[makihara]

Hi there,

got spyware on my PC that was preventing me from getting on the internet. everytime i opened up firefox it tried to dial up. Opened network connections and found that there was an extra icon there for dial up now set as the default connection.

couldnt get on the internet at all cos Norton AV was blocking the dial up. Shut down norton and i connected through the dial up.

I set up spyware blaster, done a sweep with S&D and unisnatalled Norton in favour of AVG.

here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:07, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...chlft.html?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57040AB8-0EF4-488B-A892-C18FFBD50BF8}: NameServer = 80.225.248.50 80.225.248.58
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8378 bytes


cheers,
james

Edited by makihara, 18 September 2009 - 08:27 AM.

[Advertisements]

Hi James,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Step #1

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Step #2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Step #3

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  
  • Zip Mirrors (Recommended)
    
    • Primary Mirror
    • [url="http://<a%20href="http://rootrepeal.googlepages.com/RootRepeal.zip"%20target="_blank">http://rootrepeal.go...tRepeal.zip</a>"]Secondary Mirror[/url]
    • Secondary Mirror
  • Rar Mirrors - Only if you know what a RAR is and can extract it.
    
    • Primary Mirror
    • Secondary Mirror
    • Secondary Mirror
• Extract RootRepeal.exe from the archive.
• Open on your desktop.
• Click the tab.
• Click the button.
• Check all seven boxes:
• Push Ok
• Check the box for your main system drive (Usually C:), and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

[SpySentinel]

Hi James,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Step #1

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Step #2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Step #3

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  
  • Zip Mirrors (Recommended)
    
    • Primary Mirror
    • [url="http://<a%20href="http://rootrepeal.googlepages.com/RootRepeal.zip"%20target="_blank">http://rootrepeal.go...tRepeal.zip</a>"]Secondary Mirror[/url]
    • Secondary Mirror
  • Rar Mirrors - Only if you know what a RAR is and can extract it.
    
    • Primary Mirror
    • Secondary Mirror
    • Secondary Mirror
• Extract RootRepeal.exe from the archive.
• Open on your desktop.
• Click the tab.
• Click the button.
• Check all seven boxes:
• Push Ok
• Check the box for your main system drive (Usually C:), and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

[makihara]

HI, I did everything you said

Below are all the logs, in order of how you wrote about them.

Hope that’s all ok

thanks very much for all your help

James



OTL logfile created on: 19/09/2009 16:36:40 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.98 Mb Total Physical Memory | 454.61 Mb Available Physical Memory | 44.48% Memory free
1.91 Gb Paging File | 1.28 Gb Available in Paging File | 66.91% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.12 Gb Total Space | 100.17 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARBER
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
PRC - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe (TLC Education Properties LLC)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - c:\program files\common files\installshield\updateservice\isuspm.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla)
PRC - C:\Documents and Settings\Andrew\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MyWebSearchService [Auto | Stopped]) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (MyWebSearch.com)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADILOADER [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\adildr.sys (Analog Deivces)
DRV - (adiusbaw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys (Analog Devices Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCMerced [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVCM.sys ()
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (s0016bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016bus.sys (MCCI Corporation)
DRV - (s0016mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016nd5.sys (MCCI Corporation)
DRV - (s0016obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016obex.sys (MCCI Corporation)
DRV - (s0016unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s0016unic.sys (MCCI Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com"
FF - prefs.js..keyword.URL: "http://search.live.c...FORM=MIMWA1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/13 22:01:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/13 19:26:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/06/18 19:43:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/02 17:37:24 | 00,000,000 | ---D | M]

[2009/07/13 20:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\mozilla\Firefox\Profiles\ix579lgl.default\extensions
[2006/01/23 17:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\mozilla\Firefox\Profiles\ix579lgl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2005/07/27 19:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\mozilla\Firefox\Profiles\ix579lgl.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/13 20:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\mozilla\Firefox\Profiles\ix579lgl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/07/24 14:38:35 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\FireFox\Profiles\ix579lgl.default\searchplugins\ask.uk.xml
[2009/07/13 20:49:08 | 00,003,915 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\FireFox\Profiles\ix579lgl.default\searchplugins\sweetim.xml
[2009/09/13 19:20:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/08/13 13:44:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/07/27 19:16:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions
[2005/07/27 19:16:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/07/17 20:06:00 | 00,041,578 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/07/17 20:06:00 | 00,048,228 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/07/17 20:06:00 | 00,160,876 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/06/20 15:46:26 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2005/07/17 20:06:00 | 00,017,028 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/18 19:43:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 19:43:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/07/17 20:06:00 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-uk.png
[2005/07/17 20:06:00 | 00,000,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-uk.src
[2005/07/17 20:06:00 | 00,000,557 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.png
[2005/07/17 20:06:00 | 00,000,664 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.src
[2005/07/17 20:06:00 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2005/07/17 20:06:00 | 00,001,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2005/07/17 20:06:00 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-uk.gif
[2005/07/17 20:06:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-uk.src
[2009/07/18 22:07:43 | 00,000,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2009/08/19 17:36:11 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2005/07/17 20:06:00 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/07/17 20:06:00 | 00,001,171 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (249881 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe (TLC Education Properties LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/18 21:10:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/18 21:10:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/18 21:10:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/18 21:10:22 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.tescophot...opcuploader.cab (Image Uploader 3.0 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/19 16:36:02 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/09/13 20:00:11 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/13 19:47:06 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/13 19:27:14 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/13 19:27:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/13 19:27:08 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/13 19:27:06 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/13 19:27:00 | 41,503,105 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/13 19:27:00 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/13 19:27:00 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/13 19:27:00 | 00,112,070 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/13 19:27:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/13 19:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/13 19:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/13 18:57:09 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/13 18:56:57 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/13 18:56:57 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/13 18:56:57 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/13 18:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/13 18:56:43 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/13 18:56:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/13 18:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\PC Tools
[2009/09/13 18:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/13 16:38:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/13 16:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/13 16:06:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
[2009/09/13 16:06:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/13 16:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/13 16:06:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/13 16:06:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/13 16:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/13 16:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/13 15:47:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/11 21:59:41 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ta Barber.doc
[2009/09/09 20:07:27 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Andrew and Fiona Barber.doc
[2006/08/21 22:40:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2006/08/21 22:39:13 | 00,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/04/12 21:33:42 | 00,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/01 09:58:10 | 00,000,861 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/01/23 17:11:17 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/23 17:11:16 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2005/11/05 22:47:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/01 07:38:32 | 00,003,929 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2005/08/07 01:24:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/30 09:24:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/07/30 09:03:54 | 00,003,007 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/07/27 14:59:59 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2005/07/27 14:59:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2005/07/27 14:59:53 | 00,000,936 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/07/27 14:59:50 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2005/07/27 14:59:50 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2005/07/27 14:25:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/07 22:09:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/07 21:38:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/07 21:38:08 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1995/03/22 00:00:00 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Andrew\My Documents\*.tmp files]
[2009/09/19 16:39:51 | 41,526,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/19 16:39:18 | 00,112,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/19 16:36:00 | 00,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058577064-1793899080-1911071176-1006UA.job
[2009/09/19 16:35:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2009/09/19 16:33:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/19 16:33:43 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{132F7F32-27A2-4212-93E1-7460FCDF9011}.job
[2009/09/19 16:32:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/19 16:31:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/19 16:31:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/19 16:31:33 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/18 20:00:00 | 00,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Andrew.job
[2009/09/18 17:36:03 | 00,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058577064-1793899080-1911071176-1006Core.job
[2009/09/15 17:36:46 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Google Chrome.lnk
[2009/09/13 22:02:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/13 21:51:25 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Microsoft Word.lnk
[2009/09/13 19:27:14 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/13 19:27:14 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/13 19:27:08 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/13 19:27:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/13 19:27:00 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/13 19:27:00 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/13 16:41:20 | 00,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/11 22:57:22 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Andrew and Fiona Barber.doc
[2009/09/11 22:02:54 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ta Barber.doc
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 21:07:04 | 00,049,880 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/30 13:44:01 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/24 14:05:06 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/23 21:15:10 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\spider.sav
[2009/08/21 18:29:00 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== LOP Check ==========

[2009/09/13 19:26:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/18 19:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/08/21 22:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2009/07/17 11:55:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/23 17:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2009/07/24 14:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/09/13 19:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/06/14 23:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/14 23:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/07/28 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/07/13 20:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2009/09/19 16:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/07/28 22:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/07/07 21:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/13 18:56:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew\Application Data
[2005/07/28 21:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\.bittorrent
[2006/08/21 22:41:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Andrew\Application Data\Broderbund
[2005/07/28 22:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CyberLink
[2006/05/16 10:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Jasc
[2005/07/28 21:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2005/07/28 22:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Ulead Systems
[2007/07/15 22:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
[2005/07/07 21:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\You've Got Pictures Screensaver
[2009/07/21 13:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/19 16:32:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/09/18 17:36:03 | 00,000,928 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1058577064-1793899080-1911071176-1006Core.job
[2009/09/19 16:36:00 | 00,000,980 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1058577064-1793899080-1911071176-1006UA.job
[2009/09/18 20:00:00 | 00,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Andrew.job
[2009/09/19 16:31:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/19 16:33:43 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{132F7F32-27A2-4212-93E1-7460FCDF9011}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



OTL Extras logfile created on: 19/09/2009 16:36:40 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.98 Mb Total Physical Memory | 454.61 Mb Available Physical Memory | 44.48% Memory free
1.91 Gb Paging File | 1.28 Gb Available in Paging File | 66.91% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.12 Gb Total Space | 100.17 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARBER
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1C53468E-02CD-4C5A-AC5D-6FDAC13662AB}" = MVCpromo
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CFE4799-CB85-456C-AABE-9BA2D02D81DB}" = Sky Broadband
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42C7A1F1-6986-41E6-B0C7-94657FE89301}" = Mavis Beacon Teaches Typing Deluxe 15
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Island 2
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8D3A4F50-B820-4A2D-8F6F-6514710B3BB9}" = BBC Bob The Builder
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA4E4163-4CE3-11D4-9532-005004039EB0}" = LEGO My World First Steps
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0BA581-E3EC-11D5-9194-00105A68CFFF}" = Learning Ladder 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D105DD85-0FC1-4FF2-A9D6-548E2559DF21}" = BBC Fimbles - Fimbling Fun!
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F5076EC4-1EE1-456D-8EC7-63E1684BB5D2}" = Little Robots - Making Friends
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"2G_1.0" = Jump Ahead 2000 Year 2 v1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AVG8Uninstall" = AVG Free 8.5
"DellSupport" = Dell Support 5.0.0 (630)
"FG_2.4" = Jump Ahead 2000 Year 1 v2.4
"Frankie's Animal Adventures" = Frankie's Animal Adventures
"Frankie's Scooter Scramble" = Frankie's Scooter Scramble
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JA2000SM_1.0" = Jump Ahead 2000 Starting Maths v1.0
"JABABY_1.0" = Jump Ahead Baby v1.0
"JAFR" = Jump Ahead French
"JAR1_1.0" = Jump Ahead Reading Year 1 v1.0
"JASR_1.0" = Jump Ahead Starting Reading v1.0
"JAY1M_1.3" = Jump Ahead 2000 Maths Year 1 v1.3
"JAY2M_1.3" = Jump Ahead 2000 Maths Year 2 v1.3
"JAY2R_1.0" = Jump Ahead 2000 Reading Year 2 v1.0
"Learning Ladder Year 4" = Learning Ladder Year 4
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MathMania KS2" = MathMania KS2
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monster Trucks Nitro Demo" = Monster Trucks Nitro Demo
"Mozilla Firefox (1.0.6)" = Mozilla Firefox (1.0.6)
"MS Flight Simulator" = Microsoft Flight Simulator for Windows 95
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"MyWebSearch bar Uninstall" = My Web Search (Smiley Central)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"Reader Rabbit Personalised Junior" = Reader Rabbit Personalised Junior
"Reader Rabbit Personalised Nursery" = Reader Rabbit Personalised Nursery
"RealPlayer 6.0" = RealPlayer Basic
"Scalextric Track Designer_is1" = Scalextric Track Designer v1.1.2
"ScienceMania KS2" = ScienceMania KS2
"Scooby-Doo™, Case File #1 The Glowing Bug Man" = Scooby-Doo™, Case File #1 The Glowing Bug Man
"Scooby-Doo™, Jinx At The Sphinx™" = Scooby-Doo™, Jinx At The Sphinx™
"Spyware Doctor" = Spyware Doctor 6.1
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SS2000_2.0" = Jump Ahead Starting School 2000 v2.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Ulead VideoStudio 9.0_is1" = Ulead VideoStudio 9.0 (all Languages)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winnie the Pooh Infants" = Disney's Winnie the Pooh Infants
"Winnie the Pooh Preschool" = Disney's Winnie the Pooh Preschool
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"tc09_bbc-UK_CBBC_MAIN" = Mountainbike Challenge 09 (CBBC)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/09/2009 11:47:02 | Computer Name = BARBER | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.41.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/09/2009 12:01:33 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 12:36:06 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 13:01:32 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 13:36:05 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 14:00:12 | Computer Name = BARBER | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.41.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/09/2009 14:01:32 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 14:24:16 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 14:30:17 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

Error - 13/09/2009 14:36:05 | Computer Name = BARBER | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 14/09/2009 12:15:55 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 15/09/2009 12:10:20 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 15/09/2009 12:10:20 | Computer Name = BARBER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 15/09/2009 12:10:20 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 16/09/2009 14:24:43 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 17/09/2009 06:42:19 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 17/09/2009 13:42:17 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 18/09/2009 11:49:41 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 19/09/2009 04:24:58 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 19/09/2009 11:33:07 | Computer Name = BARBER | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058


< End of report >



Malwarebytes' Anti-Malware 1.41
Database version: 2824
Windows 5.1.2600 Service Pack 3

19/09/2009 17:15:11
mbam-log-2009-09-19 (17-15-11).txt

Scan type: Quick Scan
Objects scanned: 104890
Time elapsed: 12 minute(s), 32 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 139
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 83

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00104131 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00104652 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001047F8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00104AB7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00104C2E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00104DB4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00609910.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00609AA6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (Trojan.Agent) -> Delete on reboot.




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/19 17:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE5AB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A37000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDAF1000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP643\A0103538.src
Status: Visible to the Windows API, but not on disk.

==EOF==

[SpySentinel]

Hi James,

You're welcome




Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
  PRC - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
  O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
  O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
  O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
  O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
  O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
  O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
  O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
  O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
  O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
  
  :Files
  C:\Documents and Settings\All Users\Application Data\Viewpoint
  C:\Program Files\MyWebSearch
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


Java 2 Runtime Environment, SE v1.4.2_03
My Way Search Assistant
My Web Search (Smiley Central)
Viewpoint Media Player





Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")