=EFAAE131121B7AD73CBA0FECC0B5A277
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $BBEBD6F8] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\bin\
Conduit.SearchProtect: [SBI $12BC161B] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\UI\
Conduit.SearchProtect: [SBI $B9D3A88C] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\Main\Logs\
Conduit.SearchProtect: [SBI $0FD70B5A] Data (File, nothing done)
C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat
Properties.size=5326
Properties.md5=FAC0C1B85C55411136DD7565EC9BFD4C
Properties.filedate=1397517042
Properties.filedatetext=2014-04-15 00:10:41
Conduit.SearchProtect: [SBI $BE9A1AC2] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\Main\rep\
Conduit.SearchProtect: [SBI $51A9D386] Executable (File, nothing done)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
Properties.size=2470688
Properties.md5=F31EAD497B8CBE16895A3B7B201C4EAE
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $5D253DB2] Executable (File, nothing done)
C:\Program Files\SearchProtect\Main\bin\uninstall.exe
Properties.size=1063800
Properties.md5=0BE55CE27465CAE6AFB660BCEAD3D5DC
Properties.filedate=1396962432
Properties.filedatetext=2014-04-08 14:07:12
Conduit.SearchProtect: [SBI $B4A74870] Library (File, nothing done)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll
Properties.size=2378528
Properties.md5=662450EE5BC0562E459975942142941E
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $33D88BE6] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\Main\bin\
Conduit.SearchProtect: [SBI $7BFC40F6] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\Main\
Conduit.SearchProtect: [SBI $9BBE9398] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\SearchProtect\rep\
Conduit.SearchProtect: [SBI $715267E7] Executable (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
Properties.size=4693792
Properties.md5=DEABB07BC9B0009D826D2CA04C43F90F
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $D56375D8] Executable (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe
Properties.size=1675552
Properties.md5=6659520EED80EBEF0B252817E15D5551
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $623C6E68] Library (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll
Properties.size=12370720
Properties.md5=BB0A70EA6ECCE4050117D2F951E6AA12
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $002DD404] Library (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Properties.size=1050912
Properties.md5=03D24F335740C1AFB61EC58CE0013B86
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $E65DA2D2] Library (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll
Properties.size=3180832
Properties.md5=92FFD31EADF37BED6A17032B972750ED
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $F23FC2F7] Library (File, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Properties.size=1355552
Properties.md5=623115AF90B5868FA4AEBC96F15A218A
Properties.filedate=1396962398
Properties.filedatetext=2014-04-08 14:06:38
Conduit.SearchProtect: [SBI $16FC02BC] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\SearchProtect\bin\
Conduit.SearchProtect: [SBI $B28BEB4C] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\SearchProtect\
Conduit.SearchProtect: [SBI $61B05016] Text file (File, nothing done)
C:\Program Files\SearchProtect\EULA.txt
Properties.size=30153
Properties.md5=901F6F54C16EA26E2D62C0D3EBC40E30
Properties.filedate=1396960690
Properties.filedatetext=2014-04-08 13:38:10
Conduit.SearchProtect: [SBI $D161A3CC] Program directory (Directory, nothing done)
C:\Program Files\SearchProtect\
Conduit.SearchProtect: [SBI $8FCFA778] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\SPSetup[1].exe
Properties.size=2336800
Properties.md5=12FD3FDD30842B7B335C8B3E984BEC2B
Properties.filedate=1395971420
Properties.filedatetext=2014-03-28 02:50:20
Conduit.SearchProtect: [SBI $8FCFA778] Executable (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\spstub[1].exe
Properties.size=124184
Properties.md5=5E144DD2B309BD00D2BE3D7CC4DC786F
Properties.filedate=1395971437
Properties.filedatetext=2014-03-28 02:50:37
AlexaToolbar: [SBI $4AE64A2B] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
AlexaToolbar: [SBI $3046D4C5] Browser helper object (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
AlexaToolbar: [SBI $3CFA3B21] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Altnet: [SBI $3C8FED45] Program directory (Directory, nothing done)
c:\Program Files\Altnet\
GAIN.Gator: [SBI $E1911592] Log file (File, nothing done)
C:\WINDOWS\GatorPdpSetup.log
Properties.size=19044
Properties.md5=EA3ECA8FEA23F23685ECD31379F70314
Properties.filedate=1070140591
Properties.filedatetext=2003-11-29 22:16:31
GAIN.Gator: [SBI $D87AFA6F] Log file (File, nothing done)
C:\WINDOWS\GatorUninstaller_cme.log
Properties.size=1044
Properties.md5=EDB8D962400BCE47C4CFB47B012071B3
Properties.filedate=1093975438
Properties.filedatetext=2004-08-31 19:03:57
GAIN.Gator: [SBI $D87AFA6F] Log file (File, nothing done)
C:\WINDOWS\GatorUninstaller_cme_u.log
Properties.size=7196
Properties.md5=C398410BEFD4730342A0FBE4D3C01249
Properties.filedate=1093975485
Properties.filedatetext=2004-08-31 19:04:44
IronInstall.Toolbar.Amazon: [SBI $A663259B] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater
IronInstall.Toolbar.Amazon: [SBI $A663259B] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater.1
IronInstall.Toolbar.Amazon: [SBI $A663259B] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
IronInstall.Toolbar.Amazon: [SBI $A663259B] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater.1
IronInstall.Toolbar.Amazon: [SBI $A663259B] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
IronInstall.Toolbar.Amazon: [SBI $A663259B] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater
IronInstall.Toolbar.Amazon: [SBI $718547BF] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
IronInstall.Toolbar.Amazon: [SBI $2674EF1E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxTBSSB
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
IronInstall.Toolbar.Amazon: [SBI $37D68B44] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxSSB.AlxTBSSB
IronInstall.Toolbar.Amazon: [SBI $ABD3706D] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy
IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
IronInstall.Toolbar.Amazon: [SBI $3146A941] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
IronInstall.Toolbar.Amazon: [SBI $3146A941] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy
IronInstall.Toolbar.Amazon: [SBI $2AFE5FD8] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
IronInstall.Toolbar.Amazon: [SBI $88601D34] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\AlxSSB.EXE
IronInstall.Toolbar.Amazon: [SBI $384F4A6A] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
IronInstall.Toolbar.Amazon: [SBI $0F322758] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
IronInstall.Toolbar.Amazon: [SBI $FCA3D079] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1B3843C0-3C67-418C-B795-0E6D07DE7A77}
IronInstall.Toolbar.Amazon: [SBI $B4B906BF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
IronInstall.Toolbar.Amazon: [SBI $1CE79BF6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
IronInstall.Toolbar.Amazon: [SBI $DEC64730] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
IronInstall.Toolbar.Amazon: [SBI $38FD0806] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
IronInstall.Toolbar.Amazon: [SBI $02C28952] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
IronInstall.Toolbar.Amazon: [SBI $590DCD79] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
IronInstall.Toolbar.Amazon: [SBI $195CCE1D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
IronInstall.Toolbar.Amazon: [SBI $1359A61E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
IronInstall.Toolbar.Amazon: [SBI $CFEBA5AF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
IronInstall.Toolbar.Amazon: [SBI $A7A01E60] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
IronInstall.Toolbar.Amazon: [SBI $06E274D6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
IronInstall.Toolbar.Amazon: [SBI $4F91D613] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
IronInstall.Toolbar.Amazon: [SBI $B50F966C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
IronInstall.Toolbar.Amazon: [SBI $778FFAF2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
IronInstall.Toolbar.Amazon: [SBI $CA0FD7EB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
IronInstall.Toolbar.Amazon: [SBI $CA9389AB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
IronInstall.Toolbar.Amazon: [SBI $3335348E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{FECA4FD3-F0F9-432E-9EA4-3EC4D4AA59D2}
IronInstall.Toolbar.Amazon: [SBI $F70F59AF] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
IronInstall.Toolbar.Amazon: [SBI $F5C49FED] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\AlexaToolbar/amzni-3.0
IronInstall.Toolbar.Amazon: [SBI $085238A3] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\AlexaToolbar/amzni-3.0
IronInstall.Toolbar.Amazon: [SBI $68EC21A9] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\AMZN
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.AlxHelper
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.AlxHelper.1
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.AlxHelper.1
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
IronInstall.Toolbar.Amazon: [SBI $F26A4882] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.AlxHelper
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.TBLayoutBHO
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.TBLayoutBHO.1
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba}
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.TBLayoutBHO.1
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba}
IronInstall.Toolbar.Amazon: [SBI $3F2B4E78] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.TBLayoutBHO
IronInstall.Toolbar.Amazon: [SBI $5F622A58] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba}
IronInstall.Toolbar.Amazon: [SBI $6036A973] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}
IronInstall.Toolbar.Amazon: [SBI $D4182598] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
IronInstall.Toolbar.Amazon: [SBI $1405BCA6] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
IronInstall.Toolbar.Amazon: [SBI $4F3AC01E] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
IronInstall.Toolbar.Amazon: [SBI $9A35B2C6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2DE3D9FB-CB10-4B04-953C-002AE31A0092}
IronInstall.Toolbar.Amazon: [SBI $8F1744FE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
IronInstall.Toolbar.Amazon: [SBI $8972524C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}
IronInstall.Toolbar.Amazon: [SBI $4AC6604A] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
IronInstall.Toolbar.Amazon: [SBI $B4077BFE] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Amazon Browser Bar
IronInstall.Toolbar.Amazon: [SBI $A8B6739E] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
IronInstall.Toolbar.Amazon: [SBI $A8B6739E] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
IronInstall.Toolbar.Amazon: [SBI $17BFF426] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Updater Service for AMZN
IronInstall.Toolbar.Amazon: [SBI $45B7A467] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Updater Service for AMZN
IronInstall.Toolbar.Amazon: [SBI $744F9458] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Updater Service for AMZN
IronInstall.Toolbar.Amazon: [SBI $72A935D0] Program directory (Directory, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Amazon Browser Bar\
IronInstall.Toolbar.Amazon: [SBI $672E554F] Data (File, nothing done)
C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Amazon Browser Bar\protect.xml
Properties.size=1099
Properties.md5=E5BE6B16588B86C2B339B9FA3A266F7F
Properties.filedate=1395283964
Properties.filedatetext=2014-03-20 03:52:43
IronInstall.Toolbar.Amazon: [SBI $E84D0066] Program directory (Directory, nothing done)
C:\Program Files\Amazon Browser Bar\
IronInstall.Toolbar.Amazon: [SBI $AD786C26] Library (File, nothing done)
C:\Program Files\Amazon Browser Bar\AlxSSBPS.dll
Properties.size=66256
Properties.md5=E59F5B8013950F62BEBB0B314E142ED5
Properties.filedate=1345059270
Properties.filedatetext=2012-08-15 20:34:30
IronInstall.Toolbar.Amazon: [SBI $BC5A8905] Library (File, nothing done)
C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Properties.size=2162272
Properties.md5=841F44C5EDCB38B1AAB6A2CB776827AA
Properties.filedate=1345059328
Properties.filedatetext=2012-08-15 20:35:28
IronInstall.Toolbar.Amazon: [SBI $CA1214D2] Executable (File, nothing done)
C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
Properties.size=114680
Properties.md5=62056BC8DD24D5E3C5C6BB0DF28E8AF4
Properties.filedate=1345059398
Properties.filedatetext=2012-08-15 20:36:38
IronInstall.Toolbar.Amazon: [SBI $60BD7610] Library (File, nothing done)
C:\Program Files\Amazon Browser Bar\AmazonBrowserBarSSB.3.0.dll
Properties.size=577072
Properties.md5=EA5F7FC8041B9653301092D1F9F7459B
Properties.filedate=1345059362
Properties.filedatetext=2012-08-15 20:36:02
IronInstall.Toolbar.Amazon: [SBI $63F62FA7] Data (File, nothing done)
C:\Program Files\Amazon Browser Bar\installer.xml
Properties.size=1716
Properties.md5=62FF7EBE656903C068E7BB83CEDED317
Properties.filedate=1387673658
Properties.filedatetext=2013-12-22 01:54:18
IronInstall.Toolbar.Amazon: [SBI $E9DE9B73] Executable (File, nothing done)
C:\Program Files\Amazon Browser Bar\search_protect.exe
Properties.size=673160
Properties.md5=05A32BA624BCC23CF797E4F8CA74B3F3
Properties.filedate=1386765416
Properties.filedatetext=2013-12-11 13:36:56
IronInstall.Toolbar.Amazon: [SBI $14939D4B] Executable (File, nothing done)
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
Properties.size=222368
Properties.md5=6E30C47050124B12D55ECF7F516F28E2
Properties.filedate=1337703688
Properties.filedatetext=2012-05-22 17:21:28
IronInstall.Toolbar.Amazon: [SBI $0512C67B] Configuration file (File, nothing done)
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.ini
Properties.size=35
Properties.md5=131A05A54733AB2E0DA5E4B8EF41A7AA
Properties.filedate=1397694625
Properties.filedatetext=2014-04-17 01:30:25
IronInstall.Toolbar.Amazon: [SBI $37673F91] Executable (File, nothing done)
C:\Program Files\Amazon Browser Bar\uninstall.exe
Properties.size=666002
Properties.md5=BD2D7846FD5B87F8F2792C0D69591038
Properties.filedate=1360282927
Properties.filedatetext=2013-02-08 01:22:06
I've attached the complete logs you require to be posted on here and need to continue the spybot logs in another post.
EdHunter
2014-04-19, 02:09
Continued...
Alexa: Interface (INavWnd) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Alexa: Interface (IAlxWebBrowser2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
DoubleClick: Tracking cookie (Internet Explorer: SARAH BROUGH) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: SARAH BROUGH) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Right Media: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2014-04-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-15 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-15 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-08 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-15 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
You still have some malware on your system, first go ahead and see if you can disable Microsoft Security Essentials and we can go from there
EdHunter
2014-04-19, 02:48
You still have some malware on your system, first go ahead and see if you can disable Microsoft Security Essentials and we can go from there
Disabled but made no difference, desktop icons apart from recycle are all rectangular and the task bar was frozen.
Lets do this, go to your Add Remove Programs in the Control Panel and uninstall Microsoft Security Essentials
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
EdHunter
2014-04-19, 03:30
The uninstall of MS security essentials has frozen (couldn't do it in safe mode), can you advise how to proceed?
EdHunter
2014-04-19, 03:33
The uninstall of MS security essentials has frozen (couldn't do it in safe mode), can you advise how to proceed?
Panic over, managed to restart process.
EdHunter
2014-04-19, 04:01
# AdwCleaner v3.024 - Report created 19/04/2014 at 01:41:59
# Updated 18/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : SARAH BROUGH - SARAH-IETMS0KJ2
# Running from : C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : CltMngSvc
[#] Service Deleted : Updater Service for AMZN
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Amazon Browser Bar
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Amazon Browser Bar
Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\SARAH BROUGH\Application Data\Viewpoint
File Deleted : C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.AlxHelper
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.AlxHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\Amazon Browser Bar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v21.0 (en-US)
[ File : C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8926 octets] - [19/04/2014 01:40:16]
AdwCleaner[S0].txt - [9073 octets] - [19/04/2014 01:41:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9133 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by SARAH BROUGH on 19/04/2014 at 1:49:43.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Documents and Settings\SARAH BROUGH\Application Data\mozilla\firefox\profiles\jv73zqex.default\extensions\staged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/04/2014 at 1:56:20.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Good, where you able to uninstall Microsoft Security Essentials ?
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Malwarebytes has been updated to a newer version. When you install it it will open to the Dashboard. Click on Update and let it update. Then click on the Scan link and run the Threat Scan and whatever it finds check the boxes and remove them
http://i24.photobucket.com/albums/c30/ken545/MBAM_zps65e8300e.jpg (http://s24.photobucket.com/user/ken545/media/MBAM_zps65e8300e.jpg.html)
EdHunter
2014-04-19, 19:33
Malwarebytes Anti-Malware log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 19/04/2014
Scan Time: 16:49:33
Logfile: mam.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.19.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: SARAH BROUGH
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273282
Time Elapsed: 31 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 28
PUP.Optional.PlurPush.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlurPush, Quarantined, [959e3cf0fa814cea50753a21ce33ab55],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\CLSID\{82249076-d5c8-431d-982b-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\CLSID\{82249076-D5C8-431D-982B-023779779587}\INPROCSERVER32, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
Adware.MyWaySearch, HKLM\SOFTWARE\MyWay, Quarantined, [35fe45e7116a092dbc201ff1877c7d83],
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\PlurPush, Quarantined, [6cc75fcd403bbf7761c65647ae5519e7],
Adware.Comet, HKLM\SOFTWARE\Screensavers.com, Quarantined, [6cc72b0187f4ba7c2b456aa7e81bd12f],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeShutdown, Quarantined, [c96aca627dfe3303fc32c723fd0516ea],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeShutdown.1, Quarantined, [43f0aa82bebddc5aac8201e99f63ab55],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeStartup, Quarantined, [280bea42b5c6989ec46af2f8c73b16ea],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.NetscapeStartup.1, Quarantined, [cf64ee3e1f5c023456d8579323df33cd],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.SettingsPlugin, Quarantined, [f43f2a025d1e75c1d955e307c63c1ae6],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\MyWayToolBar.SettingsPlugin.1, Quarantined, [23107daf1863171fe24c43a7e0229769],
Adware.MyWaySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\My Way Speedbar Uninstall, Quarantined, [8aa957d57ffcdf579864b05e2bd81de3],
PUP.Optional.PlurPush.A, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PlurPush, Quarantined, [d75cf03cb8c396a0a185524ba65d718f],
Adware.MyWaySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\TYPELIB\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKLM\SOFTWARE\CLASSES\INTERFACE\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Adware.MyWaySearch, HKU\S-1-5-21-527237240-1647877149-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}, Quarantined, [b97acb6189f29d99e0ee62c85fa502fe],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 47
PUP.Optional.PlurPush.A, C:\Program Files\PlurPush\updatePlurPush.exe, Quarantined, [959e3cf0fa814cea50753a21ce33ab55],
PUP.Optional.PlurPush.A, C:\Program Files\PlurPush\PlurPushBHO.dll, Quarantined, [e3509894b6c571c58e3685d69b66ea16],
PUP.Optional.OutBrowse, C:\Documents and Settings\SARAH BROUGH\My Documents\Downloads\flvplayer4free_setup.exe, Quarantined, [9d965bd1e59630068c632df038c8b34d],
PUP.Optional.Bandoo, C:\Documents and Settings\SARAH BROUGH\My Documents\Downloads\iLividSetup-r362-n-bc.exe, Quarantined, [46ed0e1e5b2063d34d4ef80c768b50b0],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\SPSetup.exe, Quarantined, [bd766fbdc9b2e15563d431e836cbfb05],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\SearchProtectINT.exe, Quarantined, [8ea58ca0d3a8ec4ade9532e5659c0bf5],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_ES.exe, Quarantined, [5dd6be6e6c0ffc3ad49f95a079888a76],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_FR.exe, Quarantined, [36fd5ad296e5a492f47fb38258a9768a],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_GB.exe, Quarantined, [d1620c20cfac5fd78ee5979eef12a957],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\Install_BubbleDock_IT.exe, Quarantined, [c46fa884b3c87abc4132ce67936ecc34],
PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\1_Offer_4.exe, Quarantined, [f93a1715abd0e35377fb29f3d3314bb5],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\1_Offer_5.exe, Quarantined, [a0938e9e403b63d312a1121b58a8cc34],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsz11A.exe, Quarantined, [d45fbd6f8dee68cea98e22f7a45de917],
PUP.Optional.OutBrowse, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\DownloadManager.exe, Quarantined, [023136f60a71fe38d41b1ffe946c39c7],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsb129.exe, Quarantined, [052e08240576e84e2d0ab96004fd659b],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl113.exe, Quarantined, [8da60d1f3447f046c7706cadf40d57a9],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsl128.exe, Quarantined, [979c70bc750647ef95a235e43dc423dd],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\AU\SPSetup.exe, Quarantined, [3102bc70c8b31422ea4d53c6de23738d],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsv101\SpSetup.exe, Quarantined, [42f19795bdbef14573c490898d74f010],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsx13B.tmp\Bubble Dock BSetup.exe, Quarantined, [0330d05ca3d8d85e9dd6d0656899de22],
PUP.FunMoods, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\is39941100\SearchYaLatest.exe, Quarantined, [c46fc4688fec4cea82c9644936ca9d63],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temp\nsg135.tmp\Bubble Dock BSetup.exe, Quarantined, [b2813bf19cdf70c61162f93c629f05fb],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsw2F.exe, Quarantined, [39fa9f8d5526fb3b5eea5cc87e83a25e],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsa36.exe, Quarantined, [b182a18bbcbf7eb88fb9ec38a160a858],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsc2B.exe, Quarantined, [a78c9993fc7fec4ab1971014c1400ff1],
PUP.Optional.Conduit.A, C:\WINDOWS\Temp\nsd18.exe, Quarantined, [052e2b015b204ee8da5d31e8926fe41c],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsf26.exe, Quarantined, [ef4489a3f6853afc64e4a4807c859868],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsk1E.exe, Quarantined, [999aaf7d85f6d363cd7bd351cb360ff1],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsl2E.exe, Quarantined, [f63de6463348fb3beb5d2cf8c33e4fb1],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nslF.exe, Quarantined, [c07383a92556a29411371014768bcb35],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsm39.exe, Quarantined, [b87be646205bea4cb098e93b956c639d],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsn12.exe, Quarantined, [1f146ebe5724a690b098859fc73a817f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nsq31.exe, Quarantined, [013250dc9fdc1521291f8c987f820df3],
PUP.Optional.SearchProtect.A, C:\WINDOWS\Temp\nst1D.exe, Quarantined, [47ecc369bdbe0b2b0246ef350af7e51b],
PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix-2[1], Quarantined, [67cc1319dd9e2610d3a6a86e15ecef11],
PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix-4[1], Quarantined, [7cb7ff2d6318d5615029e0366f924bb5],
PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITPDQEUX\distro-search-protect-fix[1], Quarantined, [c0736dbf017ac5715f1a9a7c6c95ee12],
PUP.Optional.Searchprotect, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RSK1UBF6\distro-search-protect-fix-3[1], Quarantined, [82b1e448f88382b417629c7a827fe020],
PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\OKZDS1SY\Setup[1].exe, Quarantined, [1e1543e9daa17bbbe0e40a51ca37c739],
PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\PlurPush_ob[1].exe, Quarantined, [8da6200c9cdf8caa4a288e8eaf558878],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\spstub[1].exe, Quarantined, [48ebd25a6516092d690aee2961a03dc3],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\YOP0BEKA\BubbleDockInstaller[1].exe, Quarantined, [37fc7dafd2a9bb7b852e42eb2cd49070],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\60251.Bubble_Dock.BBD023.no[1].exe, Quarantined, [e84b5ece6d0e330379fa51e47b863fc1],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\SearchProtectGeneric2[1].exe, Quarantined, [8ba835f7c9b21e18f4d95ddec9374cb4],
PUP.Optional.Conduit.A, C:\Documents and Settings\SARAH BROUGH\Local Settings\Temporary Internet Files\Content.IE5\4JRPIUBX\SPSetup[1].exe, Quarantined, [90a3919bd6a556e05cdb8b8ec83951af],
PUP.Optional.PlurPush.A, C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi, Quarantined, [b97a0a22bcbfa195eaa379fb3dc5ab55],
PUP.Optional.Bubbledock.A, C:\Documents and Settings\SARAH BROUGH\Application Data\Bubble Dock.boostrap.log, Quarantined, [59da1517f388d066187fafcfdd256b95],
Physical Sectors: 0
(No malicious items detected)
(end)
OTL logfile created on: 19/04/2014 17:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SARAH BROUGH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 496.85 Mb Available Physical Memory | 48.54% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.25 Gb Total Space | 4.16 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
Computer Name: SARAH-IETMS0KJ2 | User Name: SARAH BROUGH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\htpatch.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\htpatch.exe ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (s217unic) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (se44unic) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44nd5) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
DRV - (w800bus) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (alcan5wn) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (BsUDF) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (sisagp) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (BsStor) -- C:\WINDOWS\system32\drivers\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (Intels51) -- C:\WINDOWS\system32\drivers\Intels51.sys (Intel Corporation)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.btopenworld.com/searchpane
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{D3C57319-A8D9-4546-88DB-9EA0A424FFB8}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: simpleadblock%40wips.com:1.0.8
FF - prefs.js..extensions.enabledAddons: %7B552199fb-9890-4055-9aaf-b2f6d51d46e9%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 14:49:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/02/08 01:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Extensions
[2014/04/19 01:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions
[2013/02/08 01:40:37 | 000,644,177 | ---- | M] () (No name found) -- C:\Documents and Settings\SARAH BROUGH\Application Data\Mozilla\Firefox\Profiles\jv73zqex.default\extensions\simpleadblock@wips.com.xpi
[2013/05/17 01:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 01:49:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Google Update] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Google Update] C:\WINDOWS\System32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-1647877149-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5E95AD4-C025-4D79-8589-7E6E60E82AE2}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/11/01 11:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/19 16:55:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe
[2014/04/19 16:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/19 16:15:07 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/19 16:15:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/19 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/19 01:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/19 01:48:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\SARAH BROUGH\Desktop\JRT.exe
[2014/04/19 01:40:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/18 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2014/04/18 00:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014/04/18 00:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/18 00:51:00 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\SARAH BROUGH\Desktop\spybotsd162.exe
[2014/04/18 00:36:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\SARAH BROUGH\Desktop\aswMBR.exe
[2014/04/18 00:16:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\SARAH BROUGH\Desktop\dds.scr
[2014/04/17 01:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/04/07 03:46:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/04/07 03:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\Microsoft Corporation
[2014/04/07 03:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2014/03/29 01:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\WinZip
[2014/03/29 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2014/03/29 01:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/29 01:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/03/28 02:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\PlurPush
[2014/03/26 23:44:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/26 23:44:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp files -> C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/19 17:16:46 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1647877149-839522115-1004UA.job
[2014/04/19 16:55:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SARAH BROUGH\Desktop\OTL.exe
[2014/04/19 16:54:02 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/04/19 16:53:53 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 16:52:37 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 16:52:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/19 16:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/19 16:15:14 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/19 01:48:09 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\SARAH BROUGH\Desktop\JRT.exe
[2014/04/19 01:47:56 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/04/19 01:37:20 | 001,258,805 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
[2014/04/19 01:32:36 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/04/19 01:03:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/18 00:53:21 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/04/18 00:53:21 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\Spybot - Search & Destroy.lnk
[2014/04/18 00:51:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\SARAH BROUGH\Desktop\spybotsd162.exe
[2014/04/18 00:46:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\MBR.dat
[2014/04/18 00:36:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\SARAH BROUGH\Desktop\aswMBR.exe
[2014/04/18 00:34:55 | 000,005,464 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\My Documents\attach.zip
[2014/04/18 00:17:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\SARAH BROUGH\Desktop\dds.scr
[2014/04/17 01:55:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2014/04/17 01:30:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/16 02:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/15 23:55:52 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/15 23:47:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/04/15 18:16:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1647877149-839522115-1004Core.job
[2014/04/12 00:17:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 03:03:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 17:16:31 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 00:36:03 | 000,441,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/31 00:36:03 | 000,071,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/29 01:13:30 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2014/03/28 02:46:45 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp files -> C:\Documents and Settings\SARAH BROUGH\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/19 16:15:14 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/19 01:37:16 | 001,258,805 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\AdwCleaner.exe
[2014/04/18 00:53:21 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/04/18 00:53:21 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\Spybot - Search & Destroy.lnk
[2014/04/18 00:46:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Desktop\MBR.dat
[2014/04/18 00:34:55 | 000,005,464 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\My Documents\attach.zip
[2014/04/07 03:45:59 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2014/04/03 23:55:17 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/29 01:13:30 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2014/03/28 01:39:15 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/28 01:39:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/12/24 02:43:27 | 000,001,457 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\recently-used.xbel
[2007/10/07 14:56:21 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Application Data\dm.ini
[2007/05/02 18:39:45 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/11 20:04:43 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\fusioncache.dat
[2004/11/28 21:06:45 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\SARAH BROUGH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/04/13 11:26:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/06/26 09:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/11 03:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/07/19 17:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2004/01/09 19:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2011/11/20 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2008/03/14 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/10/12 19:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2014/03/29 01:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/02/22 16:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/12/30 20:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/08 14:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 12:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/28 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/05/09 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\AnvSoft
[2013/02/07 03:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Dropbox
[2012/03/11 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\DVDVideoSoft
[2006/09/02 19:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\EPSON
[2006/04/30 15:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Leadertech
[2009/07/19 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Sony
[2007/04/11 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SARAH BROUGH\Application Data\Teleca
========== Purity Check ==========
< End of report >
EdHunter
2014-04-19, 19:34
OTL Extras logfile created on: 19/04/2014 17:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SARAH BROUGH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 496.85 Mb Available Physical Memory | 48.54% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.25 Gb Total Space | 4.16 Gb Free Space | 7.27% Space Free | Partition Type: NTFS
Computer Name: SARAH-IETMS0KJ2 | User Name: SARAH BROUGH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{27F650A9-6FAB-41C8-8621-92FF0118B0C4}" = EPSON Easy Photo Print
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR240 User's Guide" = ESPR240 User's Guide
"GIMP-2_is1" = GIMP 2.8.8
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer Basic
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16/04/2014 21:35:06 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 16/04/2014 21:35:11 | Computer Name = SARAH-IETMS0KJ2 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 16/04/2014 21:36:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:14:26 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 18/04/2014 20:14:41 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:15:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 18/04/2014 20:15:24 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:26:14 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 18/04/2014 20:26:22 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.
Error - 18/04/2014 20:31:29 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 4.5.216.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 16/04/2014 21:35:06 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 16/04/2014 21:35:11 | Computer Name = SARAH-IETMS0KJ2 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 16/04/2014 21:36:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:14:26 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 18/04/2014 20:14:41 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:15:11 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.5.216.0, faulting module
mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Error - 18/04/2014 20:15:24 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Error | ID = 1001
Description = Fault bucket 192258987.
Error - 18/04/2014 20:26:14 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 18/04/2014 20:26:22 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.
Error - 18/04/2014 20:31:29 | Computer Name = SARAH-IETMS0KJ2 | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 4.5.216.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 18/04/2014 20:43:12 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 19/04/2014 11:08:33 | Computer Name = SARAH-IETMS0KJ2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm
Error - 19/04/2014 11:08:50 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 19/04/2014 11:50:13 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 19/04/2014 11:50:36 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 19/04/2014 11:50:49 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 19/04/2014 11:50:52 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 19/04/2014 11:51:09 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 19/04/2014 11:51:29 | Computer Name = SARAH-IETMS0KJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 19/04/2014 11:53:35 | Computer Name = SARAH-IETMS0KJ2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.
< End of report >
EdHunter
2014-04-19, 19:35
Forgot to add, yes I did manage to remove MS Security Essentials.
It looks like Microsoft Security Essentials is now just designed for Vista, Win 7 and 8
So try this free one from AVG. Not sure of your set up, sometimes your ISP will let you install antivirus for free, you may want to check, if none is available than try AVG
http://free.avg.com/us-en/homepage
Are you aware that Microsoft has dropped support for Windows XP, its was one of the better operating systems but has outlived is usefulness, it has now gone the way of Windows 95 and 98. It will still work but you wont get anymore windows updates that help keep the bad guys out. If you keep it I would refrain from doing any online banking or shopping using a credit card. When where done I can have you run a program to see if your system is upgradable to Windows 7
Just a few leftovers
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O3 - HKLM\..\Toolbar: (&SearchBar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKU\S-1-5-21-527237240-1647877149-839522115-1004\..\Toolbar\WebBrowser: (&SearchBar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
:Services
:Reg
:Files
C:\Program Files\MyWay
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
EdHunter
2014-04-19, 20:18
I'm aware of XP support having ended, I was getting MS popups daily telling me that. As for Windows 7, theoretically it can run it, however I'd need to transfer all my music onto a portable hard drive to make enough memory available for installation (ran microsoft's upgrade checker).
I will get on and run this code and get back to you.
Thats good, looks like your right on it. Windows 7 is wonderful, if you can upgrade to it that would be great. A clean install is better but an upgrade is cheaper, you may be able to find an OEM version of Win 7 Upgrade on ebay or Amazon. Make sure you install AVG, you dont want to be with out any protection
EdHunter
2014-04-19, 20:44
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-527237240-1647877149-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\MyWay\myBar\Settings folder moved successfully.
C:\Program Files\MyWay\myBar\History folder moved successfully.
C:\Program Files\MyWay\myBar\Cache folder moved successfully.
C:\Program Files\MyWay\myBar\1.bin folder moved successfully.
C:\Program Files\MyWay\myBar folder moved successfully.
C:\Program Files\MyWay folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SARAH BROUGH\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SARAH BROUGH\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: SARAH BROUGH
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6788761 bytes
->Flash cache emptied: 16307 bytes
User: NetworkService
->Temp folder emptied: 4736856 bytes
->Temporary Internet Files folder emptied: 669189 bytes
User: SARAH BROUGH
->Temp folder emptied: 1649845183 bytes
->Temporary Internet Files folder emptied: 2069279022 bytes
->FireFox cache emptied: 112600548 bytes
->Google Chrome cache emptied: 240785115 bytes
->Flash cache emptied: 2015374 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 287774410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1144490469 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 18072235 bytes
RecycleBin emptied: 100422 bytes
Total Files Cleaned = 5,282.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04192014_181927
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malwarebytes and Spybot are not letting me download AVG.
Malwarebytes is the free version and does not offer any protection, not sure why its blocking it. You can to into Spybot and disable the teatimer
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Another option would be to download AVG from a known clean computer and transfer it by disk ( CD or USB Drive ) to this one and then run the setup
EdHunter
2014-04-19, 21:38
My bad, caught out by the wrong green box, the one I clicked was a registry cleaner, now downloading AVG.
EdHunter
2014-04-20, 01:39
Do I need anything else? If not, what can be deleted from my computer that I've downloaded during the course of this fix (for which I most sincerely thank you:crowned: !)
Glad all is ok, if you need help upgrading to Win 7 please let me know and I can link you to a windows site that we work closely with for help.
Removing/Uninstalling AdwCleaner:
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken