[Solved] Where have my missing GBs gone?

janec · October 27, 2011

Hi, firstly apologies if this isn't posted in the correct forum and it's something that's been asked a million times before.

I have an old Advent laptop using XP.

It started off with 40GBB HDD but for the past year or so the Local Disk C has been showing total size 32GB with about 8 free. I assumed it was all the photos and documents I had stored that was clogging it up so I bought an external hard drive and have stored all my docs and photos on there. By using Wise disk cleaner regularly we've got along OK. I only use the laptop to play, go shopping and send e-mails.

Over the last couple of weeks the free space has slowly gone and is now down to 2.66GB. The disk cleaner has made no difference. I can't do a defragmentation as there isn't enough free space to do it.

Can anyone explain in very very simple language if there is anything I can do? I realise the laptop is very old and out of date but I cannot afford a new one.

Many thanks

Jane

KenB · October 27, 2011

Hi Jane and welcome to ExTS

Download MBAM from here:

http://www.malwarebytes.org/

Click on Products ( you want the free version )

Install > Update > Run

It will produce a log.

Copy this and paste it here please.

janec · October 27, 2011

Hi, thanks for the quick response and the welcome.

I ran the scan and it produced the following:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 142

Registry Values Infected: 12

Registry Data Items Infected: 2

Folders Infected: 22

Files Infected: 156

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:

c:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.

c:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.

c:\program files\funwebproducts\screensaver\Images\3E83D10D.urr (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\funbuddyiconbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\mailstampbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\mysignatureinsertbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\mysignaturepreviewbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\mystationerybtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00097A93 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\0022484E.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00224A42.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00224BA9.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00224CE2.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\003312B5.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00331499.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00372ADD.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00373925.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00373AAC (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00A54572.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00A54728.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00A548DD.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\00A54A06.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\0390B4A6 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\3E6D7CEC.bmp (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\5BE24BD3.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\921ABCC4 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\B961E08D.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\B961E1C6.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\B961E243.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\B961E2B0.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\DD308D02.bmp (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\DD308DFC.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\DD308E79 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.

Many thanks & regards

Jane

(Sorry, I had to save it as a text file, it wouldn't let me copy from the scan).

KenB · October 28, 2011

Hi Jane,

I will ask one of our Security experts to advise further.

It looks like there may be a little bit of work to do.

janec · October 28, 2011

Hi,

Thanks very much, much appreciated.

Kind regards

Jane

KenB · October 28, 2011

Please be patient - they are very busy ....but they will get to you :)

etavares · October 28, 2011

Hello, janec.

My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first. There's no harm in asking questions!

Step 1

We need to create an OTL report,

Please download OTL from this link.
(If that link doesn't work, try this alternate link
Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
Click the "Scan All Users" checkbox.
Select "Use Safelist" under "Extra Registry"
Under the Custom Scan box paste this in:

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.sys /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button.
The scan should take a few minutes.
Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

Step 2

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

Step 3

Please run MBAM again.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Click the Update tab, then click Check for Updates and install any it finds.
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

janec · October 28, 2011

Hello etavares,

OTL log no. 1:

OTL logfile created on: 28/10/2011 13:20:34 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jane Cureton\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.36 Mb Total Physical Memory | 164.87 Mb Available Physical Memory | 18.41% Memory free

2.12 Gb Paging File | 1.53 Gb Available in Paging File | 72.14% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.50 Gb Total Space | 2.34 Gb Free Space | 7.19% Space Free | Partition Type: NTFS

Computer Name: JCMOSAICS | User Name: Jane Cureton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:16:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.exe

PRC - [2010/11/01 18:13:35 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

PRC - [2009/02/09 22:26:23 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

PRC - [2008/08/26 23:34:08 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/18 19:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

PRC - [2008/02/10 01:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2008/02/10 01:06:27 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

PRC - [2008/02/10 01:06:15 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

PRC - [2006/06/07 13:46:31 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2005/08/17 11:39:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2004/12/28 15:10:54 | 000,532,480 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

PRC - [2004/03/01 00:27:40 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

PRC - [2003/07/11 20:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe

PRC - [1998/12/17 06:09:20 | 000,057,393 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

========== Modules (No Company Name) ==========

MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2008/08/26 23:34:08 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

MOD - [2008/08/26 23:34:08 | 000,357,768 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll

MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/03/25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

MOD - [2008/02/10 00:51:58 | 000,169,304 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010/11/01 18:13:36 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)

SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)

SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/08/26 23:34:08 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/02/18 19:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2008/02/10 01:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/22 09:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111026.025\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111026.025\NAVENG.SYS -- (NAVENG)

DRV - [2011/10/17 23:22:25 | 000,268,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20111017.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2011/07/28 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)

DRV - [2011/07/28 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2009/01/26 07:03:42 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2008/02/01 02:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/02/01 02:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/02/01 02:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007/08/09 01:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2005/08/19 10:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/07/13 15:37:16 | 001,269,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/07/01 08:58:58 | 001,094,814 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/04/27 10:40:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/12/15 20:12:04 | 000,218,368 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)

DRV - [2004/08/04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/04/03 06:35:08 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2004/04/03 06:32:20 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [1995/11/07 10:57:00 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin [2010/11/01 18:13:46 | 000,000,000 | ---D | M]

[2011/07/30 00:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane Cureton\Application Data\Mozilla\Firefox\Profiles\077fyhc8.default\extensions

[2011/10/14 22:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2007/02/20 16:15:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)

O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [\\HARE-GORP3PSMHP\EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P41 "\\HARE-GORP3PSMHP\EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" File not found

O4 - HKLM..\Run: [CardReaderReset] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\Reset.exe ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" File not found

O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)

O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)

O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found

O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe (Ralink Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000349&p=ZNxmk999YYGB&si=&a=hjmFQK9KcDy93s.Diy5Wiw&n=2006051618 File not found

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab (Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/chainz_2/mjolauncher.cab (MJLauncherCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986 (Java Plug-in 1.6.0_12)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://sympatico.zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36A7A38-96C7-4290-A25B-E6073651D588}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/16 20:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun\command - "" = D:\winshell110.exe

O33 - MountPoints2\Z\Shell - "" = AutoRun

O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 13:15:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.exe

[2011/10/27 22:50:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/10/27 22:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane Cureton\Application Data\Malwarebytes

[2011/10/27 22:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/27 22:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/10/27 22:46:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/10/27 22:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/10/14 22:47:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2005/09/16 22:54:14 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/28 13:16:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.exe

[2011/10/28 13:13:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/27 22:50:15 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/10/27 22:47:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/27 22:13:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/15 12:31:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/10/15 12:31:17 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/14 23:05:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/10/14 23:01:03 | 000,313,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/10/14 22:51:41 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/10/14 22:51:41 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/10/14 22:48:00 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/10/02 18:57:16 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 22:47:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/13 18:40:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/08/26 22:52:14 | 000,022,403 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2008/03/11 18:26:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/03/11 18:26:45 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2008/03/11 18:26:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2008/03/11 18:26:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2008/03/11 18:26:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2008/03/11 18:26:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2008/03/11 18:26:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2008/03/11 18:26:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2008/03/11 18:26:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2008/03/11 18:26:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2008/03/11 18:26:45 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2008/03/11 18:26:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2008/03/11 18:26:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2008/03/11 18:26:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2008/03/11 18:26:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2008/03/11 18:26:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2008/03/11 18:26:45 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2008/03/11 18:26:45 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2008/03/11 18:26:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2008/03/11 18:19:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini

[2007/06/08 23:30:22 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2007/06/08 23:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2007/01/01 14:54:24 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT

[2007/01/01 14:29:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESC86PEEuro.ini

[2006/12/27 15:30:52 | 000,002,887 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/09/03 16:41:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/07/18 20:02:41 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2006/07/18 20:02:37 | 000,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI

[2006/07/01 11:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI

[2006/06/05 17:26:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006/05/20 15:02:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe

[2006/05/20 15:01:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini

[2006/05/17 11:47:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\fusioncache.dat

[2006/05/15 16:47:47 | 000,000,797 | ---- | C] () -- C:\WINDOWS\SGREP32.INI

[2006/05/15 16:42:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll

[2006/05/15 16:42:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll

[2006/05/15 15:43:44 | 000,000,083 | ---- | C] () -- C:\WINDOWS\REPENG.INI

[2006/05/15 15:14:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin

[2006/05/15 14:41:45 | 000,019,932 | ---- | C] () -- C:\WINDOWS\SAGE.INI

[2006/05/14 22:33:06 | 000,001,006 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/05/14 20:41:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Application Data\wklnhst.dat

[2006/03/27 15:39:39 | 000,000,516 | ---- | C] () -- C:\WINDOWS\dialer.ini

[2006/02/28 06:07:15 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll

[2006/02/28 06:05:53 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2006/02/28 06:05:53 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll

[2006/02/28 05:41:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2006/02/28 05:41:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2006/02/28 05:41:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2006/02/28 05:41:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2006/02/28 05:41:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2006/02/28 05:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2006/02/27 22:13:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT

[2006/02/27 21:35:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/27 21:35:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/27 21:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/27 21:34:57 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/27 21:34:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/27 21:34:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/02/27 21:33:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/27 21:33:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/27 21:32:28 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/27 21:30:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/02/27 14:16:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe

[2006/02/27 14:16:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\installrt2500qa.dll

[2006/02/27 14:16:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe

[2006/02/27 14:05:44 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2006/02/27 13:41:44 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/02/27 13:41:44 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2006/02/27 13:39:05 | 000,095,617 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2006/01/24 13:37:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe

[2006/01/24 13:36:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll

[2006/01/24 13:36:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll

[2006/01/24 13:36:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL

[2006/01/24 13:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL

[2006/01/24 13:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL

[2006/01/24 13:36:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll

[2006/01/24 13:35:58 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL

[2006/01/24 13:35:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL

[2006/01/24 13:35:38 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL

[2006/01/24 13:35:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL

[2006/01/24 13:35:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL

[2006/01/24 13:35:30 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL

[2006/01/24 13:35:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL

[2006/01/24 13:35:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL

[2006/01/24 13:35:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll

[2006/01/24 13:35:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll

[2006/01/24 13:34:58 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll

[2006/01/24 13:34:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL

[2006/01/24 13:33:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll

[2006/01/13 11:43:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll

[2005/11/30 13:49:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE

[2005/11/30 13:49:30 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL

[2005/11/30 13:49:20 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL

[2005/09/19 17:54:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/09/16 20:47:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/09/16 20:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/09/16 20:28:26 | 000,001,452 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/09/16 20:27:13 | 000,443,248 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/09/16 20:27:13 | 000,072,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/09/16 13:35:23 | 000,005,997 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/09/16 13:34:32 | 000,313,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/09/02 00:39:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/09/02 00:39:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/09/02 00:39:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/07/11 14:33:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll

[2004/06/09 11:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe

[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv

[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/09/27 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2008/07/11 15:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2010/09/05 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2006/09/04 13:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2006/05/14 22:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2007/12/08 19:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/03/11 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2009/09/01 22:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2008/03/24 18:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\EPSON

[2007/06/24 13:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\InterVideo

[2006/05/22 19:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\Nikon

[2005/09/16 23:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\SampleView

[2006/05/14 22:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/07/30 23:30:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt

[2005/09/16 20:44:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/02/28 07:20:58 | 000,000,032 | ---- | M] () -- C:\BIOSINFO.INI

[2006/02/28 07:20:58 | 000,000,091 | ---- | M] () -- C:\BIOSVIEW.INI

[2006/05/14 20:06:17 | 000,000,209 | RHS- | M] () -- C:\boot.ini

[2005/09/16 20:44:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/10/15 12:31:17 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/27 22:22:37 | 000,002,096 | ---- | M] () -- C:\InstallHelper.log

[2005/09/16 20:44:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005/09/19 17:39:15 | 000,000,021 | ---- | M] () -- C:\LOCAL

[2005/09/19 17:39:15 | 000,000,021 | ---- | M] () -- C:\MINI

[2005/09/16 20:44:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/10 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2011/02/01 21:28:38 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/10/15 12:31:15 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

[2011/09/06 14:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

[2005/09/16 13:33:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2005/09/16 13:33:51 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2005/09/16 13:33:50 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 12:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E17801

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A266313

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65

< End of report >

janec · October 28, 2011

OTL Log no 2:

OTL Extras logfile created on: 28/10/2011 13:20:34 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jane Cureton\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.36 Mb Total Physical Memory | 164.87 Mb Available Physical Memory | 18.41% Memory free

2.12 Gb Paging File | 1.53 Gb Available in Paging File | 72.14% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.50 Gb Total Space | 2.34 Gb Free Space | 7.19% Space Free | Partition Type: NTFS

Computer Name: JCMOSAICS | User Name: Jane Cureton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CABB679-3958-44AA-BFFF-4E68A2684255}" = ArcSoft Panorama Maker 3.0

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12

"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security

"{3DB6BE63-3919-4B74-9EAF-884ED7BE901A}" = SymNet

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Bonus

"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}" = CC_ccProxyExt

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA66A0D-E610-40B8-9D51-C1854285773A}" = RT2500 Wireless LAN Card

"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6

"{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}" = ccPxyCore

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker

"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MSN Music Mediabar

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip

"{D4BB907A-623E-4F07-8787-041ABAE088E4}" = Norton AntiVirus Help

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DC24971E-1946-445D-8A82-CE685433FA7D}" =

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{E8176C35-0C2D-4142-9ED4-81861ECAB403}" = CIB

"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb

"{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2157D

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Corel Applications" = Corel Applications

"ESC86 Reference Guide" = ESC86 Reference Guide

"ESC86 Software Guide" = ESC86 Software Guide

"ie8" = Windows Internet Explorer 8

"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3

"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MyWebSearch bar Uninstall" = My Web Search (Smiley Central)

"OcaHistoryUpd" = OCA Client history tool install

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer

"Sage Instant Accounting 6.0" = Sage Instant Accounting 6.0

"SM1FX_AT" = USB Storage Adapter FX (SM1)

"SymSetup.{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Norton Add-on Pack (Symantec Corporation)

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

janec · October 28, 2011

aswMBR log

Run date: 2011-10-28 14:04:22

-----------------------------

14:04:22.984 OS Version: Windows 5.1.2600 Service Pack 3

14:04:22.984 Number of processors: 1 586 0x2C02

14:04:22.984 ComputerName: JCMOSAICS UserName:

14:04:27.593 Initialize success

14:04:54.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

14:04:54.203 Disk 0 Vendor: ST9402112A 3.06 Size: 38154MB BusType: 3

14:04:56.265 Disk 0 MBR read successfully

14:04:56.265 Disk 0 MBR scan

14:04:56.265 Disk 0 unknown MBR code

14:04:56.296 Disk 0 scanning sectors +78124095

14:04:56.453 Disk 0 scanning C:\WINDOWS\system32\drivers

14:05:40.734 Service scanning

14:05:44.187 Modules scanning

14:06:58.593 Disk 0 trace - called modules:

14:06:58.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

14:06:58.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8553dab8]

14:06:58.625 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\00000098[0x855759e8]

14:06:58.625 5 ACPI.sys[f7433620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85575d98]

14:06:59.156 Scan finished successfully

14:07:27.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jane Cureton\Desktop\MBR.dat"

14:07:27.890 The log file has been saved successfully to "C:\Documents and Settings\Jane Cureton\Desktop\aswMBR.txt"

janec · October 28, 2011

and finally the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8034

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

28/10/2011 14:56:29

mbam-log-2011-10-28 (14-56-29).txt

Scan type: Quick scan

Objects scanned: 195660

Time elapsed: 40 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 142

Registry Values Infected: 12

Registry Data Items Infected: 2

Folders Infected: 22

Files Infected: 156

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

c:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.

c:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

c:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

c:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Delete on reboot.

c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

c:\program files\funwebproducts\screensaver\Images\3E83D10D.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\funbuddyiconbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\mailstampbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\mysignatureinsertbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\mysignaturepreviewbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\mystationerybtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00097A93 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0022484E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00224A42.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00224BA9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00224CE2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\003312B5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00331499.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00372ADD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00373925.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00373AAC (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00A54572.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00A54728.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00A548DD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\00A54A06.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\0390B4A6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\3E6D7CEC.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\5BE24BD3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\921ABCC4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\B961E08D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\B961E1C6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\B961E243.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\B961E2B0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\DD308D02.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\DD308DFC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\DD308E79 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

As you predicted MBAM did reboot the computer.

Kind regards

Jane

etavares · October 28, 2011

Hello, janec.

Besides the disappearing hard drive space, have you noticed any other odd behavior?

Install ERUNT

This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Please download erunt-setup.exe to your desktop.
Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:

http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script

Please download OTL from one of the following mirrors if you do not still have it.
- This is first Mirror
- This is the second mirror

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [\\HARE-GORP3PSMHP\EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R 2.EXE /P41 "\\HARE-GORP3PSMHP\EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" File not found
O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...w&n=2006051618 File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=0
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
:Commands
[EmptyTemp]

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

Step 2

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
[*]Accept any security warnings from your browser.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*]Push the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
[*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

etavares

janec · October 30, 2011

Hello etavares,

I have not noticed anything strange on my PC apart from it slowing down and if I have too many things happening at once, in particular three or more internet tabs open it sometimes freezes up and has a sulk for a minute or two.

I installed ERUNT.

OTL after run/fix:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\\\HARE-GORP3PSMHP\EPSON Stylus C86 Series deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.

Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|0 /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41 bytes

User: Jane Cureton

->Temp folder emptied: 7820431 bytes

->Temporary Internet Files folder emptied: 252600376 bytes

->Java cache emptied: 122496049 bytes

->FireFox cache emptied: 10569577 bytes

->Google Chrome cache emptied: 34472366 bytes

->Flash cache emptied: 1892 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 710221 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 525 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 237710553 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 636.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_180718

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF133H80\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251491826009;dcopt=i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\keywords;kw=display+shelves;cat=12576;cat=11890;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;t[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[2].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[2].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\myebaymymessages;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251495662707;dcop[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251493273932;dcopt=i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\UYN3DS7B\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=128[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\TTSI3RXL\myebaysummary;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=728x90;or[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\TTSI3RXL\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=128[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\RVDZZTG4\251621884&ga_sid=1251621884&ga_hid=1359242306&ga_fc=0&u_tz=60&u_his=6&u_java=1&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1250&bih=567&fu=0&ifi=2&dtd=63 not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\RVDZZTG4\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\keywords;kw=bath+bombs;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=26395;items=2250;sz=7[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\keywords;kw=display+shelves;cat=12576;cat=11890;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;t[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\keywords;kw=pepper+mill;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;tc[3].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[2].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[3].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=138[2].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\QX1U3AD8\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=138[4].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9FKL872\251659453&ga_sid=1251659453&ga_hid=1884593084&ga_fc=0&u_tz=60&u_his=0&u_java=1&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1259&bih=613&fu=0&ifi=1&dtd=78 not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9FKL872\checkout_521_RTM;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=300x250;ord=1251495390588;dco[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9FKL872\keywords;kw=display+stand;cat=12576;cat=11890;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9FKL872\keywords;kw=hooks;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;tcat=382[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9FKL872\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\51621884&ga_sid=1251621884&ga_hid=1359242306&ga_fc=0&u_tz=60&u_his=6&u_java=1&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1250&bih=567&fu=0&ifi=3&dtd=172 not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\keywords;kw=lap+trays;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=400;sz=160[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\keywords;kw=new+cute+baby+farm+animals;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=220;i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\keywords;kw=pot+pourri;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=1775;sz=1[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\ONLJYYBL\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=128[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRODR4QB\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[3].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRODR4QB\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[4].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRODR4QB\keywords;kw=small+gift+box;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=485;s[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRODR4QB\myebayallfavorites;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=728x[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\checkout_521_RTM;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=300x250;ord=1251586434845;dco[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\keywords;kw=metal+display+shelves;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11890;item[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\keywords;kw=new+cute+baby+farm+animals;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=220;i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\keywords;kw=pot+pourri;cat=40005;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=31605;items[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LNAOOKX9\myebayallfavorites;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=728x[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LLXQ7N1Y\aHR0cDovL3d3dy5jMnNob3AuY28udWsvYXNzZXRzL3NjcmlwdHMvaW1nc2l6ZS5waHA@aD0yNTAmdz0yNTAmY29uc3RyYWluPTEmaW1nPS4uLy4uL2Fzc2V0cy9wcm9kdWN0aW1hZ2VzL3dvbWVuX3Nob3J0cy5naWY===[1].jpg not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LLXQ7N1Y\keywords;kw=display+shelves;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=327;[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\LLXQ7N1Y\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\;sz=300x60;tile=6;sect=Product;server=prod;status=internal;toplevelcategory=home_and_garden;stor[1].com;cat=home;subcat=home_improvement_design;site=kaboodle;ord=1246918501283; not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\keywords;kw=lap+trays;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=400;sz=728[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[2].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L4W7XPKT\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=160x600;ord=1251493237490;tile=2[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\;mv=1;ms=b;mc=3;mc=4;mc=5;mc=6;mc=7;mc=8;mc=9;ma=g2;ma=g3;ma=g4;ma=g5;ma=g6;ma=h2;ma=h3;ma=h4;ma=h5;ma=h6;ma=h7;ma=a4;ma=c;ma=d;pt=1;px=180000;hb=3;lx=GB;ai=15022;oc=IP3[1] not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\;sz=336x280;tile=2;sect=Product;server=prod;status=internal;toplevelcategory=home_and_garden;sto[1].com;cat=home;subcat=home_improvement_design;site=kaboodle;ord=1246918501283; not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\keywords;kw=display+stand;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=281;items=2243;sz=[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\myebayallfavorites;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=160x[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\myebayallfavorites;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=728x[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\L0S3D5KX\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251492959295;dcopt=i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\HO43X1OP\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\HO43X1OP\keywords;kw=new+cute+baby+farm+animals+lrg+melamine+tray+sturd;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRe[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\;sz=728x90;tile=1;sect=Product;dcopt=ist;server=prod;status=internal;toplevelcategory=home_and_g[1].com;cat=home;subcat=home_improvement_design;site=kaboodle;ord=1246918501283; not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\keywords;kw=hooks;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;tcat=382[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\keywords;kw=lap+trays;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=400;sz=160[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\keywords;kw=new+cute+baby+farm+animals+lrg+melamine+tray+sturd;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRe[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\H7JJ9T0Y\keywords;kw=tray+new+cute+baby+farm+animals;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\keywords;kw=pamper+cafe;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=26395;items=116;sz=1[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\keywords;kw=shelving+unit;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=608;sz[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaymymessages;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251495641820;dcop[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=160x600;o[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Google100Mod0to99;seg=GL_GenderMale30to49;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;sz=728x90;or[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=160x600;ord=1251492412263;tile=2[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=160x600;ord=1251493532420;tile=2[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251492412263;dcopt=i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\F9XNUA61\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=728x90;ord=1251493112884;dcopt=i[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXTP9L3Z\51621884&ga_sid=1251621884&ga_hid=1359242306&ga_fc=0&u_tz=60&u_his=6&u_java=1&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1250&bih=567&fu=0&ifi=1&dtd=125 not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXTP9L3Z\keywords;kw=cake+boxes+small;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=5;s[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXTP9L3Z\keywords;kw=pot+pourri;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=1775;sz=7[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CRJNE011\keywords;kw=lap+trays;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=400;sz=728[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBR7MC55\;mv=1;ms=b;mc=3;mc=4;mc=5;mc=6;mc=7;mc=8;mc=9;ma=g2;ma=g3;ma=g4;ma=g5;ma=g6;ma=h2;ma=h3;ma=h4;ma=h5;ma=h6;ma=h7;ma=a4;ma=c;ma=d;pt=1;px=190000;hb=2;lx=GB;ai=13886;oc=IP2[1] not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBR7MC55\keywords;kw=lap+trays;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=20[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBR7MC55\keywords;kw=pamper+cafe;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=26395;items=116;sz=1[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\AHF8PWJA\;mv=1;ms=b;mc=3;mc=4;mc=5;mc=6;mc=7;mc=8;mc=9;ma=g2;ma=g3;ma=g4;ma=g5;ma=g6;ma=h2;ma=h3;ma=h4;ma=h5;ma=h6;ma=h7;ma=a4;ma=c;ma=d;pt=1;px=190000;hb=2;lx=GB;ai=13886;oc=IP2[1] not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\AHF8PWJA\sid=1251659453&ga_hid=1701606863&ga_fc=1&u_tz=60&u_his=0&u_java=1&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_nplug=0&u_nmime=0&biw=1259&bih=613&eid=36815003&fu=0&ifi=1&dtd=47 not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\dcp;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=300x250;ord=1251480363237;dcopt=ist;tile=1[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\keywords;kw=bath+bombs;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=26395;items=2250;sz=1[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\keywords;kw=cake+boxes+small;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=5;s[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\keywords;kw=melamine+tray;cat=11700;cat=20625;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tca[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\keywords;kw=small+gift+box;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=11700;items=485;s[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\myebaysummary;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;sz=160x600;ord=1251493273932;tile=2[1].htm not found!

File\Folder C:\Documents and Settings\Jane Cureton\Local Settings\Temp\Temporary Internet Files\Content.IE5\5NIQJVGU\storage;cat=11700;cat=43502;seg=GL_Sellers_Listed_within12mont;seg=GL_Buyers_GMB_0to50_last90days;seg=GL_AllSucSell_Mar05;seg=GL_AllRegisteredUsers;tcat=122954;items=138[3].htm not found!

C:\Documents and Settings\Jane Cureton\Local Settings\Temporary Internet Files\Content.IE5\RLZVBA1O\sed[1].htm moved successfully.

C:\Documents and Settings\Jane Cureton\Local Settings\Temporary Internet Files\Content.IE5\M2QH11HN\si[1].htm moved successfully.

C:\Documents and Settings\Jane Cureton\Local Settings\Temporary Internet Files\Content.IE5\KY34WYIH\ads[2].htm moved successfully.

C:\Documents and Settings\Jane Cureton\Local Settings\Temporary Internet Files\Content.IE5\HJOXS2C0\12546-Where-have-my-missing-GBs-gone[1].txt moved successfully.

C:\Documents and Settings\Jane Cureton\Local Settings\Temporary Internet Files\Content.IE5\FDOEUAHR\ads[2].htm moved successfully.

File\Folder C:\WINDOWS\temp\JETC92C.tmp not found!

Registry entries deleted on Reboot...

janec · October 30, 2011

OTL after RUN SCAN

OTL logfile created on: 30/10/2011 18:36:24 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jane Cureton\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.36 Mb Total Physical Memory | 327.88 Mb Available Physical Memory | 36.62% Memory free

2.12 Gb Paging File | 1.69 Gb Available in Paging File | 79.64% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.50 Gb Total Space | 3.56 Gb Free Space | 10.95% Space Free | Partition Type: NTFS

Computer Name: JCMOSAICS | User Name: Jane Cureton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 12:16:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.exe

PRC - [2009/02/09 21:26:23 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/18 18:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

PRC - [2008/02/10 00:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2006/06/07 12:46:31 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2005/08/17 10:39:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2004/12/28 14:10:54 | 000,532,480 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

PRC - [2004/02/29 23:27:40 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

PRC - [2003/07/11 19:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/03/25 04:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/08/26 22:34:08 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/02/18 18:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2008/02/10 00:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111027.022\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111027.022\NAVENG.SYS -- (NAVENG)

DRV - [2011/10/17 22:22:25 | 000,268,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20111017.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2011/07/28 08:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)

DRV - [2011/07/28 08:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2009/01/26 06:03:42 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2008/02/01 01:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2008/02/01 01:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2008/02/01 01:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007/08/09 00:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2005/08/19 09:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/07/13 14:37:16 | 001,269,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/07/01 07:58:58 | 001,094,814 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/04/27 09:40:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/12/15 19:12:04 | 000,218,368 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)

DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/04/03 05:35:08 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2004/04/03 05:32:20 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)

DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [1995/11/07 09:57:00 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk

IE - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

[2011/07/29 23:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane Cureton\Application Data\Mozilla\Firefox\Profiles\077fyhc8.default\extensions

[2011/10/14 21:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2007/02/20 15:15:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

O1 HOSTS File: ([2004/08/10 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1750105772-1827593217-929180627-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)