Jump to content


Photo
- - - - -

unable to remove mywebsearch toolbar

Started by achesoj, Jun 16 2012 01:57 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 16 June 2012 - 01:57 PM

I am working on a client's computer remotely, and I installed Emsisoft (which he is purchasing). One of his computers was loaded with malware, including the mywebsearch toolbar. When I click "Quarantine" or "Delete" nothing happens. I was hoping you could give me a way to remove the toolbar. (Please keep in mind, I am working remotely, and cannot disconnect the computer from the network and still work on it.)

Also, I had already installed Emsisoft, run the scan, and pressed quarantine before I realized this was going to be an issue. I thought the EEK scan and log might be less informative and possibly redundant, so I've attached the scan log from the actual program, not the EEK.

Attached Files


#2 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 16 June 2012 - 06:59 PM

The EAM quarantine log is not the log I need. I need the EAM scan log.

This is a client's system? As in they are paying you to remove the malware.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#3 JeanInMontana

JeanInMontana

    Malware Removal Team

  • Malware Removal Team
  • 333 posts
  • LocationSouth West Montana USA
  • OS:Windows 7
  • AV:Also run XP Home x32 laptop
  • HIPS:Online Armor, WinPatrol
  • Other:Avira free~WOT & A bit of common sense.

Posted 16 June 2012 - 10:52 PM

Why doesn't William come and seek help?
Malware Removal Specialist

Please do not PM me for help. Begin here

#4 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 18 June 2012 - 09:20 PM

I will get the other log in a little while and attach it. Regarding your other question, I will ask someone from Emsisoft to contact you.

#5 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 18 June 2012 - 11:24 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTLPRC - [2008/12/12 11:39:42 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXEO2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not foundO3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not foundO3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not foundO4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FA Reminder.lnk = C:\WINDOWS\Installer\{76DFE172-9A45-4A05-B9F1-22AD72C92277}\_166C426944DFE1D3967B3B.exe ()O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Reg Error: Value error. (Reg Error: Key error.)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37889.2941319444 (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O20 - Winlogon\Notify\RelevantKnowledge: DllName - (C:\Program Files\RelevantKnowledge\rlls.dll) -  File not foundO33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell - "" = AutoRunO33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell\AutoRun\command - "" = E:\autorun.exe[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]:Commands[Purity][EmptyTemp][EmptyFlash][EmptyJava][Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#6 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 19 June 2012 - 01:56 PM

I ran the fix. Unfortunately when I started it, it closed crossloop. By the time I was able to get back on, there were no logs. I asked the secretary about them and she said that there was nothing there when she arrived this morning. She also said the computer still isn't running well. I can try running another scan with emsisoft after they close today and see if the toolbar seems to still be there. Any other suggestions?

#7 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 June 2012 - 09:16 PM

The toolbar won't be gone completely. The fix just removed the pieces that start the toolbar. The rest will have to be removed, once you have access to the system again.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#8 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 23 June 2012 - 02:52 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#9 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 July 2012 - 12:47 PM

Thread opened at original posters request.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#10 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 17 July 2012 - 03:26 PM

Thanks. The computer is still running slowly and freezing up occasionally. I realize you said that there would be more steps involved for a complete removal of mywebsearch. I have the logs from EAM and HiJackthis. Would you like me to create a new OTL log, or post these logs?

#11 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 July 2012 - 03:52 PM

I did not ask you to run HijackThis. You shouldn't be using HijackThis on a system with Windows 7 installed.

Attach logs from EAM and OTL.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#12 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 19 July 2012 - 01:08 AM

The computer is running XP. But just out of curiosity, why is hijackthis not good for windows 7?
I didn't get an extras file for some reason. I searched the system for it, but nothing there.
Sorry about that. I know that at least one of these logs may seem useless right now, but
I might have some more questions once we get the first issue taken care of if you don't mind.

thank you for your help.


OTL logfile created on: 7/18/2012 7:39:14 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

750.73 Mb Total Physical Memory | 439.49 Mb Available Physical Memory | 58.54% Memory free
1.17 Gb Paging File | 0.60 Gb Available in Paging File | 51.50% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 19.15 Gb Free Space | 51.39% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WebVaccine\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\WebVaccine\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe (CrossLoop)
PRC - C:\Program Files\FastAttach\NEA\NEATaskbar.exe ()
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop vnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe (Patterson Dental Supply, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\FastAttach\NEA\NEATaskbar.exe ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\screenhooks.dll ()


========== Win32 Services (SafeList) ==========

SRV - (OneStep Search Service) -- C:\Program Files\OneStepSearch\onestep.exe C:\Program Files\OneStepSearch\onestep.dll Service File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files\WebVaccine\a2service.exe (Emsisoft GmbH)
SRV - (CrossLoopService) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe (CrossLoop)
SRV - (tvnserver) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop vnserver.exe (GlavSoft LLC.)
SRV - (ESCameraService) -- C:\Program Files\EagleSoft\Shared Files\ESCameraService.exe ()
SRV - (NetSvc) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (MtxVideo) -- System32\DRIVERS\MtxVideo.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (Changer) -- File not found
DRV - (a2acc) -- C:\Program Files\WebVaccine\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\WebVaccine\a2dix86.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files\WebVaccine\a2ddax86.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files\WebVaccine\a2util32.sys (Emsi Software GmbH)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (Winachcf) -- C:\WINDOWS\system32\drivers\winachcf.sys (Conexant)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409}: "URL" = http://www.onestepse...ds={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...or={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {009605E6-56DA-4A38-AABE-0C0A11FBD902}
IE - HKCU\..\SearchScopes\{009605E6-56DA-4A38-AABE-0C0A11FBD902}: "URL" = http://www.google.co...1I7ADRA_enUS370
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30F66AB5-2ECC-46B0-98C5-D9AC743C11B4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409}: "URL" = http://www.onestepse...ds={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupon...&q={searchTerms}
IE - HKCU\..\SearchScopes\{ABCBF769-A765-4F25-AF2C-1EC2A900E895}: "URL" = http://websearch.ask...8A-36C96D04CC83
IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com...g=2-114-0-1HCVK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)



O1 HOSTS File: ([2005/07/29 14:39:44 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar bcore3.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar bcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar bcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\webvaccine\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [ESInetConnect] C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe (Patterson Dental Supply, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService vnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [CrossLoop] C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FA Reminder.lnk = C:\WINDOWS\Installer\{76DFE172-9A45-4A05-B9F1-22AD72C92277}\_166C426944DFE1D3967B3B.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZU File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1173736256921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1173736244187 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7889.2941319444 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pattersonsup...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90729DE9-C962-4C64-B7DC-CBFE5060F61F}: NameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - (C:\Program Files\RelevantKnowledge\rlls.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/14 03:57:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell - "" = AutoRun
O33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c345955a-8e04-11e1-beb4-0002b3d10eb9}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 19:37:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/07/16 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/16 18:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2012/07/12 13:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/07/12 13:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/06/26 16:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/06/26 16:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2012/06/26 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/26 16:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/06/26 16:23:54 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/26 16:23:54 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/26 16:23:54 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/26 16:23:54 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/26 16:23:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/26 16:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/19 18:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2012/06/18 20:36:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2009/01/07 17:34:57 | 000,036,864 | ---- | C] (WebEx Communications, Inc) -- C:\Documents and Settings\Administrator\atwbxdet.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 19:45:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS asks\Scheduled Update for Ask Toolbar.job
[2012/07/18 19:37:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/07/18 19:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS asks\Adobe Flash Player Updater.job
[2012/07/18 18:51:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineUA.job
[2012/07/18 13:51:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineCore.job
[2012/07/17 07:29:58 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Payment Browser.lnk
[2012/07/16 18:46:27 | 000,010,568 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hijackthis log 7-16
[2012/07/16 18:45:51 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/07/12 13:14:34 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2012/07/12 11:30:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 11:30:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/12 03:16:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/12 03:16:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/07/12 03:16:46 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FA Reminder.lnk
[2012/07/12 03:16:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/12 03:16:29 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 18:20:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/02 15:03:09 | 000,006,524 | ---- | M] () -- C:\WINDOWS\System32\ESDictionary.dic
[2012/06/29 12:04:13 | 000,468,759 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\logo.mht
[2012/06/28 08:53:27 | 000,122,419 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MacKenzie LeCroy.pdf
[2012/06/27 12:40:50 | 003,240,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\logo_for_delayed_tx.bmp
[2012/06/26 16:34:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/06/26 16:23:28 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/26 16:23:28 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/26 16:23:28 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/26 16:23:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/26 16:23:26 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/26 16:23:26 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/06/26 07:58:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/26 07:58:54 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2012/06/25 16:36:01 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FREE Trial version of CAESY Patient Education.lnk
[2012/06/21 09:51:51 | 000,211,502 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CoryWilliams%20LOGO%20FINAL[1].JPG
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/16 18:46:27 | 000,010,568 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hijackthis log 7-16
[2012/07/16 18:45:29 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/07/12 13:14:33 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2012/06/29 12:04:11 | 000,468,759 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\logo.mht
[2012/06/28 08:52:58 | 000,122,419 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MacKenzie LeCroy.pdf
[2012/06/27 12:40:50 | 003,240,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\logo_for_delayed_tx.bmp
[2012/06/26 16:34:37 | 000,000,250 | ---- | C] () -- C:\WINDOWS asks\Scheduled Update for Ask Toolbar.job
[2012/06/25 16:36:01 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FREE Trial version of CAESY Patient Education.lnk
[2012/06/21 09:51:51 | 000,211,502 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CoryWilliams%20LOGO%20FINAL[1].JPG
[2012/06/16 04:53:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 08:00:28 | 000,523,814 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2027339946-3660946461-3242847100-500-0.dat
[2012/03/29 03:23:48 | 000,174,334 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/16 10:39:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/05/11 10:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iphist.dat
[2011/05/11 10:58:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011/05/11 10:58:39 | 009,990,144 | ---- | C] () -- C:\WINDOWS\System32\XCClient.dll
[2009/08/17 14:52:51 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Administrator\iphist.dat
[2008/01/03 17:11:02 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Administrator\neacomm.ini
[2007/04/11 15:48:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/07/19 13:04:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/23 11:47:48 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2003/10/01 17:13:02 | 000,176,618 | ---- | C] () -- C:\Documents and Settings\Administrator\~
[2003/09/08 07:41:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Administrator\EsUninstLog.Err

========== LOP Check ==========

[2007/06/25 10:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FunWebProducts
[2006/12/19 16:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/03/02 17:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2006/07/17 11:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Walgreens
[2012/06/26 16:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2009/07/29 12:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Commerce Solutions
[2011/03/24 16:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/07/18 19:45:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >

Emsisoft Anti-Malware - Version 6.6
IDS log
Date PID Source Event Behavior/Infection
7/3/2012 8:05:16 AM 1664 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
7/3/2012 8:05:16 AM 1664 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
7/2/2012 7:56:46 AM 2428 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
7/2/2012 7:56:45 AM 2428 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
6/29/2012 8:25:22 AM 3136 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
6/29/2012 8:25:21 AM 3136 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
6/28/2012 7:23:29 AM 2868 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
6/28/2012 7:23:28 AM 2868 C:\Program Files\Internet Explorer\iexplore.exe Blocked by rule APNMEDIA.ASK.COM
6/19/2012 10:36:20 AM 2592 C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe Allowed by user Behavior.Spyware
6/19/2012 10:36:14 AM 2592 C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe Allowed by user Behavior.TrojanDownloader
6/18/2012 9:22:30 AM 2380 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Undefined event Behavior.RemoteControl
6/18/2012 9:15:56 AM 2380 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.Backdoor
6/18/2012 9:15:48 AM 2380 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.NewProcess
6/18/2012 8:12:23 AM 4004 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.Backdoor
6/18/2012 8:11:50 AM 4004 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.NewProcess
6/18/2012 8:09:28 AM 3644 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.Backdoor
6/18/2012 8:08:45 AM 3644 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by rule Behavior.NewProcess
6/18/2012 8:08:18 AM 3192 C:\Program Files\PaymentBrowser.com\Payment Browser\gatewaycc3.exe Allowed by user Behavior.Backdoor
6/16/2012 7:29:56 AM 3024 C:\Documents and Settings\Administrator\Local Settings\Temp\gus78D.tmp Allowed by user Behavior.AutorunCreation

Emsisoft Anti-Malware - Version 6.6
quarantine log
Date Source Event Behavior/Infection
6/16/2012 7:04:53 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 7:04:54 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:08:02 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:09:50 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:10:04 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:10:25 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:08:00 AM Key: hkey_local_machine\system\currentcontrolset\enum\root\legacy_mywebsearchservice Moved to quarantine Trace.Registry.funwebproducts!E1
6/16/2012 6:12:26 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:10:35 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:08:31 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:09:49 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:12:26 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:08:32 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:08:01 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:10:36 AM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/16/2012 6:10:24 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:10:03 AM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/16/2012 6:08:00 AM Key: hkey_local_machine\system\currentcontrolset\enum\root\legacy_mywebsearchservice Moved to quarantine Trace.Registry.funwebproducts!E1
6/16/2012 6:07:59 AM C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE Moved to quarantine Adware.Win32.MyWebSearch!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{a6573479-9075-4a65-98a6-19fd29cf7374}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddyfreqnone Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root ypelib\{29d67d3c-509a-4544-903f-c8c1b8236554} Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin --> description Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.popswatterbarbutton Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearch.outlookaddin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> sr Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.0.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.killerobjmanager.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall --> uninstallstring Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows5 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> msimn.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\mywebsearch\bar --> configrevisionurl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> pid Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:13 PM Value: hkey_classes_root\clsid\{00a6faf1-072e-44cf-8957-5838f569a31d}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:22 PM Value: hkey_classes_root\wusn.1 --> wusn_id Moved to quarantine Trace.Registry.whenu.savenow!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.historykillerscheduler.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> googletalkhtml.0 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> cachedir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\fun web products\settings\cursormaniabtn --> etag Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> lastrequest Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.iecookiesmanager.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall --> publisher Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> msnmsgr.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.iecookiesmanager.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg --> path Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a6faf1-072e-44cf-8957-5838f569a31d} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:06 PM Key: hkey_local_machine\software\classes\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:33 PM Value: hkey_current_user\software\microsoft\internet explorer\urlsearchhooks --> {00a6faf6-072e-44cf-8957-5838f569a31d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> pl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:42 PM Key: hkey_local_machine\software\funwebproducts Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> checkforconnection Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.popswattersettingscontrol.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aimt.numactive2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> eintl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:13 PM Value: hkey_local_machine\software\divxnetworks\divx player 2.0 --> skinsdir Moved to quarantine Trace.Registry.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.pseudotransparentplugin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\mwsoemon --> version Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:23 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar --> urlinfoabout Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{3e720451-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows media\wmsdk\sources --> f3popularscreensavers Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin --> loadbehavior Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root\screensavercontrol.screensaverinstaller Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\fun web products\msnmessenger --> dllfile Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearchtoolbar.settingsplugin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{07b18eab-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\office\word\addins\mywebsearch.outlookaddin --> description Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\myfuncardsimbtn --> htmlmenurevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.popswattersettingscontrol Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearchtoolbar.toolbarplugin.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> nextrequest Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:19 PM Value: hkey_local_machine\software\classes\clsid\{3e720452-b472-4954-b7aa-33069eb53906}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:42 PM Key: hkey_local_machine\system\currentcontrolset\enum\root\legacy_mywebsearchservice Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.historykillerscheduler.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:13 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}\ Moved to quarantine Trace.Registry.filesubmit.a!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> sr Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{a6573479-9075-4a65-98a6-19fd29cf7374}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:13 PM Value: hkey_classes_root\clsid\{07b18ea9-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\code store database\distribution units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}\downloadinformation --> inf Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{a9571378-68a1-443d-b082-284f960c6d17} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> lsp Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> abs Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\freeze.com\ Moved to quarantine Trace.Registry.freeze!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> incmail.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> id Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> dir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.pseudotransparentplugin.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg --> standardsmileydir.aim Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:12 PM Key: hkey_current_user\software\freeze.com\ Moved to quarantine Trace.Registry.freeze!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{25560540-9571-4d7b-9389-0f166788785a}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> visible Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> boscript Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:13 PM Value: hkey_local_machine\software\divxnetworks\divx player 2.0 --> applicationdir Moved to quarantine Trace.Registry.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearchtoolbar.toolbarplugin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddytextuninstalled.0 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aimt.0 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> dir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{a9571378-68a1-443d-b082-284f960c6d17} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.htmlmenu Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> pl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> mwssrcas.dll Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:28 PM Key: hkey_classes_root\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.htmlpanel.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:28 PM Key: hkey_classes_root\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\funwebproducts\installer --> curinstall Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearch.outlookaddin.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:28 PM Key: hkey_classes_root\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:06 PM Key: hkey_local_machine\software\classes\clsid\{07b18ea9-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\skintools --> playerpath Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.htmlmenu.2 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\mywebsearch\bar --> cachedir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall --> urlinfoabout Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{d778513b-1c40-4819-b0c5-49e40b39afd0}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\interface\{07b18eac-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar --> displayname Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\code store database\distribution units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}\installedversion --> lastmodified Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.popswatterbarbutton.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root ypelib\{f42228fb-e84e-479e-b922-fbbd096e792c} Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> aim.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:22 PM Value: hkey_local_machine\software\classes\clsid\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> pl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.2.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg --> version Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.outlookaddin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Key: hkey_local_machine\software\search toolbar Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:13 PM Value: hkey_classes_root\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearchtoolbar.settingsplugin.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:05 PM Key: hkey_local_machine\software rymedia systems\activemark software Moved to quarantine Trace.Registry.trymedia!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> pluginpath Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\outlook --> mywebsearch.outlookaddin Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearchtoolbar.settingsplugin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:33 PM Key: hkey_classes_root ypelib\{e47caee0-deea-464a-9326-3f2801535a4d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.historykillerscheduler Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:33 PM Key: hkey_local_machine\software\mywebsearch Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddytextuninstalled.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\code store database\distribution units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}\downloadinformation --> codebase Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\smileycentralbtn --> htmlmenuposdeleted Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{b813095c-81c0-4e40-aa14-67520372b987} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{3e720453-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{84da4fdf-a1cf-4195-8688-3e961f505983}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\email-im\0 --> toolbar Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:33 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:19 PM Value: hkey_local_machine\software\classes\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\email-im\0 --> path Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:22 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\search toolbar --> changed Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> ssclabel Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\mywebsearch.chatsessionplugin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:06 PM Key: hkey_local_machine\software\classes\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:22 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\search toolbar --> slowinfocache Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{a9571378-68a1-443d-b082-284f960c6d17}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall --> helplink Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:05 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} Moved to quarantine Trace.Registry.cleannoptimize!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{84da4fdf-a1cf-4195-8688-3e961f505983}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.datacontrol Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> googletalkhtml.1 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin --> friendlyname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.historyswattercontrolbar Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:22 PM Key: hkey_classes_root\wusn.1 Moved to quarantine Trace.Registry.whenusave!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.3.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:06 PM Key: hkey_local_machine\software\classes\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\cursormaniabtn --> lasthtmlmenuurl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> settingsdir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall --> displayname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> icq.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\mywebsearch.htmlpanel Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:13 PM Value: hkey_classes_root\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:33 PM Value: hkey_current_user\software\fun web products\data --> datadir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> des Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.4.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aim.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{25560540-9571-4d7b-9389-0f166788785a} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:06 PM Value: hkey_local_machine\software\classes\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.els.mywebtattoo.com!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> waol.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\myfuncardsimbtn --> etag Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.htmlmenu.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows7 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows3 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.numactive2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:06 PM Value: hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.els.mywebtattoo.com!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{b813095c-81c0-4e40-aa14-67520372b987}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.killerobjmanager Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> outlook.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:33 PM Value: hkey_current_user\software\microsoft\internet explorer\searchscopes\{56256a51-b582-467e-b8d4-7786eda79ae0} --> displayname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> ypager.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:42 PM Value: hkey_local_machine\software\freeze.com\installer --> id Moved to quarantine Trace.Registry.ez game cheats!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aimt.1 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows4 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aim.numactive2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearch.pseudotransparentplugin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.popswatterbarbutton Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:27 PM Key: hkey_classes_root\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:06 PM Value: hkey_local_machine\software\classes\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c} --> appid Moved to quarantine Trace.Registry.els.mywebtattoo.com!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar --> displayversion Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> htmlmenurevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:33 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> msn.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.historyswattercontrolbar.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> lastconfigrequest Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\cursormaniabtn --> htmlmenurevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:06 PM Key: hkey_current_user\software\fun web products Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:33 PM Key: hkey_current_user\software\mywebsearch Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> configdatestamp Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:18 PM Value: hkey_local_machine\software\classes\clsid\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root\screensavercontrol.screensaverinstaller.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> msmsgs.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\mywebsearch\bar --> configrevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> msn.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearchtoolbar.toolbarplugin.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\fun web products\screensaver --> imagesdir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> historydir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\fun web products --> cachedir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\system\currentcontrolset\services\mywebsearchservice Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> curinstall Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> mywebsearch plugin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> msn.2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.htmlmenu.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\smileycentralbtn --> etag Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:13 PM Value: hkey_local_machine\software\divxnetworks\divx player 2.0 --> installdir Moved to quarantine Trace.Registry.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{b813095c-81c0-4e40-aa14-67520372b987}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.1.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{b813095c-81c0-4e40-aa14-67520372b987} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearch.htmlpanel.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{07b18ea9-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:22 PM Value: hkey_local_machine\software\classes\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.widomaker toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aim.0.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddytextnone.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows6 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> msn.1 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearch.htmlpanel Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> curinstall Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\email-im\0 --> appname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:22 PM Value: hkey_classes_root\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.widomaker toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddytextnone.0 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\internet explorer\searchscopes\{56256a51-b582-467e-b8d4-7786eda79ae0} --> displayname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\office\word\addins\mywebsearch.outlookaddin --> loadbehavior Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.outlookaddin.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{a9571378-68a1-443d-b082-284f960c6d17}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.popswatterbarbutton.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.datacontrol.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\internet explorer\searchscopes\{56256a51-b582-467e-b8d4-7786eda79ae0} --> url Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:27 PM Key: hkey_classes_root\interface\{120927bf-1700-43bc-810f-fab92549b390} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\mywebsearch\bar --> configdatestamp Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.htmlmenu.2 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> buddyfrequninstalled Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> flags Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:27 PM Key: hkey_classes_root\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> mywebsearch email plugin Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{991aac62-b100-47ce-8b75-253965244f69} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.popswattersettingscontrol Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.htmlmenu Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:06 PM Key: hkey_local_machine\software\classes\clsid\{00a6faf1-072e-44cf-8957-5838f569a31d} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_current_user\software\microsoft\internet explorer\searchscopes\{56256a51-b582-467e-b8d4-7786eda79ae0} --> url Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearchtoolbar.toolbarplugin Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\focusinteractive\bar\switches --> icqlite.exe Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.popswattersettingscontrol.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.historyswattercontrolbar Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:05 PM Key: hkey_local_machine\software rymedia systems Moved to quarantine Trace.Registry.trymedia!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{07b18ea0-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> googletalkhtml.numactive2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\promos --> msn.numactive2 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.historyswattercontrolbar.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:28 PM Key: hkey_classes_root\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.iecookiesmanager Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.killerobjmanager Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> un Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> nextconfigrequest Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:37:01 PM c:\program files\mywebsearch\bar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\office\word\addins\mywebsearch.outlookaddin --> friendlyname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{3e720450-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:27 PM Key: hkey_classes_root\interface\{1f52a5fa-a705-4415-b975-88503b291728} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aim.1.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> pid Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\clsid\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:05 PM Value: hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c} --> appid Moved to quarantine Trace.Registry.els.mywebtattoo.com!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> id Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_local_machine\software\fun web products\msnmessenger --> dlldir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar --> uninstallstring Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{25560540-9571-4d7b-9389-0f166788785a} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\mywebsearchtoolbar.settingsplugin.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:17 PM Value: hkey_local_machine\software\classes\clsid\{25560540-9571-4d7b-9389-0f166788785a}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:34 PM Value: hkey_current_user\software\mywebsearch\bar --> menuextlabel Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\code store database\distribution units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} --> installer Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> sscset Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{3e720452-b472-4954-b7aa-33069eb53906}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\microsoft\code store database\distribution units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} --> systemcomponent Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\fun web products --> jpegconversionlib Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:19 PM Value: hkey_local_machine\software\classes\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> dir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:16 PM Value: hkey_classes_root\clsid\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:33 PM Key: hkey_local_machine\software\microsoft\office\word\addins\mywebsearch.outlookaddin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\myfuncardsimbtn --> lasthtmlmenuurl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> esh Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:51 PM c:\program files\mywebsearch Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\smileycentralbtn --> htmlmenurevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:16 PM Value: hkey_local_machine\software\classes\clsid\{00a6faf1-072e-44cf-8957-5838f569a31d}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\smileycentralbtn --> lasthtmlmenuurl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root ypelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:42 PM Key: hkey_local_machine\software\fun web products Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\funwebproducts.historykillerscheduler Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:33 PM Key: hkey_local_machine\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{d778513b-1c40-4819-b0c5-49e40b39afd0}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{07b18eab-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\searchassistant --> sr Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\mywebsearch.chatsessionplugin.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> yahoo.5.old Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> sscurl Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:37:09 PM C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE File locked, removal on reboot Adware.Win32.MyWebSearch!E1
6/15/2012 11:37:09 PM C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL File not found Adware.Win32.MyWebSearch!E1
6/15/2012 11:37:08 PM C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL File not found Adware.Win32.MyWebSearch!E1
6/15/2012 11:37:08 PM C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOEMON.EXE File locked, removal on reboot Adware.Win32.MyWebSearch!E1
6/15/2012 11:37:07 PM c:\program files\funwebproducts Moved to quarantine Trace.File.funwebproducts!E1
6/15/2012 11:37:07 PM c:\program files\search toolbar Moved to quarantine Trace.File.huntbar.stoolbar!E1
6/15/2012 11:37:07 PM c:\program files\mywebsearch\bar\1.bin\f3brovly.dll Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:06 PM c:\program files\mywebsearch\srchastt Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:06 PM c:\program files\mywebsearch\bar\settings Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:06 PM c:\program files\mywebsearch\bar\history Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:05 PM c:\program files\mywebsearch\bar\game Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:04 PM c:\program files\mywebsearch\bar\cache Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:04 PM c:\program files\mywebsearch\bar\avatar Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:03 PM c:\program files\mywebsearch\bar\1.bin Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:37:00 PM c:\program files\funwebproducts\shared\cache Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:36:59 PM c:\program files\funwebproducts\shared Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:36:59 PM c:\program files\funwebproducts\screensaver\images Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:36:59 PM c:\program files\funwebproducts\screensaver Moved to quarantine Trace.File.mywebsearch toolbar!E1
6/15/2012 11:36:59 PM c:\windows\system32\f3pssavr.scr Moved to quarantine Trace.File.mywebsearchtoobar!E1
6/15/2012 11:36:51 PM c:\program files\yourscreen\freeze.desktopmanager.browserhelper.dll Moved to quarantine Trace.File.your screen!E1
6/15/2012 11:36:50 PM c:\program files\yourscreen Moved to quarantine Trace.File.your screen!E1
6/15/2012 11:36:47 PM c:\program files\mywebsearch\bar\notifier Moved to quarantine Trace.File.zwinky toolbar!E1
6/15/2012 11:36:47 PM c:\program files\mywebsearch\bar\message Moved to quarantine Trace.File.zwinky toolbar!E1
6/15/2012 11:36:47 PM c:\program files\relevantknowledge\ Moved to quarantine Trace.File.filesubmit.a!E1
6/15/2012 11:36:46 PM c:\program files\freeze.com Moved to quarantine Trace.File.freeze!E1
6/15/2012 11:36:46 PM c:\program files\free offers from freeze.com Moved to quarantine Trace.File.freeze!E1
6/15/2012 11:36:45 PM c:\program files\free offers from freeze.com\ Moved to quarantine Trace.File.freeze!E1
6/15/2012 11:36:44 PM c:\program files\relevantknowledge Moved to quarantine Trace.File.relevantknowledge!E1
6/15/2012 11:36:44 PM c:\program files\divx\divx player 2.0 alpha\skins\default.dps Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:43 PM c:\program files\divx\divx player 2.0 alpha\readme.txt Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:43 PM c:\program files\divx\divx player 2.0 alpha\license.txt Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:42 PM c:\program files\divx\divx player 2.0 alpha\divx player 2.0 alpha.exe Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:42 PM c:\program files\divx\divx player 2.0 alpha\divxplayer.dbf Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:42 PM c:\program files\divx\divx player 2.0 alpha\divx.com.url Moved to quarantine Trace.File.divx 5.0.3 pro bundle!E1
6/15/2012 11:36:42 PM Key: hkey_local_machine\software\fun web products Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:41 PM Key: hkey_classes_root\funwebproducts.historykillerscheduler.1 Moved to quarantine Trace.Registry.funwebproducts!E1
6/15/2012 11:36:40 PM Value: hkey_local_machine\software\mywebsearch\oehosts --> windows3 Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:39 PM Value: hkey_local_machine\software\mywebsearch\mwsoeplg\promo --> aim.numactive Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:38 PM Value: hkey_local_machine\software\mywebsearch\bar --> curinstall Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:37 PM Value: hkey_local_machine\software\microsoft\office\word\addins\mywebsearch.outlookaddin --> friendlyname Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:36 PM Value: hkey_local_machine\software\fun web products --> cachedir Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:35 PM Value: hkey_local_machine\software\fun web products\settings\cursormaniabtn --> htmlmenurevision Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:34 PM Value: hkey_current_user\software\microsoft\internet explorer\searchscopes\{56256a51-b582-467e-b8d4-7786eda79ae0} --> url Moved to quarantine Trace.Registry.mywebsearch toolbar!E1
6/15/2012 11:36:33 PM Key: hkey_classes_root ypelib\{e47caee0-deea-464a-9326-3f2801535a4d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:32 PM Key: hkey_classes_root\screensavercontrol.screensaverinstaller.1 Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:31 PM Key: hkey_classes_root\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:30 PM Key: hkey_classes_root\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:29 PM Key: hkey_classes_root\interface\{3e720451-b472-4954-b7aa-33069eb53906} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:28 PM Key: hkey_classes_root\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:27 PM Key: hkey_classes_root\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:26 PM Key: hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:25 PM Key: hkey_classes_root\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:24 PM Key: hkey_classes_root\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Moved to quarantine Trace.Registry.mywebsearchtoobar!E1
6/15/2012 11:36:23 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\search toolbar Moved to quarantine Trace.Registry.searchtoolbar!E1
6/15/2012 11:36:22 PM Value: hkey_local_machine\software\classes\clsid\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:21 PM Value: hkey_local_machine\software\classes\clsid\{a6573479-9075-4a65-98a6-19fd29cf7374}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:20 PM Value: hkey_local_machine\software\classes\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:19 PM Value: hkey_local_machine\software\classes\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:18 PM Value: hkey_local_machine\software\classes\clsid\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:17 PM Value: hkey_local_machine\software\classes\clsid\{25560540-9571-4d7b-9389-0f166788785a}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:16 PM Value: hkey_classes_root\clsid\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:15 PM Value: hkey_classes_root\clsid\{84da4fdf-a1cf-4195-8688-3e961f505983}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:14 PM Value: hkey_classes_root\clsid\{07b18eab-a523-4961-b6bb-170de4475cca}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.zwinky toolbar!E1
6/15/2012 11:36:13 PM Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}\ Moved to quarantine Trace.Registry.filesubmit.a!E1
6/15/2012 11:36:12 PM Key: hkey_current_user\software\freeze.com\ Moved to quarantine Trace.Registry.freeze!E1
6/15/2012 11:36:11 PM Key: hkey_local_machine\software\classes\mywebsearch.htmlpanel.1 Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:10 PM Key: hkey_local_machine\software\classes\funwebproducts.iecookiesmanager Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:09 PM Key: hkey_local_machine\software\classes\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:08 PM Key: hkey_local_machine\software\classes\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:07 PM Key: hkey_local_machine\software\classes\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Moved to quarantine Trace.Registry.mywebsearch!E1
6/15/2012 11:36:06 PM Value: hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}\inprocserver32 --> threadingmodel Moved to quarantine Trace.Registry.els.mywebtattoo.com!E1
6/15/2012 11:36:05 PM Key: hkey_local_machine\software rymedia systems Moved to quarantine Trace.Registry.trymedia!E1
6/15/2012 11:36:05 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlservice.exe Moved to quarantine Adware.RelevantKnowledge.bq!E2
6/15/2012 11:36:04 PM C:\WINDOWS\Temp\~os5.tmp\rlservice.exe Moved to quarantine Adware.RelevantKnowledge.bq!E2
6/15/2012 11:36:04 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCC.tmp\rlls64.dll Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:04 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCC.tmp\rlvknlg64.exe Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:03 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlvknlg64.exe Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:03 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlls64.dll Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:03 PM C:\WINDOWS\Temp\~os5.tmp\rlvknlg64.exe Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:02 PM C:\WINDOWS\Temp\~os5.tmp\rlls64.dll Moved to quarantine Riskware.WebToolbar.Win64!E2
6/15/2012 11:36:02 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlxg.dll Moved to quarantine Gen.AdWare!E2
6/15/2012 11:36:02 PM C:\Program Files\RelevantKnowledge\components\rlxg.dll Moved to quarantine Gen.AdWare!E2
6/15/2012 11:36:01 PM C:\WINDOWS\Temp\~os5.tmp\rlxg.dll Moved to quarantine Gen.AdWare!E2
6/15/2012 11:36:01 PM C:\WINDOWS\Temp\~os2.tmp\OSSService.exe Moved to quarantine Riskware.AdWare.Win32.RK!E2
6/15/2012 11:36:01 PM C:\WINDOWS\Temp\~os2F.tmp\OSSService.exe Moved to quarantine Riskware.AdWare.Win32.RK!E2
6/15/2012 11:36:00 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlvknlg.exe Moved to quarantine Riskware.AdWare.RelevantKnowledge!E2
6/15/2012 11:36:00 PM C:\Program Files\RelevantKnowledge\RLLS.VIR Moved to quarantine Riskware.AdWare.RelevantKnowledge!E2
6/15/2012 11:35:59 PM C:\WINDOWS\Temp\~os5.tmp\rlvknlg.exe Moved to quarantine Riskware.AdWare.RelevantKnowledge!E2
6/15/2012 11:35:59 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlph.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:59 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlxf.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:58 PM C:\Documents and Settings\Administrator\Local Settings\Temp\~osCF.tmp\rlls.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:58 PM C:\WINDOWS\Temp\~os5.tmp\rlxf.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:58 PM C:\WINDOWS\Temp\~os5.tmp\rlls.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:57 PM C:\WINDOWS\Temp\~os5.tmp\rlph.dll Moved to quarantine Adware.Win32.Agent!E1
6/15/2012 11:35:56 PM C:\Program Files\EagleSoft\Shared Files\PINPadDevice.dll Moved to quarantine Virus.Win32.Parite!E2
6/15/2012 11:35:56 PM C:\WINDOWS\system32\PINPadDevice.dll Moved to quarantine Virus.Win32.Parite!E2
6/15/2012 11:35:55 PM C:\Program Files\OneStepSearch\osopt.exe Moved to quarantine Riskware.AdWare.Win32.OneStep!E2
6/15/2012 11:35:55 PM C:\Program Files\OneStepSearch\onestep.exe Moved to quarantine Riskware.AdWare.Win32.OneStep!E2
6/15/2012 11:35:55 PM C:\Program Files\OneStepSearch\uninstall.exe Moved to quarantine AdWare.OneStep!E2
6/15/2012 11:35:55 PM C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:54 PM C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:54 PM C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:54 PM C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:54 PM C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:54 PM C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:53 PM C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:53 PM C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL Moved to quarantine Adware.Win32.MyWebSearchToolbar!E1
6/15/2012 11:35:53 PM C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Moved to quarantine Riskware.WebToolbar.Win32.MyWebSearch.ed!E1
6/15/2012 11:35:53 PM C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE Moved to quarantine Adware.Win32.FunWeb!E1
6/15/2012 11:35:52 PM C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Moved to quarantine Adware.Win32.FunWeb!E1
6/15/2012 11:35:52 PM C:\Program Files\Internet Explorer\msimg32.dll Moved to quarantine Adware.Win32.Toolbar.MyWebSearch.AMN!E1
6/15/2012 11:35:52 PM C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL Moved to quarantine Adware.Win32.Toolbar.MyWebSearch.AMN!E1
6/15/2012 11:35:52 PM C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL Moved to quarantine Riskware.WebToolbar.Win32.MyWebSearch!E2
6/15/2012 11:35:51 PM C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Moved to quarantine Riskware.AdTool.Win32.MyWebSearch!E1

#13 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 July 2012 - 01:24 AM

Do not copy & paste logs to any of your replies, you were told at the very start of this thread not to copy & paste logs. All you are doing is increasing the load time of the thread and cluttering search engines with useless information.

HijackThis is not compatible with any 64-bit version of Windows. Windows 7 64-bit is the default factory install on new PCs.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#14 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 21 July 2012 - 03:39 PM

I won't be able to get back on that system until Monday. I will do as you've asked then.
Sorry about the pasting. I didn't see a way to attach the files. I'm assuming I use My Media?

#15 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 21 July 2012 - 03:40 PM

Never mind. I see the instructions.

#16 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 22 July 2012 - 02:51 AM

I'll be waiting for the log when it is ready.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#17 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 24 July 2012 - 04:27 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#18 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 24 July 2012 - 04:43 PM

Thread opened at original posters request.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#19 achesoj

achesoj

    New Member

  • Members
  • Pip
  • 9 posts
  • OS:Windows 7 x64
  • AV:Emsisoft

Posted 26 July 2012 - 01:28 AM

sorry about the delay again. The receptionist has forgotten to allow access to the computer the last couple of nights.

#20 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 26 July 2012 - 02:23 AM

Whenever you are ready, I 'll be here.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#21 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 29 July 2012 - 05:34 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#22 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 31 July 2012 - 04:24 PM

Support thread opened by original posters request.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#23 ShadowPuterDude

ShadowPuterDude

    Malware Removal Team Lead

  • Emsisoft Employee
  • 9468 posts
  • LocationDepauville, NY, USA
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 08 August 2012 - 08:05 PM

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Kevin Zoll [Malware Removal Team Lead]
Emsisoft Team - www.emsisoft.com

 

If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

Back to Help, my PC is infected!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Emsisoft Support Forums
  2. Malware Research Center
  3. Help, my PC is infected!
  4. Privacy Policy
  5. Terms of Use ·